Security Advisories

All Advisories

 Subscribe to our Security Advisories Mailing List and receive Security Bulletins via E-Mail

  • TYPO3-20051114-7: TYPO3 Security Bulletin

    Categories: TYPO3 CMS
    Advisory type: Security Advisories
    Created by Ekkehard Gümbel
    Situations are imaginable where sensitive information gets stored in the fileadmin/_temp_/ directory. If misconfigured in your web server, this…
    Read more
  • TYPO3-20051114-6: TYPO3 Security Bulletin

    Categories: TYPO3 CMS
    Advisory type: Security Advisories
    Created by Ekkehard Gümbel
    Under special circumstances, setting config.baseURL (see typo3.org/documentation/document-library/doc_core_tsref/quot_CONFIG_quot/ ) to a numeric…
    Read more
  • TYPO3-20051114-5: TYPO3 Security Bulletin

    Categories: TYPO3 CMS
    Advisory type: Security Advisories
    Created by Ekkehard Gümbel
    For convenience, the TYPO3 Install Tool provides a button sets the "encryptionKey" to a random value. It has been observed that only parts of the…
    Read more
  • TYPO3-20051114-4: TYPO3 Security Bulletin

    Categories: TYPO3 CMS
    Advisory type: Security Advisories
    Created by Ekkehard Gümbel
    In the past, a "Shift Reload" from the browser (AKA a GET request with the "no-cache" pragma set) cleared the TYPO3 cache of the requested page. This…
    Read more
  • TYPO3-20051114-3: TYPO3 Security Bulletin

    Advisory type: Security Advisories
    Created by Ekkehard Gümbel
    Various security issues have been reported for PhpMyAdmin (see www.securityfocus.com/bid/15196 for details.)
    Read more
  • TYPO3-20051114-2: TYPO3 Security Bulletin

    Categories: TYPO3 CMS
    Advisory type: Security Advisories
    Created by Ekkehard Gümbel
    A Cross Site Scripting issue has been found in showpic.php.
    Read more
  • TYPO3-20051114-1: TYPO3 Security Bulletin

    Categories: TYPO3 CMS
    Advisory type: Security Advisories
    Created by Ekkehard Gümbel
    The file editor functionality in the TYPO3 Install Tool (menu option "Edit files in typo3conf/") has an option that reads "Make backup copy". If set,…
    Read more
  • SECURITY-BULLETINS-CHC-FORUM-TH-MAILFORMPLUS: Security Bulletins: chc_forum, th_mailformplus

    Categories: Security
    Advisory type: Security Advisories
    Created by Ekkehard Gümbel
    Two security bulletins regarding the 3rd party extensions "CHC Forum" and "th_mailformplus" have been issued today. Fixed versions are available.
    Read more
  • TYPO3-20051107-2: th_mailformplus

    Advisory type: Security Advisories
    Created by Ekkehard Gümbel
    A weakness in the form validation of th_mailformplus has been discovered that may be abused to inject additional recipients in mail forms.
    Read more
  • TYPO3-20051107-1: chc_forum

    Advisory type: Security Advisories
    Created by Ekkehard Gümbel
    A bug has been discovered in the "CHC Forum" (chc_forum) extension where some Javascript expressions are not properly caught when entered in forms.…
    Read more