Security Bulletins:

It has been discovered, that editors could change, create or delete metadata of files without permission.

It has been discovered that TYPO3 is susceptible to session fixation.

It has been discovered, that TYPO3 is vulnerable to Cross-Site Scripting.

It has been discovered, that editors could list all files and folders in the root directory of a TYPO3 installation.

It has been discovered, that the backend login brute force protection can be bypassed

It has been discovered, that third party component Flowplayer Flash is vulnerable to cross-site scripting.

It has been discovered that TYPO3 CMS 4.5.x is vulnerable to Authentication Bypass.

It has been discovered that TYPO3 CMS is vulnerable to Link Spoofing and Cache Poisoning.

It has been discovered that TYPO3 CMS is vulnerable to Denial of Service and Arbitrary Shell Execution!

It has been discovered that TYPO3 CMS is vulnerable to Cross-Site Scripting, Insecure Unserialize, Improper Session Invalidation, Authentication…