Security Bulletins for TYPO3 Extensions

Wed. 5th November, 2014

TYPO3-EXT-SA-2014-016: Cross-Site Scripting vulnerability in extension phpMyAdmin (phpmyadmin)

Advisory type: TYPO3 Extensions

Created by Marcus Krause

It has been discovered that the extension "phpMyAdmin" (phpmyadmin) is susceptible to Cross-Site Scripting.

Fri. 17th October, 2014

TYPO3-EXT-SA-2014-015: Information Disclosure vulnerability in Dynamic Content Elements (dce)

Advisory type: TYPO3 Extensions

Created by Marcus Krause

It has been discovered that the extension "Dynamic Content Elements" (dce) is susceptible to Information Disclosure.

Fri. 17th October, 2014

TYPO3-EXT-SA-2014-014: Improper Access Control vulnerability in extension fal_sftp (fal_sftp)

Advisory type: TYPO3 Extensions

Created by Marcus Krause

It has been discovered that the extension "fal_sftp" (fal_sftp) is susceptible to Improper Access Control.

Fri. 17th October, 2014

TYPO3-EXT-SA-2014-013: Denial of Service vulnerability in extension Calendar Base (cal)

Advisory type: TYPO3 Extensions

Created by Marcus Krause

It has been discovered that the extension "Calendar Base" (cal) is susceptible to Denial of Service.

Fri. 26th September, 2014

TYPO3-EXT-SA-2014-011: Several vulnerabilities in extension phpMyAdmin (phpmyadmin)

Advisory type: TYPO3 Extensions

Created by Marcus Krause

It has been discovered that the extension "phpMyAdmin" (phpmyadmin) is susceptible to Cross-Site Scripting and Cross-Site Request Forgery.

Thu. 25th September, 2014

TYPO3-EXT-SA-2014-012: Several vulnerabilities in extension JobControl (dmmjobcontrol)

Advisory type: TYPO3 Extensions

Created by Marcus Krause

It has been discovered that the extension "JobControl" (dmmjobcontrol) is susceptible to Cross-Site Scripting and SQL Injection.

Tue. 2nd September, 2014

TYPO3-EXT-SA-2014-010: Several vulnerabilities in third party extensions

Advisory type: TYPO3 Extensions

Created by Marcus Krause

Several vulnerabilities have been found in the following third-party TYPO3 extensions: cwt_feedit, eu_ldap, flatmgr, jh_opengraphprotocol, ke_dompdf,…

Tue. 3rd June, 2014

TYPO3-EXT-SA-2014-009: Cross-Site Scripting in news

Advisory type: TYPO3 Extensions

Created by Georg Ringer

It has been discovered that the extension "News system" (news) is susceptible to Cross-Site Scripting

Tue. 27th May, 2014

TYPO3-EXT-SA-2014-008: Cross-Site Scripting in gridelements

Advisory type: TYPO3 Extensions

Created by Helmut Hummel

It has been discovered that the extension "Grid Elements" (gridelements) is susceptible to Cross-Site Scripting

Thu. 22nd May, 2014

TYPO3-EXT-SA-2014-007: Arbitrary code execution in extension "powermail" (powermail)

Advisory type: TYPO3 Extensions

Created by Nicole Cordes

It has been discovered that the extension "powermail" (powermail) is susceptible to arbitrary code execution and Cross-Site Scripting