Security Bulletins

Several vulnerabilities in third party extensions

Authors: Helmut Hummel, Category: TYPO3 Extension August 29, 2011

Several vulnerabilities have been found in the following third-party TYPO3 extensions: MM DAM - FEFileList (mm_dam_filelist), Events (julle_events), WEC Staff Directory (wec_staffdirectory), TGM news (tgm_news), TGM media (tgm_media), TGM calendar module (tgm_cal), DAM Lightbox (damlightbox), ...


Multiple vulnerabilities in TYPO3 Core

Authors: Helmut Hummel, Category: TYPO3 CMS July 27, 2011

It has been discovered that TYPO3 Core is vulnerable to Cross-Site Scripting (XSS), Information Disclosure, Authentication Delay Bypass, Unserialize() vulnerability, Missing Access Control.