Security Advisories
All Advisories
TYPO3-EXT-SA-2017-018: Multiple vulnerabilities in extension "DRC News Comment" (news_comment)
It has been discovered that the extension "DRC News Comment" (news_comment) is susceptible to Arbitrary Code Execution and Cross Site-Scripting.
TYPO3-EXT-SA-2017-017: Authentication Bypass in extension "Frontend User Registration" (sf_register)
It has been discovered that the extension "Frontend User Registration" (sf_register) is vulnerable to Authentication Bypass.
TYPO3-EXT-SA-2017-016: SQL Injection in extension "Download Center" (pits_downloadcenter)
It has been discovered that the extension "Download Center" (pits_downloadcenter) is susceptible to SQL Injection.
TYPO3-EXT-SA-2017-015: Cross Site-Scripting in extension "Smallads" (ke_smallads)
It has been discovered that the extension "Smallads" (ke_smallads) is susceptible to Cross-Site Scripting.
TYPO3-EXT-SA-2017-014: Cross Site-Scripting in extension "Multishop" (multishop)
It has been discovered that the extension "Multishop" (multishop) is susceptible to Cross-Site Scripting.
TYPO3-EXT-SA-2017-013: Cross Site-Scripting in extension "CAB FAL search" (falsearch)
It has been discovered that the extension "CAB FAL search" (falsearch) is susceptible to Cross-Site Scripting.
TYPO3-EXT-SA-2017-012: Arbitrary File Disclosure in extension "restler" (restler)
It has been discovered that the extension "restler" (restler) is susceptible to Arbitrary File Disclosure.
TYPO3-EXT-SA-2017-011: Cross Site-Scripting in extension "Formhandler" (formhandler)
It has been discovered that the extension "Formhandler" (formhandler) is susceptible to Cross-Site Scripting.
TYPO3-EXT-SA-2017-010: Cross Site-Scripting in extension "Recommend page " (pb_recommend_page)
It has been discovered that the extension "Recommend page " (pb_recommend_page) is susceptible to Cross-Site Scripting.
TYPO3-EXT-SA-2017-009: Cross Site-Scripting in extension "T3Blog Extbase" (t3extblog)
It has been discovered that the extension "T3Blog Extbase" (t3extblog) is susceptible to Cross-Site Scripting.
TYPO3-EXT-SA-2017-008: Multiple vulnerabilities in extension "File manager" (ameos_filemanager)
It has been discovered that the extension "File manager" (ameos_filemanager) is susceptible to Remote Code Execution, SQL Injection and Information…
TYPO3-PSA-2017-001: Privilege Escalation in Extension Repository (TER)
It has been discovered that the TYPO3 Extension Repository (TER) is vulnerable to privilege escalation.
TYPO3-CORE-SA-2017-007: Arbitrary Code Execution in TYPO3 CMS
It has been discovered, that TYPO3 CMS is vulnerable to Arbitrary Code Execution.
TYPO3-CORE-SA-2017-005: Information Disclosure in TYPO3 CMS
It has been discovered, that TYPO3 CMS is susceptible to Information Disclosure.
TYPO3-CORE-SA-2017-006: Information Disclosure in TYPO3 CMS
It has been discovered, that TYPO3 CMS is susceptible to Information Disclosure.
TYPO3-CORE-SA-2017-004: Cross-Site Scripting in TYPO3 CMS Backend
It has been discovered, that TYPO3 CMS is vulnerable to Cross-Site Scripting.
TYPO3-EXT-SA-2017-003: SQL Injection in extension "Faceted Search" (ke_search)
It has been discovered that the extension "Faceted Search" (ke_search) is susceptible to SQL Injection.
TYPO3-EXT-SA-2017-004: Remote Code Execution in extension "Maag Sendmail" (maag_sendmail)
It has been discovered that the extension "Maag Sendmail" (maag_sendmail) is susceptible to Remote Code Execution.
TYPO3-EXT-SA-2017-005: Remote Code Execution in extension "AH Sendmail" (ah_sendmail)
It has been discovered that the extension "AH Sendmail" (ah_sendmail) is susceptible to Remote Code Execution.
TYPO3-EXT-SA-2017-006: Remote Code Execution in extension "PHPMailer" (bb_phpmailer)
It has been discovered that the extension "PHPMailer" (bb_phpmailer) is susceptible to Remote Code Execution.