Security Advisories
All Advisories
TYPO3-EXT-SA-2016-033: Unvalidated Redirect in extension "TC Directmail" (tcdirectmail)
It has been discovered that the extension "TC Directmail" (tcdirectmail) is susceptible to Unvalidated Redirect.
TYPO3-EXT-SA-2016-032: SQL Injection in extension "Member Infosheets" (if_membersheet)
It has been discovered that the extension "Member Infosheets" (if_membersheet) is susceptible to SQL Injection.
TYPO3-EXT-SA-2016-031: Cross Site-Scripting in extension "Secure Download Form" (rs_securedownload)
It has been discovered that the extension "Secure Download Form" (rs_securedownload) is susceptible to Cross Site-Scripting.
TYPO3-EXT-SA-2016-030: SQL Injection in extension "Shibboleth Authentication" (shibboleth_auth)
It has been discovered that the extension "Shibboleth Authentication" (shibboleth_auth) is susceptible to SQL Injection.
TYPO3-EXT-SA-2016-029: Insecure Unserialize and SQL Injection in extension "Code Highlighter" (mh_code_highlighter)
It has been discovered that the extension "Code Highlighter" (mh_code_highlighter) is susceptible to Insecure Unserialize and SQL Injection.
TYPO3-EXT-SA-2016-028: Cross-Site Scripting in extension "Store Locator" (locator)
It has been discovered that the extension "Store Locator" (locator) is susceptible to Cross-Site Scripting.
TYPO3-EXT-SA-2016-027: Cross-Site Scripting in extension "HTML5 Video Player" (html5videoplayer)
It has been discovered that the extension "HTML5 Video Player" (html5videoplayer) is susceptible to Cross-Site Scripting.
TYPO3-EXT-SA-2016-026: Multiple vulnerabilities in extension "TC Directmail " (tcdirectmail)
It has been discovered that the extension "TC Directmail " (tcdirectmail) is susceptible to Cross Site-Scripting and SQL Injection.
TYPO3-EXT-SA-2016-025: Multiple vulnerabilities in extension "phpMyAdmin" (phpmyadmin)
It has been discovered that the extension "phpMyAdmin" (phpmyadmin) has multiple vulnerabilities.
TYPO3-EXT-SA-2016-024: SQL Injection in extension "Events" (jp_events)
It has been discovered that the extension "Events" (jp_events) is susceptible to SQL Injection.
TYPO3-EXT-SA-2016-023: SQL Injection in extension "GN Tactics Planner" (sf_gntactics)
It has been discovered that the extension "GN Tactics Planner" (sf_gntactics) is susceptible to SQL Injection.
TYPO3-CORE-SA-2016-022: Cache Flooding in TYPO3 Frontend
It has been discovered, that TYPO3 is vulnerable to Cache Flooding
TYPO3-CORE-SA-2016-021: Cross-Site Scripting in TYPO3 Backend
It has been discovered, that TYPO3 is vulnerable to Cross-Site Scripting
TYPO3-EXT-SA-2016-022: Arbitrary Code Execution in extension "Frontend User Registration" (sf_register)
Release Date: September 12, 2016 Component Type: Third party extension. This extension is not a part of the TYPO3 default installation. Affected…
TYPO3-EXT-SA-2016-021: Denial of Service in extension "Speaking URLs for TYPO3" (realurl)
It has been discovered that the extension "Speaking URLs for TYPO3" (realurl) is susceptible to Denial of Service.
TYPO3-CORE-SA-2016-020: Cross-Site Scripting in third party library mso/idna-convert
It has been discovered, that TYPO3 ships example code of mso/idna-convert library that is vulnerable to Cross-Site Scripting
TYPO3-CORE-SA-2016-019: Environment Variable Injection
It has been discovered, that PHP exposes the risk of Environment Variable Injection and TYPO3 is vulnerable through third party library…
TYPO3-CORE-SA-2016-018: Cross-Site Scripting vulnerability in typolinks
It has been discovered, that TYPO3 is susceptible to Cross-Site Scripting.
TYPO3-CORE-SA-2016-017: Information Disclosure in TYPO3 Backend
It has been discovered, that TYPO3 is susceptible to Information Disclosure.
TYPO3-CORE-SA-2016-016: SQL Injection in TYPO3 Frontend Login
It has been discovered, that TYPO3 is susceptible to SQL Injection.