Security Advisories

TYPO3-EXT-SA-2015-013: Arbitrary Code Execution in extension Job Fair (jobfair)

15.06.2015

It has been discovered that the extension "Job Fair" (jobfair) is susceptible to Arbitrary Code Execution

TYPO3-EXT-SA-2015-007: Cross-Site Scripting in extension BE User Log (beko_beuserlog)

15.06.2015

It has been discovered that the extension "BE User Log" (beko_beuserlog) is susceptible to Cross-Site Scripting

TYPO3-EXT-SA-2015-006: Arbitrary Code Execution in extension Frontend User Upload (feupload)

15.06.2015

It has been discovered that the extension "Frontend User Upload" (feupload) is susceptible to Arbitrary Code Execution

TYPO3-EXT-SA-2015-008: SQL Injection vulnerability in extension wt_directory (wt_directory)

15.06.2015

It has been discovered that the extension "wt_directory" (wt_directory) is susceptible to SQL Injection

TYPO3-EXT-SA-2015-009: SQL Injection vulnerability in extension Store Locator (locator)

15.06.2015

It has been discovered that the extension "Store Locator" (locator) is susceptible to SQL Injection

TYPO3-EXT-SA-2015-010: SQL Injection vulnerability in extension Smoelenboek (ncgov_smoelenboek)

15.06.2015

It has been discovered that the extension "Smoelenboek" (ncgov_smoelenboek) is susceptible to SQL Injection

TYPO3-EXT-SA-2015-011: SQL Injection vulnerability in extension Developer Log (devlog)

15.06.2015

It has been discovered that the extension "Developer Log" (devlog) is susceptible to SQL Injection

TYPO3-EXT-SA-2015-012: SQL Injection vulnerability in extension FAQ - Frequently Asked Questions (js_faq)

15.06.2015

It has been discovered that the extension "FAQ - Frequently Asked Questions" (js_faq) is susceptible to SQL Injection

TYPO3-CORE-SA-2015-001: Authentication Bypass in TYPO3 CMS 4.5

19.02.2015

It has been discovered that TYPO3 CMS 4.5.x is vulnerable to Authentication Bypass.

TYPO3-PSA-2015-001: Important Security-Bulletin Pre-Announcement

17.02.2015

A TYPO3 4.5.40 release containing a security fix will be published the day after tomorrow, Thursday 19th of February at about 10:00 am CET.

TYPO3-EXT-SA-2015-005: Cross-Site Scripting in extension Gridelements (gridelements)

17.02.2015

It has been discovered that the extension "gridelements" (gridelements) is susceptible to Cross-Site Scripting

TYPO3-EXT-SA-2015-004: Information Disclosure in Direct Mail Subscription (direct_mail_subscription)

16.01.2015

It has been discovered that the extension "Direct Mail Subscription" (direct_mail_subscription) is susceptible to Information Disclosure.

TYPO3-EXT-SA-2015-003: Multiple vulnerabilities in Content Rating Extbase (content_rating_extbase)

09.01.2015

It has been discovered that the extension "Content Rating Extbase" (content_rating_extbase) is susceptible to Cross-Site Scripting and SQL Injection.

TYPO3-EXT-SA-2015-002: Multiple vulnerabilities in Content Rating (content_rating)

09.01.2015

It has been discovered that the extension "Content Rating" (content_rating) is susceptible to Cross-Site Scripting and SQL Injection.

TYPO3-EXT-SA-2015-001: Improper Authentication in LDAP / SSO Authentication (ig_ldap_sso_auth)

08.01.2015

It has been discovered that the extension "LDAP / SSO Authentication" (ig_ldap_sso_auth) is susceptible to Improper Authentication.

TYPO3-EXT-SA-2014-021: Cross-Site Scripting vulnerability in wfGallery (wf_gallery)

15.12.2014

It has been discovered that the extension "wfGallery" (wf_gallery) is susceptible to Cross-Site Scripting.

TYPO3-EXT-SA-2014-020: Multiple vulnerabilities in BibTex Publications (si_bibtex)

15.12.2014

It has been discovered that the extension "BibTex Publications" (si_bibtex) is susceptible to Cross-Site Scripting and SQL Injection.

TYPO3-EXT-SA-2014-019: Multiple vulnerabilities in Drag Drop Mass Upload (ameos_dragndropupload)

15.12.2014

It has been discovered that the extension "Drag Drop Mass Upload" (ameos_dragndropupload) is susceptible to Cross-Site Scripting, Cross-Site Request…

TYPO3-CORE-SA-2014-003: Link spoofing and cache poisoning vulnerabilities in TYPO3 CMS

09.12.2014

It has been discovered that TYPO3 CMS is vulnerable to Link Spoofing and Cache Poisoning.

TYPO3-EXT-SA-2014-018: Multiple vulnerabilities in extension phpMyAdmin (phpmyadmin)

08.12.2014

It has been discovered that the extension "phpMyAdmin" (phpmyadmin) is susceptible to Cross-Site Scripting, Denial of Service and Local File…

All Advisories