Security Advisories
All Advisories
TYPO3-CORE-SA-2015-002: Access bypass when editing file metadata
It has been discovered, that editors could change, create or delete metadata of files without permission.
TYPO3-CORE-SA-2015-003: Frontend login Session Fixation
It has been discovered that TYPO3 is susceptible to session fixation.
TYPO3-CORE-SA-2015-004: Cross-Site Scripting in Link Handling & File List
It has been discovered, that TYPO3 is vulnerable to Cross-Site Scripting.
TYPO3-CORE-SA-2015-005: Information Disclosure possibility exploitable by Editors
It has been discovered, that editors could list all files and folders in the root directory of a TYPO3 installation.
TYPO3-CORE-SA-2015-006: Brute Force Protection Bypass in backend login
It has been discovered, that the backend login brute force protection can be bypassed
TYPO3-CORE-SA-2015-007: Cross-Site Scripting in 3rd party library Flowplayer
It has been discovered, that third party component Flowplayer Flash is vulnerable to cross-site scripting.
TYPO3-EXT-SA-2015-015: Cross-Site Scripting in extension "404 Page not found handling" (pagenotfoundhandling)
It has been discovered that the extension "404 Page not found handling" (pagenotfoundhandling) is susceptible to Cross-Site Scripting
TYPO3-EXT-SA-2015-014: SQL Injection in extension "Akronymmanager" (sb_akronymmanager)
It has been discovered that the extension "Akronymmanager" (sb_akronymmanager) is susceptible to SQL Injection
TYPO3-EXT-SA-2015-013: Arbitrary Code Execution in extension Job Fair (jobfair)
It has been discovered that the extension "Job Fair" (jobfair) is susceptible to Arbitrary Code Execution
TYPO3-EXT-SA-2015-007: Cross-Site Scripting in extension BE User Log (beko_beuserlog)
It has been discovered that the extension "BE User Log" (beko_beuserlog) is susceptible to Cross-Site Scripting
TYPO3-EXT-SA-2015-006: Arbitrary Code Execution in extension Frontend User Upload (feupload)
It has been discovered that the extension "Frontend User Upload" (feupload) is susceptible to Arbitrary Code Execution
TYPO3-EXT-SA-2015-008: SQL Injection vulnerability in extension wt_directory (wt_directory)
It has been discovered that the extension "wt_directory" (wt_directory) is susceptible to SQL Injection
TYPO3-EXT-SA-2015-009: SQL Injection vulnerability in extension Store Locator (locator)
It has been discovered that the extension "Store Locator" (locator) is susceptible to SQL Injection
TYPO3-EXT-SA-2015-010: SQL Injection vulnerability in extension Smoelenboek (ncgov_smoelenboek)
It has been discovered that the extension "Smoelenboek" (ncgov_smoelenboek) is susceptible to SQL Injection
TYPO3-EXT-SA-2015-011: SQL Injection vulnerability in extension Developer Log (devlog)
It has been discovered that the extension "Developer Log" (devlog) is susceptible to SQL Injection
TYPO3-EXT-SA-2015-012: SQL Injection vulnerability in extension FAQ - Frequently Asked Questions (js_faq)
It has been discovered that the extension "FAQ - Frequently Asked Questions" (js_faq) is susceptible to SQL Injection
TYPO3-CORE-SA-2015-001: Authentication Bypass in TYPO3 CMS 4.5
It has been discovered that TYPO3 CMS 4.5.x is vulnerable to Authentication Bypass.
TYPO3-PSA-2015-001: Important Security-Bulletin Pre-Announcement
A TYPO3 4.5.40 release containing a security fix will be published the day after tomorrow, Thursday 19th of February at about 10:00 am CET.
TYPO3-EXT-SA-2015-005: Cross-Site Scripting in extension Gridelements (gridelements)
It has been discovered that the extension "gridelements" (gridelements) is susceptible to Cross-Site Scripting
TYPO3-EXT-SA-2015-004: Information Disclosure in Direct Mail Subscription (direct_mail_subscription)
It has been discovered that the extension "Direct Mail Subscription" (direct_mail_subscription) is susceptible to Information Disclosure.