Security Advisories
All Advisories
TYPO3-EXT-SA-2015-003: Multiple vulnerabilities in Content Rating Extbase (content_rating_extbase)
It has been discovered that the extension "Content Rating Extbase" (content_rating_extbase) is susceptible to Cross-Site Scripting and SQL Injection.
TYPO3-EXT-SA-2015-002: Multiple vulnerabilities in Content Rating (content_rating)
It has been discovered that the extension "Content Rating" (content_rating) is susceptible to Cross-Site Scripting and SQL Injection.
TYPO3-EXT-SA-2015-001: Improper Authentication in LDAP / SSO Authentication (ig_ldap_sso_auth)
It has been discovered that the extension "LDAP / SSO Authentication" (ig_ldap_sso_auth) is susceptible to Improper Authentication.
TYPO3-EXT-SA-2014-021: Cross-Site Scripting vulnerability in wfGallery (wf_gallery)
It has been discovered that the extension "wfGallery" (wf_gallery) is susceptible to Cross-Site Scripting.
TYPO3-EXT-SA-2014-020: Multiple vulnerabilities in BibTex Publications (si_bibtex)
It has been discovered that the extension "BibTex Publications" (si_bibtex) is susceptible to Cross-Site Scripting and SQL Injection.
TYPO3-EXT-SA-2014-019: Multiple vulnerabilities in Drag Drop Mass Upload (ameos_dragndropupload)
It has been discovered that the extension "Drag Drop Mass Upload" (ameos_dragndropupload) is susceptible to Cross-Site Scripting, Cross-Site Request…
TYPO3-CORE-SA-2014-003: Link spoofing and cache poisoning vulnerabilities in TYPO3 CMS
It has been discovered that TYPO3 CMS is vulnerable to Link Spoofing and Cache Poisoning.
TYPO3-EXT-SA-2014-018: Multiple vulnerabilities in extension phpMyAdmin (phpmyadmin)
It has been discovered that the extension "phpMyAdmin" (phpmyadmin) is susceptible to Cross-Site Scripting, Denial of Service and Local File…
TYPO3-EXT-SA-2014-017: Improper Access Control in WebDav for filemounts (webdav)
It has been discovered that the extension "WebDav for filemounts" (webdav) is susceptible to Improper Access Control.
TYPO3-EXT-SA-2014-016: Cross-Site Scripting vulnerability in extension phpMyAdmin (phpmyadmin)
It has been discovered that the extension "phpMyAdmin" (phpmyadmin) is susceptible to Cross-Site Scripting.
TYPO3-CORE-SA-2014-002: Multiple Vulnerabilities in TYPO3 CMS
It has been discovered that TYPO3 CMS is vulnerable to Denial of Service and Arbitrary Shell Execution!
TYPO3-EXT-SA-2014-015: Information Disclosure vulnerability in Dynamic Content Elements (dce)
It has been discovered that the extension "Dynamic Content Elements" (dce) is susceptible to Information Disclosure.
TYPO3-EXT-SA-2014-014: Improper Access Control vulnerability in extension fal_sftp (fal_sftp)
It has been discovered that the extension "fal_sftp" (fal_sftp) is susceptible to Improper Access Control.
TYPO3-EXT-SA-2014-013: Denial of Service vulnerability in extension Calendar Base (cal)
It has been discovered that the extension "Calendar Base" (cal) is susceptible to Denial of Service.
TYPO3-EXT-SA-2014-011: Several vulnerabilities in extension phpMyAdmin (phpmyadmin)
It has been discovered that the extension "phpMyAdmin" (phpmyadmin) is susceptible to Cross-Site Scripting and Cross-Site Request Forgery.
TYPO3-EXT-SA-2014-012: Several vulnerabilities in extension JobControl (dmmjobcontrol)
It has been discovered that the extension "JobControl" (dmmjobcontrol) is susceptible to Cross-Site Scripting and SQL Injection.
TYPO3-EXT-SA-2014-010: Several vulnerabilities in third party extensions
Several vulnerabilities have been found in the following third-party TYPO3 extensions: cwt_feedit, eu_ldap, flatmgr, jh_opengraphprotocol, ke_dompdf,…
TYPO3-EXT-SA-2014-009: Cross-Site Scripting in news
It has been discovered that the extension "News system" (news) is susceptible to Cross-Site Scripting
TYPO3-EXT-SA-2014-008: Cross-Site Scripting in gridelements
It has been discovered that the extension "Grid Elements" (gridelements) is susceptible to Cross-Site Scripting
TYPO3-CORE-SA-2014-001: Multiple Vulnerabilities in TYPO3 CMS
It has been discovered that TYPO3 CMS is vulnerable to Cross-Site Scripting, Insecure Unserialize, Improper Session Invalidation, Authentication…