Security Advisories
All Advisories
TYPO3-EXT-SA-2014-017: Improper Access Control in WebDav for filemounts (webdav)
It has been discovered that the extension "WebDav for filemounts" (webdav) is susceptible to Improper Access Control.
TYPO3-EXT-SA-2014-016: Cross-Site Scripting vulnerability in extension phpMyAdmin (phpmyadmin)
It has been discovered that the extension "phpMyAdmin" (phpmyadmin) is susceptible to Cross-Site Scripting.
TYPO3-CORE-SA-2014-002: Multiple Vulnerabilities in TYPO3 CMS
It has been discovered that TYPO3 CMS is vulnerable to Denial of Service and Arbitrary Shell Execution!
TYPO3-EXT-SA-2014-015: Information Disclosure vulnerability in Dynamic Content Elements (dce)
It has been discovered that the extension "Dynamic Content Elements" (dce) is susceptible to Information Disclosure.
TYPO3-EXT-SA-2014-014: Improper Access Control vulnerability in extension fal_sftp (fal_sftp)
It has been discovered that the extension "fal_sftp" (fal_sftp) is susceptible to Improper Access Control.
TYPO3-EXT-SA-2014-013: Denial of Service vulnerability in extension Calendar Base (cal)
It has been discovered that the extension "Calendar Base" (cal) is susceptible to Denial of Service.
TYPO3-EXT-SA-2014-011: Several vulnerabilities in extension phpMyAdmin (phpmyadmin)
It has been discovered that the extension "phpMyAdmin" (phpmyadmin) is susceptible to Cross-Site Scripting and Cross-Site Request Forgery.
TYPO3-EXT-SA-2014-012: Several vulnerabilities in extension JobControl (dmmjobcontrol)
It has been discovered that the extension "JobControl" (dmmjobcontrol) is susceptible to Cross-Site Scripting and SQL Injection.
TYPO3-EXT-SA-2014-010: Several vulnerabilities in third party extensions
Several vulnerabilities have been found in the following third-party TYPO3 extensions: cwt_feedit, eu_ldap, flatmgr, jh_opengraphprotocol, ke_dompdf,…
TYPO3-EXT-SA-2014-009: Cross-Site Scripting in news
It has been discovered that the extension "News system" (news) is susceptible to Cross-Site Scripting
TYPO3-EXT-SA-2014-008: Cross-Site Scripting in gridelements
It has been discovered that the extension "Grid Elements" (gridelements) is susceptible to Cross-Site Scripting
TYPO3-CORE-SA-2014-001: Multiple Vulnerabilities in TYPO3 CMS
It has been discovered that TYPO3 CMS is vulnerable to Cross-Site Scripting, Insecure Unserialize, Improper Session Invalidation, Authentication…
TYPO3-EXT-SA-2014-007: Arbitrary code execution in extension "powermail" (powermail)
It has been discovered that the extension "powermail" (powermail) is susceptible to arbitrary code execution and Cross-Site Scripting
TYPO3-EXT-SA-2014-006: Captcha Bypass in extension "powermail" (powermail)
It has been discovered that the extension "powermail" (powermail) is susceptible to Captcha Bypass
TYPO3-EXT-SA-2014-005: Access Bypass in extensions "Yet Another Gallery" (yag) and "Tools for Extbase development" (pt_extbase)
It has been discovered that the extensions "Yet Another Gallery" (yag) and "Tools for Extbase development" (pt_extbase) are susceptible to Access…
TYPO3-EXT-SA-2014-004: Mass Assignment in extension Direct Mail Subscription (direct_mail_subscription)
It has been discovered that the extension "Direct Mail Subscription" (direct_mail_subscription) is susceptible to Mass Assignment.
TYPO3-EXT-SA-2014-003: Insecure Unserialize in extension News (tt_news)
It has been discovered that the extension "News" (tt_news) is susceptible to Insecure Unserialize.
TYPO3-EXT-SA-2014-002: Several vulnerabilities in third party extensions
Several vulnerabilities have been found in the following third-party TYPO3 extensions: alpha_sitemap, femanager ke_stats, outstats, px_phpids, smarty,…
TYPO3-EXT-SA-2014-001: Several vulnerabilities in extension mm_forum (mm_forum)
It has been discovered that the extension "mm_forum" (mm_forum) is vulnerable to Arbitrary Code Execution, Cross-Site Scripting and Cross-Site Request…
TYPO3-PSA-2014-001: Cross-Site Request Forgery Protection in TYPO3 CMS 6.2
TYPO3 CMS 6.2 will get CSRF Protection throughout all modules and parts that manipulate data.