Security Advisories
All Advisories
TYPO3-EXT-SA-2014-007: Arbitrary code execution in extension "powermail" (powermail)
It has been discovered that the extension "powermail" (powermail) is susceptible to arbitrary code execution and Cross-Site Scripting
TYPO3-EXT-SA-2014-006: Captcha Bypass in extension "powermail" (powermail)
It has been discovered that the extension "powermail" (powermail) is susceptible to Captcha Bypass
TYPO3-EXT-SA-2014-005: Access Bypass in extensions "Yet Another Gallery" (yag) and "Tools for Extbase development" (pt_extbase)
It has been discovered that the extensions "Yet Another Gallery" (yag) and "Tools for Extbase development" (pt_extbase) are susceptible to Access…
TYPO3-EXT-SA-2014-004: Mass Assignment in extension Direct Mail Subscription (direct_mail_subscription)
It has been discovered that the extension "Direct Mail Subscription" (direct_mail_subscription) is susceptible to Mass Assignment.
TYPO3-EXT-SA-2014-003: Insecure Unserialize in extension News (tt_news)
It has been discovered that the extension "News" (tt_news) is susceptible to Insecure Unserialize.
TYPO3-EXT-SA-2014-002: Several vulnerabilities in third party extensions
Several vulnerabilities have been found in the following third-party TYPO3 extensions: alpha_sitemap, femanager ke_stats, outstats, px_phpids, smarty,…
TYPO3-EXT-SA-2014-001: Several vulnerabilities in extension mm_forum (mm_forum)
It has been discovered that the extension "mm_forum" (mm_forum) is vulnerable to Arbitrary Code Execution, Cross-Site Scripting and Cross-Site Request…
TYPO3-PSA-2014-001: Cross-Site Request Forgery Protection in TYPO3 CMS 6.2
TYPO3 CMS 6.2 will get CSRF Protection throughout all modules and parts that manipulate data.
TYPO3-CORE-SA-2013-004: Multiple Vulnerabilities in TYPO3 CMS
It has been discovered that TYPO3 CMS is vulnerable to Cross-Site Scripting, Information Disclosure, Mass Assignment, Open Redirection and Insecure…
TYPO3-EXT-SA-2013-018: Several vulnerabilities in extension AWStats (cc_awstats)
It has been discovered that the extension "AWStats" (cc_awstats) contains an unspecific vulnerability in the bundled AWStats version.
TYPO3-EXT-SA-2013-017: Several vulnerabilities in third party extensions
Several vulnerabilities have been found in the following third-party TYPO3 extensions: booking, cronmm_ratsinfo, ics_awstats, iflowgallery,…
TYPO3-EXT-SA-2013-016: SQL Injection vulnerability in extension Formhandler (formhandler)
It has been discovered that the extension "Formhandler" (formhandler) is vulnerable to SQL-Injection.
TYPO3-EXT-SA-2013-015: SQL Injection vulnerability in extension RealURL: speaking paths for TYPO3 (realurl)
It has been discovered that the extension "RealURL: speaking paths for TYPO3" (realurl) is vulnerable to SQL-Injection.
TYPO3-EXT-SA-2013-014: Information Disclosure in extension Direct Mail (direct_mail)
It has been discovered that the extension "Direct Mail" (direct mail) is susceptible to Information Disclosure
TYPO3-EXT-SA-2013-009: Several vulnerabilities in extension Apache Solr for TYPO3 (solr)
It has been discovered that the extension "Apache Solr for TYPO3" (solr) is vulnerable to Cross-Site Scripting and Insecure Unserialize.
TYPO3-CORE-SA-2013-003: Incomplete Access Management and Remote Code Execution Vulnerability in TYPO3 Core
It has been discovered that TYPO3 Core has Incomplete Access Management and is vulnerable to Remote Code Execution
TYPO3-EXT-SA-2013-013: Several vulnerabilities in third party extensions
Several vulnerabilities have been found in the following third-party TYPO3 extensions: browser, ke_search, locator, realurlmanagement, wfqbe
TYPO3-EXT-SA-2013-012: Several vulnerabilities in extension Formhandler (formhandler)
It has been discovered that the extension "Formhandler" (Formhandler) is vulnerable to SQL-Injection, Arbitrary Code Execution and Authentication…
TYPO3-EXT-SA-2013-011: Cross-Site Scripting vulnerability in extension Front End User Registration (sr_feuser_register)
It has been discovered that the extension "Front End User Registration" (sr_feuser_register) is vulnerable to Cross-Site Scripting.
TYPO3-CORE-SA-2013-002: Cross-Site Scripting and Remote Code Execution Vulnerability in TYPO3 Core
It has been discovered that TYPO3 Core is vulnerable to Cross-Site Scripting and Remote Code Execution