Security Advisories
All Advisories
SECURITY-ISSUES-FOUND-IN-TYPO3-CORE-1: Security issues found in TYPO3 core
It has been discovered that the TYPO3 Core is vulnerable to Cross-Site Scripting, Insecure Unserialize and Information Disclosure. Please read the…
TYPO3-EXT-SA-2012-006: Cross-Site Scripting vulnerability in extension Basic SEO Features (seo_basics)
It has been discovered that the extension "Basic SEO Features" (seo_basics) is vulnerable to Cross-Site Scripting
TYPO3-EXT-SA-2012-005: Several vulnerabilities in third party extensions
Several vulnerabilities have been found in the following third-party TYPO3 extensions: fe_whois, cag_tables, additional_reports, general_data_display,…
TYPO3-EXT-SA-2012-004: Cross-Site Scripting vulnerability in extension powermail for TYPO3 (powermail)
It has been discovered that the extension "powermail" (powermail) is vulnerable to Cross-Site Scripting
TYPO3-CORE-SA-2012-001: Several Vulnerabilities in TYPO3 Core
It has been discovered that TYPO3 Core is vulnerable to Cross-Site Scripting, Information Disclosure, Insecure Unserialize
SECURITY-ISSUES-IN-SEVERAL-THIRD-PARTY-TYPO3-EXTENSIONS-INCLUDING-FRONTEND-USER-REGISTRATION-SR-FEUSER-REGISTER: Security issues in several third party TYPO3 extensions including "Frontend User Registration" (sr_feuser_register)
Security vulnerabilities have been discovered in the third party TYPO3 extensions including: sr_feuser_register tkcropthumbs, t3extplorer,…
TYPO3-EXT-SA-2012-003: Several vulnerabilities in third party extensions
Several vulnerabilities have been found in the following third-party TYPO3 extensions: tkcropthumbs, t3extplorer, tc_beuser, an_predigten, solr,…
TYPO3-EXT-SA-2012-002: Information disclosure vulnerabilities in extension "Front End User Registration" (sr_feuser_register)
It has been discovered that the extension "Front End User Registration" (sr_feuser_register) is vulnerable to information disclosure
SECURITY-ISSUES-IN-THIRD-PARTY-TYPO3-EXTENSIONS-2: Security issues in third-party TYPO3 extensions
Security vulnerabilities have been discovered in third-party TYPO3 extensions: css_filelinks, terminal, beuserswitch, rtg_files, irfaq, skt_eurocalc,…
TYPO3-EXT-SA-2012-001: Several vulnerabilities in third party extensions
Several vulnerabilities have been found in the following third-party TYPO3 extensions: css_filelinks, terminal, beuserswitch, rtg_files, irfaq,…
TYPO3-CORE-SA-2011-004: Remote Code Execution in TYPO3 Core
It has been discovered that TYPO3 Core is vulnerable to Remote Code Execution.
SECURITY-ISSUE-FOUND-IN-TYPO3-CORE-2: Security issue found in TYPO3 core
It has been discovered that missing request parameter validation could lead to Remote Code Execution. Please read the advisory for a description and…
IMPORTANT-SECURITY-BULLETIN-PRE-ANNOUNCEMENT-2: Important Security-Bulletin Pre-Announcement
The TYPO3 security team has identified a critical security issue in the TYPO3 v4 Core. The following branches are affected by the vulnerability: *…
SECURITY-ISSUES-IN-THIRD-PARTY-EXTENSIONS-PHPMYADMIN-PHPMYADMIN-AND-LDAP-EU-LDAP: Security issues in third party extensions "phpMyAdmin" (phpmyadmin) and "LDAP" (eu_ldap)
Vulnerabilities have been discovered in the third party TYPO3 extensions "phpMyAdmin" (phpmyadmin) and "LDAP" (eu_ldap) For further information on…
TYPO3-EXT-SA-2011-018: Multiple vulnerabilities in extension phpMyAdmin (phpmyadmin)
It has been discovered that the extension phpMyAdmin (phpmyadmin) is vulnerable to Local file inclusion.
TYPO3-EXT-SA-2011-017: Authentication Bypass and Blind LDAP Injection in extension eu_ldap
It has been discovered that the extension eu_ladap is vulnerable to Authentication Bypass and Blind LDAP Injection
SECURITY-CODE-SPRINT-A-RECAP: Security Code Sprint - A recap
Security Team and Core Development Team Member met for a Code Sprint to improve TYPO3 Security From Oktober 14th to 16th, nine security enthusiasts…
SECURITY-ISSUES-IN-SEVERAL-THIRD-PARTY-TYPO3-EXTENSIONS-INCLUDING-BASIC-SEO-FEATURES-SEO-BASICS-AND-POWERMAIL-POWERMAIL: Security issues in several third party TYPO3 extensions including "Basic SEO Features" (seo_basics) and "powermail" (powermail)
Security vulnerabilities have been discovered in the third party TYPO3 extensions including: seo_basics, powermail, fe_whois,cag_tables,…
TYPO3-EXT-SA-2011-016: Remote Command Execution and Remote File Disclosure vulnerability in extension pdf_generator2
It has been discovered that the extension pdf_generator2 is vulnerable to Remote Code Execution and Remote File Disclosure
TYPO3-EXT-SA-2011-015: Remote File Disclosure and Cross-Site Scripting vulnerability in extensions pmkshadowbox and pmkslimbox
It has been discovered that the extensions pmkshadowbox and pmkslimbox are vulnerable to Remote File Disclosure and Cross-Site Scripting.