Security Advisories
All Advisories
SECURITY-ISSUES-IN-THIRD-PARTY-TYPO3-EXTENSIONS-2: Security issues in third-party TYPO3 extensions
Security vulnerabilities have been discovered in third-party TYPO3 extensions: css_filelinks, terminal, beuserswitch, rtg_files, irfaq, skt_eurocalc,…
TYPO3-EXT-SA-2012-001: Several vulnerabilities in third party extensions
Several vulnerabilities have been found in the following third-party TYPO3 extensions: css_filelinks, terminal, beuserswitch, rtg_files, irfaq,…
TYPO3-CORE-SA-2011-004: Remote Code Execution in TYPO3 Core
It has been discovered that TYPO3 Core is vulnerable to Remote Code Execution.
SECURITY-ISSUE-FOUND-IN-TYPO3-CORE-2: Security issue found in TYPO3 core
It has been discovered that missing request parameter validation could lead to Remote Code Execution. Please read the advisory for a description and…
IMPORTANT-SECURITY-BULLETIN-PRE-ANNOUNCEMENT-2: Important Security-Bulletin Pre-Announcement
The TYPO3 security team has identified a critical security issue in the TYPO3 v4 Core. The following branches are affected by the vulnerability: *…
SECURITY-ISSUES-IN-THIRD-PARTY-EXTENSIONS-PHPMYADMIN-PHPMYADMIN-AND-LDAP-EU-LDAP: Security issues in third party extensions "phpMyAdmin" (phpmyadmin) and "LDAP" (eu_ldap)
Vulnerabilities have been discovered in the third party TYPO3 extensions "phpMyAdmin" (phpmyadmin) and "LDAP" (eu_ldap) For further information on…
TYPO3-EXT-SA-2011-018: Multiple vulnerabilities in extension phpMyAdmin (phpmyadmin)
It has been discovered that the extension phpMyAdmin (phpmyadmin) is vulnerable to Local file inclusion.
TYPO3-EXT-SA-2011-017: Authentication Bypass and Blind LDAP Injection in extension eu_ldap
It has been discovered that the extension eu_ladap is vulnerable to Authentication Bypass and Blind LDAP Injection
SECURITY-CODE-SPRINT-A-RECAP: Security Code Sprint - A recap
Security Team and Core Development Team Member met for a Code Sprint to improve TYPO3 Security From Oktober 14th to 16th, nine security enthusiasts…
SECURITY-ISSUES-IN-SEVERAL-THIRD-PARTY-TYPO3-EXTENSIONS-INCLUDING-BASIC-SEO-FEATURES-SEO-BASICS-AND-POWERMAIL-POWERMAIL: Security issues in several third party TYPO3 extensions including "Basic SEO Features" (seo_basics) and "powermail" (powermail)
Security vulnerabilities have been discovered in the third party TYPO3 extensions including: seo_basics, powermail, fe_whois,cag_tables,…
TYPO3-EXT-SA-2011-016: Remote Command Execution and Remote File Disclosure vulnerability in extension pdf_generator2
It has been discovered that the extension pdf_generator2 is vulnerable to Remote Code Execution and Remote File Disclosure
TYPO3-EXT-SA-2011-015: Remote File Disclosure and Cross-Site Scripting vulnerability in extensions pmkshadowbox and pmkslimbox
It has been discovered that the extensions pmkshadowbox and pmkslimbox are vulnerable to Remote File Disclosure and Cross-Site Scripting.
SECURITY-ISSUES-IN-THIRD-PARTY-EXTENSIONS-PDF-GENERATOR2-PMKSHADOWBOX-AND-PMKSLIMBOX: Security issues in third party extensions pdf_generator2, pmkshadowbox and pmkslimbox
Multiple security issues have been discovered in extensions pdf_generator2, pmkshadowbox and pmkslimbox For further information on the issues in…
SECURITY-ISSUES-IN-THIRD-PARTY-EXTENSION-PHPMYADMIN-PHPMYADMIN: Security issues in third party extension "phpMyAdmin" (phpmyadmin)
Multiple vulnerabilities have been discovered in the third party TYPO3 extension "phpMyAdmin" (phpmyadmin) For further information on the issues in…
TYPO3-EXT-SA-2011-014: Multiple vulnerabilities in extension phpMyAdmin (phpmyadmin)
It has been discovered that the extension phpMyAdmin (phpmyadmin) is vulnerable to Cross-Site Scripting and Full Path Disclosure.
SECURITY-ISSUE-IN-THIRD-PARTY-EXTENSION-T3BLOG-T3BLOG: Security issue in third party extension "T3Blog" (t3blog)
A Cross-Site Scripting vulnerabilitiy has been discovered in the third party TYPO3 extension "T3Blog" (t3blog) For further information on the issue…
SECURITY-ISSUES-IN-THIRD-PARTY-TYPO3-EXTENSIONS-3: Security issues in third-party TYPO3 extensions
Security vulnerabilities have been discovered in third-party TYPO3 extensions: mm_hutinfo, np_indexed_search_stat, rzcolorbox, t3c_podcasts,…
TYPO3-EXT-SA-2011-012: Several vulnerabilities in third party extensions
Several vulnerabilities have been found in the following third-party TYPO3 extensions: mm_hutinfo, np_indexed_search_stat, rzcolorbox, t3c_podcasts,…
TYPO3-EXT-SA-2011-013: Cross-Site scripting vulnerability in extension t3blog (t3blog)
It has been discovered that the extension "T3Blog" (t3blog) is vulnerable to Cross-Site Scripting.
SECURITY-ISSUES-IN-THIRD-PARTY-EXTENSION-PHPMYADMIN-PHPMYADMIN-1: Security issues in third party extension "phpMyAdmin" (phpmyadmin)
Multiple Cross-Site Scripting vulnerabilities have been discovered in the third party TYPO3 extension "phpMyAdmin" (phpmyadmin) For further…