Security Advisories
All Advisories
TYPO3-SA-2010-012: Multiple vulnerabilities in TYPO3 Core
It has been discovered that TYPO3 Core is vulnerable to Cross-Site Scripting (XSS), Open Redirection, SQL Injection, Broken Authentication and Session…
TYPO3-SA-2010-011: Vulnerabilitiy in extension 404 Error Page Handling (error_404_handling)
It has been discovered that the extension 404 Error Page Handling (error_404_handling) is susceptible to SQL Injection attacks.
TYPO3-SA-2010-010: Vulnerabilitiy in extension Tip-A-Friend (tipafriend)
It has been discovered that the extension Tip-A-Friend (tipafriend) is susceptible to Cross Site Scripting (XSS) attacks.
TYPO3-SA-2010-009: Vulnerabilitiy in extension Frontend User Registration (sr_feuser_register)
It has been discovered that the extension Frontend User Registration (sr_feuser_register) is susceptible to Cross Site Scripting (XSS) attacks.
SECURITY-ISSUES-IN-SEVERAL-THIRD-PARTY-TYPO3-EXTENSIONS-INCLUDING-FRONTEND-USER-REGISTRATION-SR-FEUSER-REGISTER-404-ERROR-PAGE-HANDLING-ERROR-404-HANDLING-AND-TIP-A-FRIEND-TIPAFRIEND: Security issues in several third party TYPO3 extensions including "Frontend User Registration" (sr_feuser_register), "404 Error Page Handling" (error_404_handling) and "Tip-A-Friend" (tipafriend)
Security vulnerabilities have been discovered in the third party TYPO3 extensions including sr_feuser_register, error_404_handling and tipafriend
SECURITY-ISSUE-FOUND-IN-TYPO3-CORE-1: Security Issue found in TYPO3 Core
It has been discovered that TYPO3 Core is vulnerable to Remote Command Execution.
TYPO3-SA-2010-008: Vulnerability in TYPO3 Core
It has been discovered that TYPO3 Core is vulnerable to Remote Command Execution.
IMPORTANT-SECURITY-BULLETIN-PRE-ANNOUNCEMENT-1: Important Security-Bulletin Pre-Announcement
The TYPO3 security team has identified a critical security issue in the TYPO3 core.
TYPO3-SA-2010-007: Cross-Site Scripting vulnerability in extension mm_forum (mm_forum)
It has been discovered that the extension mm_forum (mm_forum) is vulnerable to Cross-Site Scripting.
TYPO3-SA-2010-006: Multiple vulnerabilities in third party extensions
Several vulnerabilities have been found in the following third party TYPO3 extensions: Brainstorming (brainstorming), Power Extension Manager…
SECURITY-ISSUES-IN-SEVERAL-THIRD-PARTY-TYPO3-EXTENSIONS-INCLUDING-MM-FORUM-MM-FORUM: Security issues in several third party TYPO3 extensions including "mm_forum" (mm_forum)
A security vulnerabilities has been discovered in the third party TYPO3 extensions including mm_forum, brainstorming, ch_lightem, chsellector,…
TYPO3-SA-2010-005: Blind SQL Injection vulnerability in extension Calendar Base (cal)
It has been discovered that the extension Calendar Base (cal) is vulnerable to Blind SQL Injection.
SECURITY-ISSUE-IN-THIRD-PARTY-TYPO3-EXTENSION-CALENDAR-BASE-CAL: Security issue in third party TYPO3 extension "Calendar Base" (cal)
A security vulnerabilitiy has been discovered in the third party TYPO3 extension "Calendar Base".
SECURITY-ISSUES-FOUND-IN-TYPO3-CORE: Security issues found in TYPO3 core
It has been discovered that TYPO3 Core is vulnerable to Cross-Site Scripting, Authentication Bypass for frontend users and Information Disclosure.
TYPO3-SA-2010-004: Vulnerabilities in TYPO3 Core
It has been discovered that TYPO3 Core is vulnerable to Cross-Site Scripting, Authentication Bypass for frontend users and Information Disclosure.
SECURITY-ISSUES-IN-THIRD-PARTY-TYPO3-EXTENSIONS-INCLUDING-T3BLOG: Security issues in third party TYPO3 extensions including t3blog
Security vulnerabilities have been discovered in third party TYPO3 extensions t3blog, eventmanagement, game_articledb, ml_career, ml_surprisecalendar,…
SECURITY-ISSUES-IN-THIRD-PARTY-TYPO3-EXTENSIONS-INCLUDING-T3BLOG-COPY-1: Security issues in third party TYPO3 extensions including t3blog (copy 1)
Security vulnerabilities have been discovered in third party TYPO3 extensions t3blog, eventmanagement, game_articledb, ml_career, ml_surprisecalendar,…
SECURITY-ISSUES-IN-THIRD-PARTY-TYPO3-EXTENSIONS-INCLUDING-T3BLOG-COPY-2: Security issues in third party TYPO3 extensions including t3blog (copy 2)
Security vulnerabilities have been discovered in third party TYPO3 extensions t3blog, eventmanagement, game_articledb, ml_career, ml_surprisecalendar,…
TYPO3-SA-2010-003: Multiple vulnerabilities in third party extensions
Several vulnerabilities have been found in the following third party TYPO3 extensions: Event Manager (eventmanagement), Game Article DB…
TYPO3-SA-2010-002: Multiple vulnerabilities in extension T3BLOG (t3blog)
It has been discovered that the extension T3BLOG (t3blog) is vulnerable to SQL Injection and Cross–Site Scripting.