Security Advisories
All Advisories
SECURITY-ISSUE-FOUND-IN-TYPO3-CORE: Security issue found in TYPO3 core
It has been discovered that using the openid system extension in TYPO3 4.3.0 can lead to an authentication bypass under certain circumstances.
TYPO3-SA-2010-001: Vulnerability in TYPO3 Core
It has been discovered that TYPO3 Core is vulnerable to authentication bypass.
SECURITY-ISSUES-IN-SEVERAL-THIRD-PARTY-TYPO3-EXTENSIONS-1: Security issues in several third party TYPO3 extensions
Security vulnerabilities have been discovered in following third party TYPO3 extensions: MK-AnydropdownMenu (mk_anydropdownmenu), Photo Book…
TYPO3-SA-2009-021: Multiple vulnerabilities in third party extensions
Several vulnerabilities have been found in the following third party TYPO3 extensions: MK-AnydropdownMenu (mk_anydropdownmenu), Photo Book…
TYPO3-SA-2009-020: Multiple vulnerabilities in third party extensions
Several vulnerabilities have been found in the following third party TYPO3 extensions: Car (car), TYPO3 Watchdog (aba_watchdog), File list (dr_blob),…
SECURITY-ISSUES-IN-SEVERAL-THIRD-PARTY-TYPO3-EXTENSIONS-INCLUDING-CAR-ABA-WATCHDOG-DR-BLOB-NL-LISTMAN-XDS-STAFF-DANP-DOCUMENTDIRS-STE-PRAYER2-PD-RESOURCES-HS-RELIGIOUSARTGALLERY-STE-PARISH-ADMIN-PD-CALENDAR: Security issues in several third party TYPO3 extensions including car, aba_watchdog, dr_blob, nl_listman, xds_staff, danp_documentdirs, ste_prayer2, pd_resources, hs_religiousartgallery, ste_parish_admin, pd_calendar
Security vulnerabilities have been discovered in following third party TYPO3 extensions: Car (car), TYPO3 Watchdog (aba_watchdog), File list…
SECURITY-ISSUES-IN-SEVERAL-THIRD-PARTY-TYPO3-EXTENSIONS-INCLUDING-CAL-DIRECT-MAIL-AN-SEARCHIT-KK-DOWNLOADER-LT-BASETAG-MCHTRIPS-SIMPLE-GLOSSAR-TW-PRODUCTFINDER-WFQBE: Security issues in several third party TYPO3 extensions including cal, direct_mail, an_searchit, kk_downloader, lt_basetag, mchtrips, simple_glossar, tw_productfinder, wfqbe
Security vulnerabilities have been discovered in following third party TYPO3 extensions: "Calendar Base" (cal), "Direct Mail" (direct_mail), "[AN]…
TYPO3-SA-2009-019: Blind SQL Injection vulnerability in extension Calendar Base (cal)
It has been discovered that the extension Calendar Base (cal) is vulnerable to Blind SQL Injection.
TYPO3-SA-2009-018: Cross-Site Scripting vulnerability in extension Direct Mail (direct_mail)
It has been discovered that the extension Direct Mail (direct_mail) is vulnerable to XSS.
TYPO3-SA-2009-017: Multiple vulnerabilities in third party extensions
Several vulnerabilities have been found in the following third party TYPO3 extensions: [AN] Search it! (an_searchit), Simple download-system with…
MULTIPLE-SECURITY-ISSUES-FOUND-IN-TYPO3-CORE-1: Multiple security issues found in TYPO3 core
It has been discovered that the TYPO3 Core is vulnerable to Cross-site scripting, SQL-Injection, Remote shell command execution, Information…
TYPO3-SA-2009-016: Multiple vulnerabilities in TYPO3 Core
It has been discovered that TYPO3 Core is vulnerable to Cross-Site Scripting, SQL-Injection, Remote Command Execution, Information Disclosure and…
TYPO3-SA-2009-014: TYPO3 Security Bulletin
Several vulnerabilities have been found in the following third party TYPO3 extensions: Apache Solr Search (solr), Random Images (maag_randomimage),…
SECURITY-ISSUES-IN-SEVERAL-THIRD-PARTY-TYPO3-EXTENSIONS-INCLUDING-COMMERCE-AND-T3M: Security issues in several third party TYPO3 extensions including commerce and t3m
Several vulnerabilities have been found in the following third party TYPO3 extensions: "Commerce" (commerce), "T3M E-Mail Marketing Tool" (t3m),…
TYPO3-SA-2009-013: Multiple vulnerabilities in third party extensions
Several vulnerabilities have been found in the following third party TYPO3 extensions: "AIRware Lexicon" (air_lexicon), "AST ZipCodeSearch"…
TYPO3-SA-2009-012: Blind SQL Injection vulnerability in extension T3M E-Mail Marketing Tool (t3m)
It has been discovered that the extension T3M E-Mail Marketing Tool (t3m) is vulnerable to Blind SQL Injection attacks.
TYPO3-SA-2009-011: Cross-Site Scripting vulnerability in extension Commerce (commerce)
It has been discovered that the extension Commerce (commerce) is vulnerable to Cross-Site Scripting attacks.
TYPO3-SA-2009-010: Multiple vulnerabilities in third party extensions
Several vulnerabilities have been found in the following third party TYPO3 extensions: "CoolURI" (cooluri), "Reset backend password"…
SECURITY-ISSUES-IN-SEVERAL-THIRD-PARTY-TYPO3-EXTENSIONS-INCLUDING-COOLURI-CWT-RESETBEPASSWORD-DATAMINTS-NEWSTICKER-GB-FENEWSSUBMIT-MAILFORM-MYTH-DOWNLOAD-PM-TOUR-TWITTERSEARCH-WS-ECARD-WS-GALLERY: Security issues in several third party TYPO3 extensions including cooluri, cwt_resetbepassword, datamints_newsticker, gb_fenewssubmit, mailform, myth_download, pm_tour, twittersearch, ws_ecard, ws_gallery
Several vulnerabilities have been found in the following third party TYPO3 extensions: "CoolURI" (cooluri), "Reset backend password"…
TYPO3-SA-2009-009: Cross-Site Scripting vulnerability in extension Modern Guestbook / Commenting System (ve_guestbook)
It has been discovered that the extension Modern Guestbook / Commenting system (ve_guestbook) is vulnerable to Cross-Site Scripting.