Security Advisories
All Advisories
UPDATE-ON-RECENT-TYPO3ORG-ISSUE: Update on recent typo3.org issue
Dear user of typo3.org, after a while of (almost) non-stop activity by members of the security team as well as the core team and the folks from…
IMPORTANT-SECURITY-WARNING: Important security warning
This is an important security warning. An unauthorized person has gained administrative access to the typo3.org website. The offender had access to…
TYPO3-20081113-2: Cross-Site Scripting vulnerability in TYPO3 Core
It has been discovered that the frontend plugin of system extension "felogin" is vulnerable to Cross-Site Scripting (XSS).
TYPO3-20081113-1: Cross-Site Scripting vulnerability in TYPO3 Core
It has been discovered that the backend module "file" is vulnerable to Cross-Site Scripting (XSS).
CROSS-SITE-SCRIPTING-VULNERABILITIES-IN-TYPO3-CORE: Cross Site Scripting vulnerabilities in TYPO3 core
It has been discovered that TYPO3 core is susceptible to two Cross Site Scripting (XSS) issues. The frontend plugin of system extension "felogin" and…
TYPO3-20081110-2: TYPO3 Security Bulletin
Several vulnerabilities have been found in the following third party TYPO3 extensions: "advcalendar" (advCalendar), "CMS Poll system" (cms_poll),…
TYPO3-20081110-1: TYPO3 Security Bulletin
It has been discovered that the extension phpMyAdmin (phpmyadmin) is vulnerable to Cross-Site Scripting.
SECURITY-ISSUES-IN-TYPO3-EXTENSION-PHPMYADMIN-AND-SEVERAL-OTHER-THIRD-PARTY-EXTENSIONS: Security issues in TYPO3 extension phpMyAdmin and several other third party extensions
Security issues have been discovered in the following third party TYPO3 extensions: "phpMyAdmin" (phpmyadmin), "advCalendar" (advcalendar), "CMS Poll…
TYPO3-20081020-2: SQL Injection in extension Commerce (commerce)
It has been discovered that the extension Commerce (commerce) is vulnerable to SQL Injection attacks.
TYPO3-20081020-1: TYPO3 Security Bulletin
Several vulnerabilities have been found in the following third party TYPO3 extensions: JobControl (dmmjobcontrol), Econda Plugin (econda), Frontend…
SECURITY-ISSUES-IN-TYPO3-EXTENSION-COMMERCE-AND-SEVERAL-OTHER-THIRD-PARTY-EXTENSIONS: Security issues in TYPO3 extension Commerce and several other third party extensions
Security issues have been discovered in the following third party TYPO3 extensions: Commerce (commerce), JobControl (dmmjobcontrol), Econda Plugin…
TYPO3-20080924-2: TYPO3 Security Bulletin
It has been discovered that the extension freeCap CAPTCHA (sr_freecap) is vulnerable to Cross-Site Scripting.
TYPO3-20080924-1: TYPO3 Security Bulletin
It has been discovered that the extension phpMyAdmin (phpmyadmin) is vulnerable to Cross-Site Scripting.
TWO-THIRD-PARTY-TYPO3-EXTENSIONS-FOUND-INSECURE: Two third party TYPO3 extensions found insecure
The extensions phpMyAdmin (phpmyadmin) and freeCap CAPTCHA (sr_freecap) have been found insecure.
TYPO3-20080919-1: TYPO3 Security Bulletin
Several vulnerabilities have been found in TYPO3 third party extensions.
SECURITY-BULLETIN-TYPO3-20080919-1-MULTIPLE-THIRD-PARTY-EXTENSIONS-FOUND-INSECURE: Security Bulletin TYPO3-20080919-1: Multiple third party extensions found insecure
A total of 11 third party extensions have been found insecure. Please follow the links in this news item, in order to see which extensions have has…
SECURITY-BULLETIN-TYPO3-20080916-1-CODE-EXECUTION-VULNERABILITY-IN-EXTENSION-PHPMYADMIN-1: Security Bulletin TYPO3-20080916-1: Code execution vulnerability in extension phpMyAdmin
It has been discovered that the extension phpMyAdmin (phpmyadmin) is open for code execution.
TYPO3-20080916-1: TYPO3 Security Bulletin
It has been discovered that the extension phpMyAdmin (phpmyadmin) is vulnerable to Code Execution.
TYPO3-20080701-4: Multiple vulnerabilities in extension WEC Discussion Forum (wec_discussion)
It has been discovered that the extension WEC Discussion Forum (wec_discussion) is open to multiple security issues.
TYPO3-20080701-3: Multiple vulnerabilities in extension Send-A-Card (sr_sendcard)
It has been discovered that the extension Send-A-Card (sr_sendcard) is open to multiple security issues.