Security Advisories

TYPO3-20080701-2: Cross Site Scripting vulnerability in extension phpmyadmin

01.07.2008

It has been discovered that the extension phpmyadmin is susceptible to Cross Site Scripting (XSS) attacks.

TYPO3-20080701-1: TYPO3 Security Bulletin

01.07.2008

Several vulnerabilities have been found in TYPO3 third party extensions.

MULTIPLE-SECURITY-ISSUES-IN-THIRD-PARTY-TYPO3-EXTENSIONS: Multiple security issues in third party TYPO3 extensions

01.07.2008

A total of 15 third party extensions has been found insecure. Please follow the links in this news item, in order to see which extensions have has…

TYPO3-20080619-1: TYPO3 Security Bulletin

19.06.2008

Several vulnerabilities have been found in TYPO3 third party extensions.

SECURITY-BULLETIN-TYPO3-20080619-1-SEVERAL-VULNERABILITIES-HAVE-BEEN-FOUND-IN-TYPO3-THIRD-PARTY-EXTENSIONS: Security Bulletin TYPO3-20080619-1: Several vulnerabilities have been found in TYPO3 third party extensions

19.06.2008

Several vulnerabilities have been found in TYPO3 third party extensions.

SECURITY-BULLETIN-TYPO3-20080611-1-MULTIPLE-VULNERABILITIES-IN-TYPO3-CORE: Security Bulletin TYPO3-20080611-1: Multiple vulnerabilities in TYPO3 Core

11.06.2008

It has been discovered that the default value of the TYPO3 configuration variable fileDenyPattern allows arbitrary code execution on Apache web…

TYPO3-20080611-1: Multiple vulnerabilities in TYPO3 Core

11.06.2008

It has been discovered that the default value of the TYPO3 configuration variable fileDenyPattern allows arbitrary code execution on Apache web…

TYPO3-20080527-2: SQL Injection in extension "Library for Frontend plugins" (sg_zfelib)

27.05.2008

It has been discovered that the extension "Library for Frontend plugins" (sg_zfelib) is susceptible to SQL Injections.

SECURITY-BULLETIN-TYPO3-20080527-2-SQL-INJECTION-IN-EXTENSION-LIBRARY-FOR-FRONTEND-PLUGINS-SG-ZFELIB: Security Bulletin TYPO3-20080527-2: SQL Injection in extension "Library for Frontend plugins" (sg_zfelib)

27.05.2008

It has been discovered that the extension "Library for Frontend plugins" (sg_zfelib) is susceptible to SQL Injections.

SECURITY-BULLETIN-TYPO3-20080527-1-CROSS-SITE-SCRIPTING-VULNERABILITY-IN-EXTENSION-KJ-IMAGE-LIGHTBOX-V2-KJ-IMAGELIGHTBOX2: Security Bulletin TYPO3-20080527-1: Cross Site Scripting vulnerability in extension "KJ: Image Lightbox v2" (kj_imagelightbox2)

27.05.2008

It has been discovered that the extension "KJ: Image Lightbox v2" (kj_imagelightbox2) is susceptible to Cross Site Scripting (XSS) attacks.

TYPO3-20080527-1: Cross Site Scripting vulnerability in extension "KJ: Image Lightbox v2" (kj_imagelightbox2)

27.05.2008

It has been discovered that the extension "KJ: Image Lightbox v2" (kj_imagelightbox2) is susceptible to Cross Site Scripting (XSS) attacks.

TYPO3-20080515-1: Multiple vulnerabilities in extension Frontend User Registration (sr_feuser_register)

15.05.2008

It has been discovered that the extension Frontend User Registration (sr_feuser_register) is susceptible to Cross Site Scripting (XSS) attacks and…

TYPO3-20080515-2: Multiple vulnerabilities in extension Frontend Filemanager (air_filemanager)

15.05.2008

It has been discovered that the extension Frontend Filemanager (air_filemanager) is susceptible to Cross Site Scripting (XSS) attacks and allows…

SECURITY-BULLETIN-TYPO3-20080515-2-MULTIPLE-VULNERABILITIES-IN-EXTENSION-FRONTEND-FILEMANAGER-AIR-FILEMANAGER: Security Bulletin TYPO3-20080515-2: Multiple vulnerabilities in extension Frontend Filemanager (air_filemanager)

15.05.2008

It has been discovered that the extension Frontend Filemanager (air_filemanager) is susceptible to Cross Site Scripting (XSS) attacks and allows…

SECURITY-BULLETIN-TYPO3-20080515-1-MULTIPLE-VULNERABILITIES-IN-EXTENSION-FRONTEND-USER-REGISTRATION-SR-FEUSER-REGISTER: Security Bulletin TYPO3-20080515-1: Multiple vulnerabilities in extension Frontend User Registration (sr_feuser_register)

15.05.2008

It has been discovered that the extension Frontend User Registration (sr_feuser_register) is susceptible to Cross Site Scripting (XSS) attacks and…

SECURITY-BULLETIN-TYPO3-20080513-4-MULTIPLE-VULNERABILITIES-IN-EXTENSION-STATISTICS-KE-STATS: Security Bulletin TYPO3-20080513-4: Multiple vulnerabilities in extension Statistics (ke_stats)

13.05.2008

It has been discovered that the extension Statistics (ke_stats) is vulnerable to Blind SQL Injection attacks. Also, a Cross Site Scripting issue has…

All Advisories

TYPO3-20080701-2: Cross Site Scripting vulnerability in extension phpmyadmin

TYPO3-20080701-1: TYPO3 Security Bulletin

MULTIPLE-SECURITY-ISSUES-IN-THIRD-PARTY-TYPO3-EXTENSIONS: Multiple security issues in third party TYPO3 extensions

TYPO3-20080619-1: TYPO3 Security Bulletin

SECURITY-BULLETIN-TYPO3-20080619-1-SEVERAL-VULNERABILITIES-HAVE-BEEN-FOUND-IN-TYPO3-THIRD-PARTY-EXTENSIONS: Security Bulletin TYPO3-20080619-1: Several vulnerabilities have been found in TYPO3 third party extensions

SECURITY-BULLETIN-TYPO3-20080611-1-MULTIPLE-VULNERABILITIES-IN-TYPO3-CORE: Security Bulletin TYPO3-20080611-1: Multiple vulnerabilities in TYPO3 Core

TYPO3-20080611-1: Multiple vulnerabilities in TYPO3 Core

TYPO3-20080527-2: SQL Injection in extension "Library for Frontend plugins" (sg_zfelib)

SECURITY-BULLETIN-TYPO3-20080527-2-SQL-INJECTION-IN-EXTENSION-LIBRARY-FOR-FRONTEND-PLUGINS-SG-ZFELIB: Security Bulletin TYPO3-20080527-2: SQL Injection in extension "Library for Frontend plugins" (sg_zfelib)

SECURITY-BULLETIN-TYPO3-20080527-1-CROSS-SITE-SCRIPTING-VULNERABILITY-IN-EXTENSION-KJ-IMAGE-LIGHTBOX-V2-KJ-IMAGELIGHTBOX2: Security Bulletin TYPO3-20080527-1: Cross Site Scripting vulnerability in extension "KJ: Image Lightbox v2" (kj_imagelightbox2)

TYPO3-20080527-1: Cross Site Scripting vulnerability in extension "KJ: Image Lightbox v2" (kj_imagelightbox2)

TYPO3-20080515-1: Multiple vulnerabilities in extension Frontend User Registration (sr_feuser_register)

TYPO3-20080515-2: Multiple vulnerabilities in extension Frontend Filemanager (air_filemanager)

SECURITY-BULLETIN-TYPO3-20080515-2-MULTIPLE-VULNERABILITIES-IN-EXTENSION-FRONTEND-FILEMANAGER-AIR-FILEMANAGER: Security Bulletin TYPO3-20080515-2: Multiple vulnerabilities in extension Frontend Filemanager (air_filemanager)

SECURITY-BULLETIN-TYPO3-20080515-1-MULTIPLE-VULNERABILITIES-IN-EXTENSION-FRONTEND-USER-REGISTRATION-SR-FEUSER-REGISTER: Security Bulletin TYPO3-20080515-1: Multiple vulnerabilities in extension Frontend User Registration (sr_feuser_register)

TYPO3-20080513-4: Multiple vulnerabilities in extension Statistics (ke_stats)

TYPO3-20080513-3: Cross Site Scripting vulnerability in extension Event Database (rlmp_eventdb)

TYPO3-20080513-2: Cross Site Scripting vulnerability in extension Questionaire (pbsurvey)

TYPO3-20080513-1: Multiple vulnerabilities in extension WT Gallery (wt_gallery)

SECURITY-BULLETIN-TYPO3-20080513-4-MULTIPLE-VULNERABILITIES-IN-EXTENSION-STATISTICS-KE-STATS: Security Bulletin TYPO3-20080513-4: Multiple vulnerabilities in extension Statistics (ke_stats)