Security Advisories
All Advisories
Security Bulletin TYPO3-20080513-2: Cross Site Scripting vulnerability in extension Questionaire (pbsurvey)
It has been discovered that the extension Questionaire (pbsurvey) is susceptible to Cross Site Scripting (XSS) attacks.
Security Bulletin TYPO3-20080513-1: Multiple vulnerabilities in extension WT Gallery (wt_gallery)
It has been discovered that the extension WT Gallery (wt_gallery) is susceptible to Path Traversal and Cross Site Scripting (XSS) attacks. Besides…
Cross Site Scripting vulnerability in extension powermail
It has been discovered that the extension powermail is susceptible to Cross Site Scripting (XSS) attacks.
Multiple vulnerabilities in extension MailformPlus (th_mailformplus)
It has been discovered that the extension MailformPlus (th_mailformplus) is susceptible to Cross Site Scripting (XSS) attacks and allows Remote Code…
Security Bulletin TYPO3-20080505-2: Cross Site Scripting vulnerability in extension powermail
It has been discovered that the extension powermail is susceptible to Cross Site Scripting (XSS) attacks.
Security Bulletin TYPO3-20080505-1: Multiple vulnerabilities in extension MailformPlus (th_mailformplus)
It has been discovered that the extension MailformPlus (th_mailformplus) is susceptible to Cross Site Scripting (XSS) attacks and allows Remote Code…
Vulnerabilities in extensions in pmk_rssnewsexport and scm_rdfexport
It has been discovered that the extensions pmk_rssnewsexport and cm_rdfexport are vulnerable to SQL Injection attacks.
Multiple vulnerabilities in extension de_phpot
It has been discovered that the extension de_phpot is vulnerable to multiple SQL Injection flaws and other types of security issues.
Security Bulletin TYPO3-20080416-2: SQL Injections in extensions pmk_rssnewsexport and cm_rdfexport
It has been discovered that the extensions pmk_rssnewsexport and cm_rdfexport are vulnerable to SQL Injection attacks.
Security Bulletin TYPO3-20080416-1: Multiple vulnerabilities in extension de_phpot
It has been discovered that the extension de_phpot is vulnerable to multiple SQL Injection flaws and other types of security issues.
TYPO3 Security Bulletin 20071210-1: SQL Injection in system extension indexed_search
It has been discovered that the system extension indexed_search is vulnerable to a SQL Injection flaw.
SQL Injection in system extension indexed_search
It has been discovered that the system extension indexed_search is vulnerable to a SQL Injection flaw.
TYPO3 Security Bulletin 20070919-1: Multiple vulnerabilities in extension mm_forum
It has been discovered that the extension mm_forum is vulnerable to multiple SQL Injection attacks and multiple XSS flaws alongside other…
TYPO3 Security Bulletin 20070801-1: Multiple vulnerabilities in extension ve_guestbook
It has been discovered that the extension ve_guestbook is vulnerable to SQL Injection attacks. Also, a Cross Site Scripting issue has been detected.
Multiple vulnerabilities in extension ve_guestbook
It has been discovered that the extension ve_guestbook is vulnerable to SQL Injection attacks. Also, a Cross Site Scripting issue has been detected.
TYPO3 Security Bulletin 20070719-1: Remote shell command execution in extensions embedding PHPMailer
Multiple TYPO3 extensions is affected by the third party tool PHPMailer, which is vulnerable to a remote shell command execution.
Remote shell command execution in extensions embedding PHPMailer
Multiple TYPO3 extensions is affected by the third party tool PHPMailer, which is vulnerable to a remote shell command execution.
TYPO3 Security Bulletin TYPO3-20070716-2: Information Disclosure from Extension phpmyadmin
An information disclosure issue has been found in the phpmyadmin extension of TYPO3 that may give access to phpinfo() information in special cases.…
TYPO3 Security Bulletin 20070716-1: Cross Site Scripting vulnerability in faq
It has been discovered that the extension faq is susceptible to cross site scripting (XSS) attacks, making it possible to execute arbitrary…
Information Disclosure from phpmyadmin
An information disclosure issue has been found in the phpmyadmin extension of TYPO3 that may give access to phpinfo() information in special cases.…