Security Advisories
All Advisories
TYPO3-20070716-2: Information Disclosure from phpmyadmin
An information disclosure issue has been found in the phpmyadmin extension of TYPO3 that may give access to phpinfo() information in special cases.…
TYPO3-20070716-1: Cross Site Scripting vulnerability in faq
It has been discovered that the extension faq is susceptible to cross site scripting (XSS) attacks, making it possible to execute arbitrary…
TYPO3-SECURITY-BULLETIN-TYPO3-20070712-1-MULTIPLE-VULNERABILITIES-IN-CIVSERV: TYPO3 Security Bulletin TYPO3-20070712-1: Multiple vulnerabilities in civserv
Multiple vulnerabilities has been found. Incorrect handling of input from GET/POST-variables, and allowing an attacker to execute XSS and/or SQL…
TYPO3-20070712-1: Multiple vulnerabilities in civserv
Multiple vulnerabilities has been found in the extension civserv: Incorrect handling of input from GET/POST-variables, and allowing an attacker to…
TYPO3-SECURITY-BULLETIN-TYPO3-20070710-1-SQL-INJECTION-IN-FECHANGEPASSWORD: TYPO3 Security Bulletin TYPO3-20070710-1: SQL Injection in fechangepassword
It has been discovered that the extension fechangepassword is open for a SQL injection when updating the password.
TYPO3-20070710-1: SQL Injection in fechangepassword
It has been discovered that the extension fechangepassword is open for a SQL injection when updating the password.
TYPO3-SECURITY-BULLETIN-TYPO3-20070709-1-INCORRECT-AUTHENTICATION-IN-FTPBROWSER: TYPO3 Security Bulletin TYPO3-20070709-1: Incorrect authentication in ftpbrowser
It has been discovered that the extension ftpbrowser is doing incorrect authentication in some files, making it open for exploiting.
TYPO3-20070709-1: Incorrect authentication
It has been discovered that the extension ftpbrowser is doing incorrect authentication in some files, making it open for exploiting.
TYPO3-SECURITY-BULLETIN-TYPO3-20070703-1-MULTIPLE-VULNERABILITIES-IN-ALL-VARIANTS-OF-MYSQLDUMPER: TYPO3 Security Bulletin TYPO3-20070703-1: Multiple vulnerabilities in all variants of MySQLDumper
Multiple vulnerabilities have been found in the third party extension "mysqldumper". Full read/write access to the connected database and other…
TYPO3-20070703-1: Multiple vulnerabilities in all variants of MySQLDumper
Multiple vulnerabilities have been found in the third party extension "mysqldumper". Full read/write access to the connected database and other…
TYPO3-SECURITY-BULLETIN-TYPO3-20070612-1-INFORMATION-DISCLOSURE-IN-W4X-BACKUP: TYPO3 Security Bulletin TYPO3-20070612-1: Information disclosure in w4x_backup
It has been discovered that the extension w4x_backup has several security related issues, which may disclosure confidential information.
TYPO3-20070612-1: Information disclosure in w4x_backup
It has been discovered that the extension w4x_backup has several security related issues, which may disclosure confidential information.
TYPO3-SECURITY-BULLETIN-TYPO3-20070608-1-SQL-INJECTION-IN-MACINA-BANNERS-RIC-ROTATION: TYPO3 Security Bulletin TYPO3-20070608-1: SQL injection in macina_banners / ric_rotation
It has been discovered that the extensions macina_banners and its descendant ric_rotation are exposed to an SQL injection issue because they fail to…
TYPO3-20070608-1: SQL injection in macina_banners / ric_rotation
It has been discovered that the extensions macina_banners and its descendant ric_rotation are exposed to an SQL injection issue because they fail to…
TYPO3-20070221-1: Email header injection
A problem has been discovered where the internal form engine can be used for sending arbitrary mail headers, using it for purposes which it is not…
TYPO3-SECURITY-BULLETIN-TYPO3-20070221-1-EMAIL-HEADER-INJECTION: TYPO3 Security Bulletin TYPO3-20070221-1: Email header injection
A problem has been discovered where the internal form engine can be used for sending arbitrary mail headers, using it for purposes which it is not…
TYPO3-20070919-1: Multiple vulnerabilities in extension mm_forum
It has been discovered that the extension mm_forum is vulnerable to multiple SQL Injection attacks and multiple XSS flaws alongside other…
TYPO3-20070124-1: Tip-a-friend - Header Injection
A header injection problem has been found in the extension tipafriend
TYPO3-SECURITY-BULLETIN-TYPO3-20061220-1-REMOTE-COMMAND-EXECUTION-IN-TYPO3: TYPO3 Security Bulletin TYPO3-20061220-1: Remote Command Execution in TYPO3
Component Type: System Extension (TYPO3 Versions 4.0-4.0.3, 4.1beta) Third Party Extension (TYPO3 Versions up to 3.8.1). Since TYPO3 Version 4.0 the…
TYPO3-20061220-1: Remote Command Execution
A critical problem has been discovered in plugin class.tx_rtehtmlarea_pi1.php that is used for spell-checking in the rtehtmlarea extension.