Security Advisories
All Advisories
PRE-ANNOUNCEMENT-FOR-IMPORTANT-SECURITY-UPDATE: Pre-announcement for important security update
Dear fellow TYPO3 enthusiast, we know you all are preparing for Christmas right now. We would therefore like to inform you in advance that you should…
SECURITY-BULLETIN-TYPO3-20061010-1-FE-ADMINLIBINC: Security Bulletin TYPO3-20061010-1: fe_adminLib.inc
A Cross-Site-Scripting (XSS) problem has been discovered in fe_adminLib.inc
TYPO3-20061010-1: Cross-Site Scripting in fe_adminLib.inc
A problem has been discovered with fe_adminLib.inc bein vulnerable for Cross-Site Scripting (XSS)
TYPO3-20060911-1: Cross-Site Scripting vulnerability in Indexed Search
A problem has been discovered with indexed search being vulnerable to Cross-Site-Scripting (XSS)
SECURITY-BULLETIN-TYPO3-20060911-1-INDEXED-SEARCH: Security Bulletin TYPO3-20060911-1: indexed search
A Cross-Site-Scripting (XSS) problem has been discovered in indexed search.
SECURITY-BULLETIN-TYPO3-20060902-1-TIP-A-FRIEND: Security Bulletin TYPO3-20060902-1: tip-a-friend
A problem has been discovered with tip-a-friend being vulnerable to Cross-Site-Scripting (XSS)
TYPO3-20060902-1: tip-a-friend
A problem has been discovered with tip-a-friend being vulnerable to Cross-Site-Scripting (XSS)
TYPO3-20060512-1: TYPO3 Security Bulletin
Two problems (path traversal and SQL injection) have been discovered in the extension dam_downloads
SECURITY-BULLETIN-TYPO3-20060501-1-CHC-FORUM: Security Bulletin TYPO3-20060501-1: chc_forum
A weakness in the display of forum messages of chc_forum has been discovered that may be used to execute arbitrary SQL
TYPO3-20060501-1: TYPO3 Security Bulletin
A weakness in the display of forum messages of chc_forum has been discovered that may be used to execute arbitrary SQL
LAUNCH-OF-THE-NEW-EXTENSION-REPOSITORY: Launch of the new extension repository
After more than one year of hard work I am glad to announce the launch of TER2, our new extension repository. But that's not all: At the same time an…
SECURITY-BULLETINS-IMPORTANT-SECURITY-ENHANCEMENTS-IN-TYPO3-381: Security Bulletins: Important Security Enhancements in TYPO3 3.8.1
Multiple TYPO3 Security Bulletins have been issued, all of which are addressed by the release of TYPO3 3.8.1.
TYPO3-20051114-7: TYPO3 Security Bulletin
Situations are imaginable where sensitive information gets stored in the fileadmin/_temp_/ directory. If misconfigured in your web server, this…
TYPO3-20051114-6: TYPO3 Security Bulletin
Under special circumstances, setting config.baseURL (see typo3.org/documentation/document-library/doc_core_tsref/quot_CONFIG_quot/ ) to a numeric…
TYPO3-20051114-5: TYPO3 Security Bulletin
For convenience, the TYPO3 Install Tool provides a button sets the "encryptionKey" to a random value. It has been observed that only parts of the…
TYPO3-20051114-4: TYPO3 Security Bulletin
In the past, a "Shift Reload" from the browser (AKA a GET request with the "no-cache" pragma set) cleared the TYPO3 cache of the requested page. This…
TYPO3-20051114-3: TYPO3 Security Bulletin
Various security issues have been reported for PhpMyAdmin (see www.securityfocus.com/bid/15196 for details.)
TYPO3-20051114-2: TYPO3 Security Bulletin
A Cross Site Scripting issue has been found in showpic.php.
TYPO3-20051114-1: TYPO3 Security Bulletin
The file editor functionality in the TYPO3 Install Tool (menu option "Edit files in typo3conf/") has an option that reads "Make backup copy". If set,…
SECURITY-BULLETINS-CHC-FORUM-TH-MAILFORMPLUS: Security Bulletins: chc_forum, th_mailformplus
Two security bulletins regarding the 3rd party extensions "CHC Forum" and "th_mailformplus" have been issued today. Fixed versions are available.