Security Advisories
All Advisories
TYPO3-SECURITY-BULLETIN-TYPO3-20070608-1-SQL-INJECTION-IN-MACINA-BANNERS-RIC-ROTATION: TYPO3 Security Bulletin TYPO3-20070608-1: SQL injection in macina_banners / ric_rotation
It has been discovered that the extensions macina_banners and its descendant ric_rotation are exposed to an SQL injection issue because they fail to…
TYPO3-20070608-1: SQL injection in macina_banners / ric_rotation
It has been discovered that the extensions macina_banners and its descendant ric_rotation are exposed to an SQL injection issue because they fail to…
TYPO3-20070221-1: Email header injection
A problem has been discovered where the internal form engine can be used for sending arbitrary mail headers, using it for purposes which it is not…
TYPO3-SECURITY-BULLETIN-TYPO3-20070221-1-EMAIL-HEADER-INJECTION: TYPO3 Security Bulletin TYPO3-20070221-1: Email header injection
A problem has been discovered where the internal form engine can be used for sending arbitrary mail headers, using it for purposes which it is not…
TYPO3-20070919-1: Multiple vulnerabilities in extension mm_forum
It has been discovered that the extension mm_forum is vulnerable to multiple SQL Injection attacks and multiple XSS flaws alongside other…
TYPO3-20070124-1: Tip-a-friend - Header Injection
A header injection problem has been found in the extension tipafriend
TYPO3-SECURITY-BULLETIN-TYPO3-20061220-1-REMOTE-COMMAND-EXECUTION-IN-TYPO3: TYPO3 Security Bulletin TYPO3-20061220-1: Remote Command Execution in TYPO3
Component Type: System Extension (TYPO3 Versions 4.0-4.0.3, 4.1beta) Third Party Extension (TYPO3 Versions up to 3.8.1). Since TYPO3 Version 4.0 the…
TYPO3-20061220-1: Remote Command Execution
A critical problem has been discovered in plugin class.tx_rtehtmlarea_pi1.php that is used for spell-checking in the rtehtmlarea extension.
PRE-ANNOUNCEMENT-FOR-IMPORTANT-SECURITY-UPDATE: Pre-announcement for important security update
Dear fellow TYPO3 enthusiast, we know you all are preparing for Christmas right now. We would therefore like to inform you in advance that you should…
SECURITY-BULLETIN-TYPO3-20061010-1-FE-ADMINLIBINC: Security Bulletin TYPO3-20061010-1: fe_adminLib.inc
A Cross-Site-Scripting (XSS) problem has been discovered in fe_adminLib.inc
TYPO3-20061010-1: Cross-Site Scripting in fe_adminLib.inc
A problem has been discovered with fe_adminLib.inc bein vulnerable for Cross-Site Scripting (XSS)
TYPO3-20060911-1: Cross-Site Scripting vulnerability in Indexed Search
A problem has been discovered with indexed search being vulnerable to Cross-Site-Scripting (XSS)
SECURITY-BULLETIN-TYPO3-20060911-1-INDEXED-SEARCH: Security Bulletin TYPO3-20060911-1: indexed search
A Cross-Site-Scripting (XSS) problem has been discovered in indexed search.
SECURITY-BULLETIN-TYPO3-20060902-1-TIP-A-FRIEND: Security Bulletin TYPO3-20060902-1: tip-a-friend
A problem has been discovered with tip-a-friend being vulnerable to Cross-Site-Scripting (XSS)
TYPO3-20060902-1: tip-a-friend
A problem has been discovered with tip-a-friend being vulnerable to Cross-Site-Scripting (XSS)
TYPO3-20060512-1: TYPO3 Security Bulletin
Two problems (path traversal and SQL injection) have been discovered in the extension dam_downloads
SECURITY-BULLETIN-TYPO3-20060501-1-CHC-FORUM: Security Bulletin TYPO3-20060501-1: chc_forum
A weakness in the display of forum messages of chc_forum has been discovered that may be used to execute arbitrary SQL
TYPO3-20060501-1: TYPO3 Security Bulletin
A weakness in the display of forum messages of chc_forum has been discovered that may be used to execute arbitrary SQL
LAUNCH-OF-THE-NEW-EXTENSION-REPOSITORY: Launch of the new extension repository
After more than one year of hard work I am glad to announce the launch of TER2, our new extension repository. But that's not all: At the same time an…
SECURITY-BULLETINS-IMPORTANT-SECURITY-ENHANCEMENTS-IN-TYPO3-381: Security Bulletins: Important Security Enhancements in TYPO3 3.8.1
Multiple TYPO3 Security Bulletins have been issued, all of which are addressed by the release of TYPO3 3.8.1.