Security Advisories
All Advisories
Security Bulletin TYPO3-20061010-1: fe_adminLib.inc
A Cross-Site-Scripting (XSS) problem has been discovered in fe_adminLib.inc
Cross-Site Scripting in fe_adminLib.inc
A problem has been discovered with fe_adminLib.inc bein vulnerable for Cross-Site Scripting (XSS)
Cross-Site Scripting vulnerability in Indexed Search
A problem has been discovered with indexed search being vulnerable to Cross-Site-Scripting (XSS)
Security Bulletin TYPO3-20060911-1: indexed search
A Cross-Site-Scripting (XSS) problem has been discovered in indexed search.
Security Bulletin TYPO3-20060902-1: tip-a-friend
A problem has been discovered with tip-a-friend being vulnerable to Cross-Site-Scripting (XSS)
tip-a-friend
A problem has been discovered with tip-a-friend being vulnerable to Cross-Site-Scripting (XSS)
TYPO3 Security Bulletin
Two problems (path traversal and SQL injection) have been discovered in the extension dam_downloads
Security Bulletin TYPO3-20060501-1: chc_forum
A weakness in the display of forum messages of chc_forum has been discovered that may be used to execute arbitrary SQL
TYPO3 Security Bulletin
A weakness in the display of forum messages of chc_forum has been discovered that may be used to execute arbitrary SQL
Launch of the new extension repository
After more than one year of hard work I am glad to announce the launch of TER2, our new extension repository. But that's not all: At the same time an…
Security Bulletins: Important Security Enhancements in TYPO3 3.8.1
Multiple TYPO3 Security Bulletins have been issued, all of which are addressed by the release of TYPO3 3.8.1.
TYPO3 Security Bulletin
Situations are imaginable where sensitive information gets stored in the fileadmin/_temp_/ directory. If misconfigured in your web server, this…
TYPO3 Security Bulletin
Under special circumstances, setting config.baseURL (see typo3.org/documentation/document-library/doc_core_tsref/quot_CONFIG_quot/ ) to a numeric…
TYPO3 Security Bulletin
For convenience, the TYPO3 Install Tool provides a button sets the "encryptionKey" to a random value. It has been observed that only parts of the…
TYPO3 Security Bulletin
In the past, a "Shift Reload" from the browser (AKA a GET request with the "no-cache" pragma set) cleared the TYPO3 cache of the requested page. This…
TYPO3 Security Bulletin
Various security issues have been reported for PhpMyAdmin (see www.securityfocus.com/bid/15196 for details.)
TYPO3 Security Bulletin
A Cross Site Scripting issue has been found in showpic.php.
TYPO3 Security Bulletin
The file editor functionality in the TYPO3 Install Tool (menu option "Edit files in typo3conf/") has an option that reads "Make backup copy". If set,…
Security Bulletins: chc_forum, th_mailformplus
Two security bulletins regarding the 3rd party extensions "CHC Forum" and "th_mailformplus" have been issued today. Fixed versions are available.
th_mailformplus
A weakness in the form validation of th_mailformplus has been discovered that may be abused to inject additional recipients in mail forms.