Security Advisories
All Advisories
TYPO3-20070703-1: Multiple vulnerabilities in all variants of MySQLDumper
Multiple vulnerabilities have been found in the third party extension "mysqldumper". Full read/write access to the connected database and other…
TYPO3-SECURITY-BULLETIN-TYPO3-20070612-1-INFORMATION-DISCLOSURE-IN-W4X-BACKUP: TYPO3 Security Bulletin TYPO3-20070612-1: Information disclosure in w4x_backup
It has been discovered that the extension w4x_backup has several security related issues, which may disclosure confidential information.
TYPO3-20070612-1: Information disclosure in w4x_backup
It has been discovered that the extension w4x_backup has several security related issues, which may disclosure confidential information.
TYPO3-SECURITY-BULLETIN-TYPO3-20070608-1-SQL-INJECTION-IN-MACINA-BANNERS-RIC-ROTATION: TYPO3 Security Bulletin TYPO3-20070608-1: SQL injection in macina_banners / ric_rotation
It has been discovered that the extensions macina_banners and its descendant ric_rotation are exposed to an SQL injection issue because they fail to…
TYPO3-20070608-1: SQL injection in macina_banners / ric_rotation
It has been discovered that the extensions macina_banners and its descendant ric_rotation are exposed to an SQL injection issue because they fail to…
TYPO3-20070221-1: Email header injection
A problem has been discovered where the internal form engine can be used for sending arbitrary mail headers, using it for purposes which it is not…
TYPO3-SECURITY-BULLETIN-TYPO3-20070221-1-EMAIL-HEADER-INJECTION: TYPO3 Security Bulletin TYPO3-20070221-1: Email header injection
A problem has been discovered where the internal form engine can be used for sending arbitrary mail headers, using it for purposes which it is not…
TYPO3-20070919-1: Multiple vulnerabilities in extension mm_forum
It has been discovered that the extension mm_forum is vulnerable to multiple SQL Injection attacks and multiple XSS flaws alongside other…
TYPO3-20070124-1: Tip-a-friend - Header Injection
A header injection problem has been found in the extension tipafriend
TYPO3-SECURITY-BULLETIN-TYPO3-20061220-1-REMOTE-COMMAND-EXECUTION-IN-TYPO3: TYPO3 Security Bulletin TYPO3-20061220-1: Remote Command Execution in TYPO3
Component Type: System Extension (TYPO3 Versions 4.0-4.0.3, 4.1beta) Third Party Extension (TYPO3 Versions up to 3.8.1). Since TYPO3 Version 4.0 the…
TYPO3-20061220-1: Remote Command Execution
A critical problem has been discovered in plugin class.tx_rtehtmlarea_pi1.php that is used for spell-checking in the rtehtmlarea extension.
PRE-ANNOUNCEMENT-FOR-IMPORTANT-SECURITY-UPDATE: Pre-announcement for important security update
Dear fellow TYPO3 enthusiast, we know you all are preparing for Christmas right now. We would therefore like to inform you in advance that you should…
SECURITY-BULLETIN-TYPO3-20061010-1-FE-ADMINLIBINC: Security Bulletin TYPO3-20061010-1: fe_adminLib.inc
A Cross-Site-Scripting (XSS) problem has been discovered in fe_adminLib.inc
TYPO3-20061010-1: Cross-Site Scripting in fe_adminLib.inc
A problem has been discovered with fe_adminLib.inc bein vulnerable for Cross-Site Scripting (XSS)
TYPO3-20060911-1: Cross-Site Scripting vulnerability in Indexed Search
A problem has been discovered with indexed search being vulnerable to Cross-Site-Scripting (XSS)
SECURITY-BULLETIN-TYPO3-20060911-1-INDEXED-SEARCH: Security Bulletin TYPO3-20060911-1: indexed search
A Cross-Site-Scripting (XSS) problem has been discovered in indexed search.
SECURITY-BULLETIN-TYPO3-20060902-1-TIP-A-FRIEND: Security Bulletin TYPO3-20060902-1: tip-a-friend
A problem has been discovered with tip-a-friend being vulnerable to Cross-Site-Scripting (XSS)
TYPO3-20060902-1: tip-a-friend
A problem has been discovered with tip-a-friend being vulnerable to Cross-Site-Scripting (XSS)
TYPO3-20060512-1: TYPO3 Security Bulletin
Two problems (path traversal and SQL injection) have been discovered in the extension dam_downloads
SECURITY-BULLETIN-TYPO3-20060501-1-CHC-FORUM: Security Bulletin TYPO3-20060501-1: chc_forum
A weakness in the display of forum messages of chc_forum has been discovered that may be used to execute arbitrary SQL