Security Advisories
All Advisories
TYPO3-20060501-1: TYPO3 Security Bulletin
A weakness in the display of forum messages of chc_forum has been discovered that may be used to execute arbitrary SQL
LAUNCH-OF-THE-NEW-EXTENSION-REPOSITORY: Launch of the new extension repository
After more than one year of hard work I am glad to announce the launch of TER2, our new extension repository. But that's not all: At the same time an…
SECURITY-BULLETINS-IMPORTANT-SECURITY-ENHANCEMENTS-IN-TYPO3-381: Security Bulletins: Important Security Enhancements in TYPO3 3.8.1
Multiple TYPO3 Security Bulletins have been issued, all of which are addressed by the release of TYPO3 3.8.1.
TYPO3-20051114-7: TYPO3 Security Bulletin
Situations are imaginable where sensitive information gets stored in the fileadmin/_temp_/ directory. If misconfigured in your web server, this…
TYPO3-20051114-6: TYPO3 Security Bulletin
Under special circumstances, setting config.baseURL (see typo3.org/documentation/document-library/doc_core_tsref/quot_CONFIG_quot/ ) to a numeric…
TYPO3-20051114-5: TYPO3 Security Bulletin
For convenience, the TYPO3 Install Tool provides a button sets the "encryptionKey" to a random value. It has been observed that only parts of the…
TYPO3-20051114-4: TYPO3 Security Bulletin
In the past, a "Shift Reload" from the browser (AKA a GET request with the "no-cache" pragma set) cleared the TYPO3 cache of the requested page. This…
TYPO3-20051114-3: TYPO3 Security Bulletin
Various security issues have been reported for PhpMyAdmin (see www.securityfocus.com/bid/15196 for details.)
TYPO3-20051114-2: TYPO3 Security Bulletin
A Cross Site Scripting issue has been found in showpic.php.
TYPO3-20051114-1: TYPO3 Security Bulletin
The file editor functionality in the TYPO3 Install Tool (menu option "Edit files in typo3conf/") has an option that reads "Make backup copy". If set,…
SECURITY-BULLETINS-CHC-FORUM-TH-MAILFORMPLUS: Security Bulletins: chc_forum, th_mailformplus
Two security bulletins regarding the 3rd party extensions "CHC Forum" and "th_mailformplus" have been issued today. Fixed versions are available.
TYPO3-20051107-2: th_mailformplus
A weakness in the form validation of th_mailformplus has been discovered that may be abused to inject additional recipients in mail forms.
TYPO3-20051107-1: chc_forum
A bug has been discovered in the "CHC Forum" (chc_forum) extension where some Javascript expressions are not properly caught when entered in forms.…
SECURITY-BULLETIN-TYPO3-20051010-1-FE-NEWS: Security Bulletin TYPO3-20051010-1: fe_news
A bug has been discovered in the "Front End News Submitter" (fe_news) where SQL injection is not safely prevented. fe_rtenews is affected as well.
TYPO3-20051010-10: TYPO3 Security Bulletin
A bug has been discovered in the "Front End News Submitter" (fe_news) where SQL injection is not safely prevented and thus malicious SQL commands are…
TYPO3-20050822-1: TYPO3 Security Bulletin
A bug has been discovered in MOC filemanager (v. 0.7.1 and earlier): An offender may gain illegal read access to files on the server.
SECURITY-BULLETIN-TYPO3-20050822-1: Security Bulletin TYPO3-20050822-1
A bug has been discovered in MOC filemanager (v. 0.7.1 and earlier): An offender may gain illegal read access to files on the server.
SECURITY-BULLETIN-TYPO3-20050812-1: Security Bulletin TYPO3-20050812-1
Possible remote exploit with AWStats. The TYPO3 Security Team has issued a security bulletin which explains and fixes a possible problem with…
TYPO3-20050812-1: TYPO3 Security Bulletin
Remote exploitation of an input validation vulnerability in AWStats allows remote attackers to execute arbitrary commands. Successful exploitation…
SECURITY-BULLETIN-TYPO3-20050725-1: Security Bulletin TYPO3-20050725-1
Possible Information leak. The TYPO3 Security Team has issued another security bulletin which explains and fixes a possible problem with a debug…