TYPO3-20051107-1: chc_forum

Authors: Ekkehard Gümbel, Category: TYPO3 Extension November 07, 2005

A bug has been discovered in the "CHC Forum" (chc_forum) extension where some Javascript expressions are not properly caught when entered in forms. Thus, specially crafted entries may be used to inject malicious code.

Details

TYPO3-20051010-10: TYPO3 Security Bulletin

Authors: Ekkehard Gümbel, Category: TYPO3 Extension October 10, 2005

A bug has been discovered in the "Front End News Submitter" (fe_news) where SQL injection is not safely prevented and thus malicious SQL commands are potentially possible. Since the RTE enabled version (fe_rtenews) is derived from fe_news, it is affected as well.

Details

TYPO3-20050812-1: TYPO3 Security Bulletin

Authors: Karsten Dambekalns, Category: TYPO3 Extension August 12, 2005

Remote exploitation of an input validation vulnerability in AWStats allows remote attackers to execute arbitrary commands. Successful exploitation results in the execution of arbitrary commands with permissions of the web service. This may compromise systems using extensions providing AWStats.

Details

TYPO3-20050307-1: TYPO3 Security Bulletin

Authors: Ekkehard Gümbel, Category: TYPO3 CMS March 07, 2005

Unless the default encryption key settings have been changed by the administrator, the TYPO3 mailform can be compromised to send mail to a wrong receipient. Thus, spam mails may be sent from a remote site.

Details