2 matches found
CVE-2008-2717
TYPO3 vulnerable versions: 4.0.x before 4.0.9, 4.1.x before 4.1.7, and 4.2.x before 4.2.1. Root cause: an insufficiently restrictive default fileDenyPattern for Apache. Impact: remote attackers can bypass security restrictions and upload configuration files (e.g., .htaccess) or perform file uploa...
Debian DSA-1596-1 : typo3 - several vulnerabilities
Several remote vulnerabilities have been discovered in the TYPO3 content management framework. Because of a not sufficiently secure default value of the TYPO3 configuration variable fileDenyPattern, authenticated backend users could upload files that allowed to execute arbitrary code as the...