Tip-a-friend - Header Injection

A header injection problem has been found in the extension tipafriend Component Type: Third party extension. The extension is not part of the TYPO3 default installation Affected Versions: 1.2.2 and earlier Vulnerability Type: Header Injection Severity: HIGH Problem Description: A problem has been...

Remote Command Execution

A critical problem has been discovered in plugin class.txrtehtmlareapi1.php that is used for spell-checking in the rtehtmlarea extension. Component Type: System Extension TYPO3 Versions 4.0-4.0.3, 4.1beta Third Party Extension TYPO3 Versions up to 3.8.1. Since TYPO3 Version 4.0 the extension is...

thumbs.php

A problem has been discovered with thumbs.php providing access to unwanted files Component Type: TYPO3 Core Affected Versions: ALL Vulnerability Type: Image Access Severity: minor Problem Description: TYPO3 uses a script t3lib/thumbs.php to display thumbnails of images and/or PDF documents. It ha...

Cross-Site Scripting in fe_adminLib.inc

A problem has been discovered with feadminLib.inc bein vulnerable for Cross-Site Scripting XSS Component Type: TYPO3 Core Affected Versions: TYPO3 4.0.3 IMPORTANT: customized version still need manual correction Vulnerability Type: cross Site Scripting XSS Severity: minor Problem Description: The...

Cross-Site Scripting vulnerability in Indexed Search

A problem has been discovered with indexed search being vulnerable to Cross-Site-Scripting XSS Component Type: System Extension This Extension is Part of the TYPO3 default installation Affected Components: Indexed Search Versions: 2.9.0 under TYPO3 4.x Vulnerability Type: Cross Site Scripting...

tip-a-friend

A problem has been discovered with tip-a-friend being vulnerable to Cross-Site-Scripting XSS Component Type: Third Party Extension. The extension is not part of the TYPO3 default installation Affected Components: tipafriend Versions: 1.2.1 and earlier Vulnerability Type: Cross Site Scripting...

TYPO3 Security Bulletin

Two problems path traversal and SQL injection have been discovered in the extension damdownloads Component Type: Third Party Extension. The extension is not part of the TYPO3 default installation Affected Components: damdownloads Versions: 1.0.1 and earlier Vulnerability Type: Path traversal and...

TYPO3 Security Bulletin

A weakness in the display of forum messages of chcforum has been discovered that may be used to execute arbitrary SQL Component Type: Third Party Extension. The extension is not part of the TYPO3 default installation Affected Components: chcforum Versions: 1.4.4 and earlier Vulnerability Type: SQ...

TYPO3 Security Bulletin

A Cross Site Scripting issue has been found in showpic.php. Component Type: Core Affected Components: showpic.php Versions: TYPO3 3.8.0 and earlier Vulnerability Type: Cross Site Scripting Severity: High Problem Description: A Cross Site Scripting issue has been found in showpic.php. Solution: Th...

TYPO3 Security Bulletin

Under special circumstances, setting config.baseURL see typo3.org/documentation/document-library/doccoretsref/quotCONFIGquot/ to a numeric value "1" could be used to spoof a malicious baseURL into your TYPO3 cache. It has now been decided to technically prevent this misconfiguration. Component...

TYPO3 Security Bulletin

The file editor functionality in the TYPO3 Install Tool menu option "Edit files in typo3conf/" has an option that reads "Make backup copy". If set, this will create a backup copy and append a "" to the original file name. This leads to file names that may be delivered as text files by a web serve...

TYPO3 Security Bulletin

For convenience, the TYPO3 Install Tool provides a button sets the "encryptionKey" to a random value. It has been observed that only parts of the generated value are actually random. The overall key is therefore unique and -as of today- considered sufficiently secure. However, the effective key...

TYPO3 Security Bulletin

In the past, a "Shift Reload" from the browser AKA a GET request with the "no-cache" pragma set cleared the TYPO3 cache of the requested page. This may be considered a potential target for Denial of Service attacks. Component Type: Core Affected Components: TYPO3 Page Cache Versions: TYPO3 3.8.0...

TYPO3 Security Bulletin

Various security issues have been reported for PhpMyAdmin see www.securityfocus.com/bid/15196 for details. Component Type: Third Party Product, included with the TYPO3 core Affected Components: PhpMyAdmin Versions: TYPO3 3.8.0 and earlier Vulnerability Type: Various see below Severity: Medium...

TYPO3 Security Bulletin

Situations are imaginable where sensitive information gets stored in the fileadmin/temp/ directory. If misconfigured in your web server, this directory can be browsable and therefore expose that information. Component Type: Core Affected Components: File Editor in Install Tool Versions: TYPO3 3.8...

th_mailformplus

A weakness in the form validation of thmailformplus has been discovered that may be abused to inject additional recipients in mail forms. Component Type: Third Party Extension. This extension is third party code that has not been submitted to the TYPO3 extension review process yet. The extension ...

chc_forum

A bug has been discovered in the "CHC Forum" chcforum extension where some Javascript expressions are not properly caught when entered in forms. Thus, specially crafted entries may be used to inject malicious code. Component Type: Third Party Extension. This extension is third party code that has...

TYPO3 Security Bulletin

A bug has been discovered in the "Front End News Submitter" fenews where SQL injection is not safely prevented and thus malicious SQL commands are potentially possible. Since the RTE enabled version fertenews is derived from fenews, it is affected as well. Component Type: Third Party Extension...

TYPO3 Security Bulletin

A bug has been discovered in MOC filemanager v. 0.7.1 and earlier: An offender may gain illegal read access to files on the server. Component Type: Third Party Extension. This extension is third party code that has not been submitted to the TYPO3 extension review process yet. The extension is not...

TYPO3 Security Bulletin

Remote exploitation of an input validation vulnerability in AWStats allows remote attackers to execute arbitrary commands. Successful exploitation results in the execution of arbitrary commands with permissions of the web service. This may compromise systems using extensions providing AWStats...

TYPO3 Security Bulletin

A debug script exposes system information provided by phpinfo. By default, the script can be executed by a remote user. Component Type: Core Affected Component: Debug Script Version: 3.8.0 and earlier Vulnerability Type: Information Disclosure Severity: Low Problem Description: A debug script...

TYPO3 Security Bulletin

Unless the default encryption key settings have been changed by the administrator, the TYPO3 mailform can be compromised to send mail to a wrong receipient. Thus, spam mails may be sent from a remote site. Component Type: Core Affected Component: mailforms Version: 3.7.0 and earlier Vulnerability...

TYPO3 Security Bulletin

An issue has been reported where a bug in the "cmwlinklist" extension allows SQL injection attacks. In specific situations, a remote offender can cause malicious database operations. Component Type: Third Party Extension. This extension is third party code that has not been submitted to the TYPO3...