http://news.typo3.org/ news.typo3.org: The TYPO3 news resource en http://news.typo3.org/fileadmin/news.typo3.org/xmlicon.gif http://news.typo3.org/ 88 31 news.typo3.org: The TYPO3 news resource http://backend.userland.com/rss091 Mon, 05 May 2008 12:22:00 +0200 http://news.typo3.org/news/article/security-bulletin-typo3-20080505-2-cross-site-scripting-vulnerability-in-extension-powermail/ It has been discovered that the extension powermail is susceptible to Cross Site Scripting (XSS) attacks. http://news.typo3.org/news/article/security-bulletin-typo3-20080505-1-multiple-vulnerabilities-in-extension-mailformplus-th-mailformp/ It has been discovered that the extension MailformPlus (th_mailformplus) is susceptible to Cross Site Scripting (XSS) attacks and allows Remote Code Execution. http://news.typo3.org/news/article/security-bulletin-typo3-20080416-2-sql-injections-in-extensions-pmk-rssnewsexport-and-cm-rdfexport/ It has been discovered that the extensions pmk_rssnewsexport and cm_rdfexport are vulnerable to SQL Injection attacks. http://news.typo3.org/news/article/security-bulletin-typo3-20080416-1-multiple-vulnerabilities-in-extension-de-phpot/ It has been discovered that the extension de_phpot is vulnerable to multiple SQL Injection flaws and other types of security issues. http://news.typo3.org/news/article/typo3-security-bulletin-20071210-1-sql-injection-in-system-extension-indexed-search/ It has been discovered that the system extension indexed_search is vulnerable to a SQL Injection flaw. http://news.typo3.org/news/article/typo3-security-bulletin-20070919-1-multiple-vulnerabilities-in-extension-mm-forum/ It has been discovered that the extension mm_forum is vulnerable to multiple SQL Injection attacks and multiple XSS flaws alongside other vulnerabilities. http://news.typo3.org/news/article/typo3-security-bulletin-20070801-1-multiple-vulnerabilities-in-extension-ve-guestbook/ It has been discovered that the extension ve_guestbook is vulnerable to SQL Injection attacks. Also, a Cross Site Scripting issue has been detected. http://news.typo3.org/news/article/typo3-security-bulletin-20070717-1-remote-shell-command-execution-in-extensions-embedding-phpmailer/ Multiple TYPO3 extensions is affected by the third party tool PHPMailer, which is vulnerable to a remote shell command execution. http://news.typo3.org/news/article/typo3-security-bulletin-typo3-20070716-2-information-disclosure-from-extension-phpmyadmin/ An information disclosure issue has been found in the phpmyadmin extension of TYPO3 that may give access to phpinfo() information in special cases. The standalone version of phpmyadmin is not... http://news.typo3.org/news/article/typo3-security-bulletin-20070716-1-cross-site-scripting-vulnerability-in-faq/ It has been discovered that the extension faq is susceptible to cross site scripting (XSS) attacks, making it possible to execute arbitrary JavaScript.