[TYPO3-announce] Two third party TYPO3 extensions found insecure
Lars Houmark
lars at typo3.org
Wed Sep 24 10:30:13 CEST 2008
Dear users of TYPO3,
The extensions phpMyAdmin (phpmyadmin) and freeCap CAPTCHA
(sr_freecap) have been found insecure.
Please see the below two bulletins in order to read the details of
each security incident.
TYPO3-20080924-1: Cross-Site Scripting vulnerability in extension
phpMyAdmin (phpmyadmin):
http://typo3.org/teams/security/security-bulletins/typo3-20080924-1/
TYPO3-20080924-2: Cross-Site Scripting vulnerability in extension
freeCap CAPTCHA (sr_freecap):
http://typo3.org/teams/security/security-bulletins/typo3-20080924-2/
In general the TYPO3 Security Team recommends you to read the
following pages.
The TYPO3 Security Cookbook:
http://typo3.org/fileadmin/security-team/typo3_security_cookbook_v-0.5.pdf
Make sure you are subscribed to the TYPO3 Announce List:
http://lists.netfielders.de/cgi-bin/mailman/listinfo/typo3-announce
See all TYPO3 security bulletins:
http://typo3.org/teams/security/security-bulletins/
Regards,
Lars Houmark
lars at typo3.org
More information about the TYPO3-announce
mailing list