[TYPO3-announce] [Ticket#2010072810000013] Multiple vulnerabilities found in TYPO3 Core and th third party extension "Front End User Registrati [...]
TYPO3 Security Team
security at typo3.org
Wed Jul 28 12:29:53 CEST 2010
Dear TYPO3 users,
It has been discovered that TYPO3 Core is vulnerable to Cross-Site Scripting
(XSS), Open Redirection, SQL Injection, Broken Authentication and Session
Management, Insecure Randomness, Information Disclosure and Arbitrary Code
Execution.
Please read the following advisory for a description and solution of all
TYPO3 Core issues:
TYPO3 Security Bulletin TYPO3-SA-2010-012: Vulnerability in TYPO3 Core
<http://typo3.org/teams/security/security-bulletins/typo3-sa-2010-012/>
Please read the following advisory for a description and solution of the
"Front End User Registration" issue:
TYPO3 Security Bulletin TYPO3-SA-2010-013: Vulnerabilitiy in extension "Front
End User Registration" (sr_feuser_register)
<http://typo3.org/teams/security/security-bulletins/typo3-sa-2010-013/>
In general the TYPO3 Security Team recommends to read the following pages:
The TYPO3 Security Cookbook:
<http://typo3.org/fileadmin/security-team/typo3_security_cookbook_v-0.5.pdf>
Make sure you are subscribed to the TYPO3 Announce List:
<http://lists.typo3.org/cgi-bin/mailman/listinfo/typo3-announce>
See all TYPO3 security advisories:
<http://typo3.org/teams/security/security-bulletins/>
Regards,
Helmut Hummel
Member of the TYPO3 Security Team
Regards,
Helmut Hummel
Member of the TYPO3 Security Team
--
TYPO3 Security Team homepage: [1]http://typo3.org/teams/security/
E-Mail: security at typo3.org
Please note: When replying to this e-mail, please leave the header intact.
[1] http://typo3.org/teams/security/
More information about the TYPO3-announce
mailing list