Security update: TYPO3 content management framework
Several remote vulnerabilities have been discovered in the TYPO3 content management framework.
Because of a not sufficiently secure default value of the TYPO3 configuration variable fileDenyPattern, authenticated backend users could upload files that allowed to execute arbitrary code as the webserver user.
User input processed by fe_adminlib.inc is not being properly filtered to prevent Cross Site Scripting (XSS) attacks, which is exposed when specific plugins are in use.
=> Package : typo3
=> Vulnerability : several
=> Problem type : remote
=> Debian-specific: no
=> Debian Bug : 485814
Type the following command to update the internal database, install corrected packages:
# apt-get update
# apt-get upgrade
E-mail this to a friend
Printable version
You may also be interested in other helpful articles:
- A great Zend Framework PHP Tutorial (PDF version)
- Download of the day: CakePHP - The rapid development php framework
- Zend Framework PHP (based object-oriented) howtos
- Understanding SELinux ( Security-Enhanced Linux )
- Red Hat Open Sourced Identity, Policy, Auditing Management Security Framework Tool
Leave a Reply
We encourage your comments, and suggestions. But please stay on topic, be polite, and avoid spam. Thank you very much for stopping by our site!
Tags: arbitrary code, content management framework, debian bug, internal database, typo3, vulnerabilities, vulnerability, webserver user
Recent Comments
Today ~ 5 Comments
Today ~ 18 Comments
Today ~ 1 Comment
Today ~ 7 Comments
Today ~ 9 Comments