Several remote vulnerabilities have been discovered in the TYPO3 content management framework.
Because of a not sufficiently secure default value of the TYPO3 configuration variable fileDenyPattern, authenticated backend users could upload files that allowed to execute arbitrary code as the webserver user.
User input processed by fe_adminlib.inc is not being properly filtered to prevent Cross Site Scripting (XSS) attacks, which is exposed when specific plugins are in use.
=> Package : typo3
=> Vulnerability : several
=> Problem type : remote
=> Debian-specific: no
=> Debian Bug : 485814
Type the following command to update the internal database, install corrected packages:
# apt-get update
# apt-get upgrade
🐧 Get the latest tutorials on Linux, Open Source & DevOps via RSS feed or Weekly email newsletter.
🐧 0 comments... add one ↓
🐧 0 comments... add one ↓
Related Posts
Red Hat Open Sourced Identity, Policy, Auditing…
BIND 9 Dynamic Update DoS Security Update
Security Alert: rhpki-common - the Red Hat PKI…
Security: Linux openoffice.org security update- Debian Linux Security Update: Lighttpd DoS and Gaim…
Postfix Mail Server Security Update [moderate…
HowTo: Configure Wordpress To Use A Content Delivery…
HowTo: Configure Vbulletin To Use A Content Delivery…
| Category | List of Unix and Linux commands |
|---|---|
| Disk space analyzers | ncdu • pydf |
| File Management | cat |
| Firewall | Alpine Awall • CentOS 8 • OpenSUSE • RHEL 8 • Ubuntu 16.04 • Ubuntu 18.04 • Ubuntu 20.04 |
| Network Utilities | NetHogs • dig • host • ip • nmap |
| OpenVPN | CentOS 7 • CentOS 8 • Debian 10 • Debian 8/9 • Ubuntu 18.04 • Ubuntu 20.04 |
| Package Manager | apk • apt |
| Processes Management | bg • chroot • cron • disown • fg • jobs • killall • kill • pidof • pstree • pwdx • time |
| Searching | grep • whereis • which |
| User Information | groups • id • lastcomm • last • lid/libuser-lid • logname • members • users • whoami • who • w |
| WireGuard VPN | Alpine • CentOS 8 • Debian 10 • Firewall • Ubuntu 20.04 |
