'Re: [oss-security] CVE id request: TYPO3-20080611-1: Multiple'

[prev in list] [next in list] [prev in thread] [next in thread] 

List:       oss-security
Subject:    Re: [oss-security] CVE id request: TYPO3-20080611-1: Multiple
From:       "Steven M. Christey" <coley () linus ! mitre ! org>
Date:       2008-06-16 21:23:21
Message-ID: Pine.GSO.4.51.0806161723090.16840 () faron ! mitre ! org
[Download RAW message or body]


======================================================
Name: CVE-2008-2717
Status: Candidate
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2717
Reference: BUGTRAQ:20080611 TYPO3 Security Bulletin TYPO3-20080611-1: Multiple vulnerabilities \
                in TYPO3 Core
Reference: URL:http://www.securityfocus.com/archive/1/archive/1/493270/100/0/threaded
Reference: CONFIRM:http://buzz.typo3.org/teams/security/article/advice-on-core-security-issue-regarding-filedenypattern/
                
Reference: CONFIRM:http://typo3.org/teams/security/security-bulletins/typo3-20080611-1/
Reference: DEBIAN:DSA-1596
Reference: URL:http://www.debian.org/security/2008/dsa-1596
Reference: FRSIRT:ADV-2008-1802
Reference: URL:http://www.frsirt.com/english/advisories/2008/1802
Reference: SECUNIA:30619
Reference: URL:http://secunia.com/advisories/30619
Reference: SECUNIA:30660
Reference: URL:http://secunia.com/advisories/30660

TYPO3 4.0.x before 4.0.9, 4.1.x before 4.1.7, and 4.2.x before 4.2.1,
uses an insufficiently restrictive default fileDenyPattern for Apache,
which allows remote attackers bypass security restrictions and upload
configuration files such as .htaccess, or conduct file upload attacks
using multiple extensions.


======================================================
Name: CVE-2008-2718
Status: Candidate
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2718
Reference: BUGTRAQ:20080611 TYPO3 Security Bulletin TYPO3-20080611-1: Multiple vulnerabilities \
                in TYPO3 Core
Reference: URL:http://www.securityfocus.com/archive/1/archive/1/493270/100/0/threaded
Reference: CONFIRM:http://typo3.org/teams/security/security-bulletins/typo3-20080611-1/
Reference: DEBIAN:DSA-1596
Reference: URL:http://www.debian.org/security/2008/dsa-1596
Reference: FRSIRT:ADV-2008-1802
Reference: URL:http://www.frsirt.com/english/advisories/2008/1802
Reference: SECUNIA:30619
Reference: URL:http://secunia.com/advisories/30619
Reference: SECUNIA:30660
Reference: URL:http://secunia.com/advisories/30660

Cross-site scripting (XSS) vulnerability in fe_adminlib.inc in TYPO3
4.0.x before 4.0.9, 4.1.x before 4.1.7, and 4.2.x before 4.2.1, as
used in extensions such as (1) direct_mail_subscription, (2)
feuser_admin, and (3) kb_md5fepw, allows remote attackers to inject
arbitrary web script or HTML via unspecified vectors.


[prev in list] [next in list] [prev in thread] [next in thread]
Configure | About | News | Add a list | Sponsored by KoreLogic