Users of TYPO3 please be advised of a New packages fix several vulnerabilities that has been identified.
To view this vulnerability, possible remedies, and others please check out the Security Advisories at Critical Watch (http://criticalwatch.com/support/security-advisories.aspx)
Amplify’d from www.criticalwatch.com
DSA 2121-1: [DSA 2121-1] New TYPO3 packages fix several vulnerabilities
Several remote vulnerabilities have been discovered in TYPO3. The
Common Vulnerabilities and Exposures project identifies the following
problems:
CVE-2010-3714
Multiple remote file disclosure vulnerabilities in the jumpUrl
mechanism and the Extension Manager allowed attackers to read
files with the privileges of the account under which the web
server was running.
CVE-2010-3715
The TYPO3 backend contained several cross-site scripting
vulnerabilities, and the RemoveXSS function did not filter
all Javascript code.Read more at www.criticalwatch.com
See this Amp at http://bit.ly/aBrl1Y
No comments:
Post a Comment