Lacisoft's » vulnerability http://www.lacisoft.com/blog SELECT * FROM lacisoft Mon, 30 Jan 2012 17:42:20 +0000 en hourly 1 http://wordpress.org/?v=3.3.1 Critical security issue in Typo3 core – all versions http://www.lacisoft.com/blog/2009/02/10/critical-security-issue-in-typo3-core-all-versions/ http://www.lacisoft.com/blog/2009/02/10/critical-security-issue-in-typo3-core-all-versions/#comments Tue, 10 Feb 2009 12:27:05 +0000 lacisoft http://www.lacisoft.com/blog/?p=99
  • New TYPO3 Security Guide
  • Google’s browser security handbook
  • Older powermail versions and config.absRefPrefix
    • ]]>     A very serious security issue has been discovered in Typo3 core, all versions including 4.2.5 are affected. According to some this is the most critical security breach in Typo3 ever discovered. The vulnerability allows attackers to “download the contents of any file on the server, i.e. typo3conf/localconf.php, which holds both install tool password alongsideĀ database username and password“.

    There is a fix, Typo3 version 4.2.6. which is available as of today. And there are also other solutions and patches, read carefully the security bulletin and fix your Typo3 installation if you care for your files, passwords and other data on your webserver.

    Share

    Related posts:

    1. New TYPO3 Security Guide
    2. Google’s browser security handbook
    3. Older powermail versions and config.absRefPrefix

    ]]>     http://www.lacisoft.com/blog/2009/02/10/critical-security-issue-in-typo3-core-all-versions/feed/ 0