Franz G. Jahn

t3sec@franz-jahn.de

  • Registered on:
  • Last connection: 2014-08-02

Issues

Activity

2014-05-30

15:38 TYPO3 Core Task #59233 (Accepted): Do not transfer content of fields with eval=password
When you edit an arbitrary record with a password field, the content of the password field (as stored in the database...

2013-12-10

10:55 TYPO3 Core Revision fdd3d3f1: [SECURITY] Prevent editor controlled hmac content
An hmac of the editor controlled auto respond message was used to verifiy
the correctness of this message on submit. ...
10:54 TYPO3 Core Revision 2d29894a: [SECURITY] Prevent editor controlled hmac content
An hmac of the editor controlled auto respond message was used to verifiy
the correctness of this message on submit. ...
10:53 TYPO3 Core Revision 1cbe889f: [SECURITY] Prevent editor controlled hmac content
An hmac of the editor controlled auto respond message was used to verifiy
the correctness of this message on submit. ...
10:52 TYPO3 Core Revision efa9e0b6: [SECURITY] Prevent editor controlled hmac content
An hmac of the editor controlled auto respond message was used to verifiy
the correctness of this message on submit. ...
10:51 TYPO3 Core Revision 52d3bff4: [SECURITY] Prevent editor controlled hmac content
An hmac of the editor controlled auto respond message was used to verifiy
the correctness of this message on submit. ...

2013-06-04

14:43 TYPO3 Core Bug #18534: The cache of pages which include content from another one is not emptied automaticall...
I had the same problem with TYPO3 4.5.25.

2013-05-31

12:09 TYPO3 Core Bug #48692 (Closed): Properly escape data in PermissionAjaxController
* /typo3/ajax.php in parameter Page and who (not easily exploitable as
the referer is checked, but still vulnerable ...

2013-03-06

11:49 TYPO3 Core Revision 85a52fea: [SECURITY] Open redirection with jumpurl
jumpurl allows redirect to any given URL. A hash on the url
is now required to know if the jumpurl has been created
b...
11:48 TYPO3 Core Revision da32bbb4: [SECURITY] Open redirection with jumpurl
jumpurl allows redirect to any given URL. A hash on the url
is now required to know if the jumpurl has been created
b...

Also available in: Atom