1 files changed, 38 insertions, 0 deletions

diff --git a/security/vuxml/vuln.xml b/security/vuxml/vuln.xml
index e36f33ffc27c..e752d5501068 100644
--- a/security/vuxml/vuln.xml
+++ b/security/vuxml/vuln.xml
@@ -51,6 +51,44 @@ Note:  Please add new entries to the beginning of this file.
 
 -->
 <vuxml xmlns="http://www.vuxml.org/apps/vuxml-1">
+  <vuln vid="e6839625-fdfa-11e2-9430-20cf30e32f6d">
+    <topic>typo3 -- Multiple vulnerabilities in TYPO3 Core</topic>
+    <affects>
+      <package>
+	<name>typo3</name>
+	<range><ge>4.5.0</ge><lt>4.5.29</lt></range>
+	<range><ge>4.7.0</ge><lt>4.7.14</lt></range>
+	<range><ge>6.1.0</ge><lt>6.1.3</lt></range>
+      </package>
+    </affects>
+    <description>
+      <body xmlns="http://www.w3.org/1999/xhtml">
+	<p>Typo Security Team reports:</p>
+	<blockquote cite="http://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2013-002/">
+	  <p>It has been discovered that TYPO3 Core is vulnerable to
+	    Cross-Site Scripting and Remote Code Execution.</p>
+	  <p>TYPO3 bundles flash files for video and audio playback. Old
+	    versions of FlowPlayer and flashmedia are susceptible to
+	    Cross-Site Scripting. No authentication is required to exploit
+	    this vulnerability.</p>
+	  <p>The file upload component and the File Abstraction Layer are
+	    failing to check for denied file extensions, which allows
+	    authenticated editors (even with limited permissions) to
+	    upload php files with arbitrary code, which can then be
+	    executed in web server's context.</p>
+	</blockquote>
+      </body>
+    </description>
+    <references>
+      <cvename>CVE-2011-3642</cvename>
+      <cvename>CVE-2013-1464</cvename>
+    </references>
+    <dates>
+      <discovery>2013-07-30</discovery>
+      <entry>2013-08-05</entry>
+    </dates>
+  </vuln>
+
   <vuln vid="17326fd5-fcfb-11e2-9bb9-6805ca0b3d42">
     <topic>phpMyAdmin -- clickJacking protection can be bypassed</topic>
     <affects>