Wouter Van Dongen

**Name of the Vulnerable Software and Affected Versions** TYPO3 powermail extension versions prior to 1.6.11 TYPO3 powermail extension versions 2.x prior to 2.0.14 **Description** The issue allows remote attackers to execute arbitrary code by uploading a file with a crafted extension. This can be achieved by accessing the uploaded file via unspecified vectors. **Recommendations** For versions prior to 1.6.11, update to version 1.6.11 or later. For versions 2.x prior to 2.0.14, update to version 2.0.14 or later.

**Name of the Vulnerable Software and Affected Versions** TYPO3 versions 4.5.0 through 4.5.33 TYPO3 versions 4.7.0 through 4.7.18 TYPO3 versions 6.0.0 through 6.0.13 TYPO3 versions 6.1.0 through 6.1.8 TYPO3 versions 6.2.0 through 6.2.2 **Description** The issue allows remote attackers to have an unspecified impact via a crafted HTTP Host header, related to "Host Spoofing." **Recommendations** For TYPO3 versions 4.5.0 through 4.5.33, update to version 4.5.34 or later. For TYPO3 versions 4.7.0 through 4.7.18, update to version 4.7.19 or later. For TYPO3 versions 6.0.0 through 6.0.13, update to version 6.0.14 or later. For TYPO3 versions 6.1.0 through 6.1.8, update to version 6.1.9 or later. For TYPO3 versions 6.2.0 through 6.2.2, update to version 6.2.3 or later.