Wed. 11th June, 2008
It has been discovered that the default value of the TYPO3 configuration variable fileDenyPattern allows arbitrary code execution on Apache web servers. Besides that, the library fe_adminlib.inc allows Cross Site Scripting (XSS).
This is a companion discussion topic for the original entry at https://typo3.org/article/security-bulletin-typo3-20080611-1-multiple-vulnerabilities-in-typo3-core/