It has been discovered that the default value of the TYPO3 configuration variable fileDenyPattern allows arbitrary code execution on Apache web servers. Besides that, the library fe_adminlib.inc...

More... (http://news.typo3.org/news/article/security-bulletin-typo3-20080611-1-multiple-vulnerabilities-in-typo3-core/)