Security issues in several third party TYPO3 extensions
Categories:
Security
Created by Helmut Hummel
Security vulnerabilities have been discovered in following third party TYPO3 extensions: MK-AnydropdownMenu (mk_anydropdownmenu), Photo Book (goof_fotoboek), SB Folderdownload (sb_folderdownload), Developer log (devlog), KJ: Imagelightbox (kj_imagelightbox2), Unit Converter (cs2_unitconv), powermail (powermail), TV21 Talkshow (tv21_talkshow), Helpdesk (mg_help), Vote rank for news (vote_for_tt_news), kiddog_mysqldumper (kiddog_mysqldumper), tt_news Mail alert (dl3_tt_news_alerts), TT_Products editor (ttpedit), User Links (vm19_userlinks), MJS Event Pro (mjseventpro), Googlemaps fr tt_news (jf_easymaps), BB Simple Jobs (bb_simplejobs), Reports for Job (job_reports), Clan Users List (pb_clanlist), Customer Reference List (ref_list), zak_store_management (zak_store_management), Reports Logfile View (reports_logview), Majordomo (majordomo), Tip many friends (mimi_tipfriends), VD / Geomap (vd_geomap)
For further information on all CSB (Collective Security Bulletin) issues,
please read the related advisory TYPO3-SA-2009-021 that was published
today:
http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-021/
In general the TYPO3 Security Team recommends to read the following pages:
The TYPO3 Security Cookbook:
http://typo3.org/fileadmin/security-team/typo3_security_cookbook_v-0.5.pdf
Make sure you are subscribed to the TYPO3 Announce List:
http://lists.typo3.org/cgi-bin/mailman/listinfo/typo3-announce
See all TYPO3 security advisories:
http://typo3.org/teams/security/security-bulletins/
