Security issues in several third party TYPO3 extensions including car, aba_watchdog, dr_blob, nl_listman, xds_staff, danp_documentdirs, ste_prayer2, pd_resources, hs_religiousartgallery, ste_parish_admin, pd_calendar

Categories: Security Created by Helmut Hummel
Security vulnerabilities have been discovered in following third party TYPO3 extensions: Car (car), TYPO3 Watchdog (aba_watchdog), File list (dr_blob), ListMan (nl_listman), XDS Staff List (xds_staff), Document Directorys (danp_documentdirs), Random Prayer Version 2 (ste_prayer2), Diocese of Portsmouth Resources Database (pd_resources), Parish of the Holy Spirit Religious Art Gallery (hs_religiousartgallery), Parish Administration Database (ste_parish_admin), Diocese of Portsmouth Calendar (pd_calendar), Flash SlideShow (slideshow), Subscription (mf_subscription), No indexed Search (no_indexed_search), Job Exchange (jobexchange), Training Company Database (trainincdb), ZID Linkliste (zid_linklist), vShoutbox (vshoutbox), Frontend news submitter with RTE (fe_rtenews)

For further information on all CSB (Collective Security Bulletin) issues,
please read the related advisory TYPO3-SA-2009-020 that was published
today:
http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-020/

In general the TYPO3 Security Team recommends to read the following pages:

The TYPO3 Security Cookbook:
http://typo3.org/fileadmin/security-team/typo3_security_cookbook_v-0.5.pdf

Make sure you are subscribed to the TYPO3 Announce List:
http://lists.typo3.org/cgi-bin/mailman/listinfo/typo3-announce

See all TYPO3 security advisories:
http://typo3.org/teams/security/security-bulletins/