SECURITY-ISSUES-IN-SEVERAL-THIRD-PARTY-TYPO3-EXTENSIONS-INCLUDING-CAL-DIRECT-MAIL-AN-SEARCHIT-KK-DOWNLOADER-LT-BASETAG-MCHTRIPS-SIMPLE-GLOSSAR-TW-PRODUCTFINDER-WFQBE: Security issues in several third party TYPO3 extensions including cal, direct_mail, an_searchit, kk_downloader, lt_basetag, mchtrips, simple_glossar, tw_productfinder, wfqbe

Categories: Security Created by Helmut Hummel
Security vulnerabilities have been discovered in following third party TYPO3 extensions: "Calendar Base" (cal), "Direct Mail" (direct_mail), "[AN] Search it!" (an_searchit), "Simple download-system with counter and categories" (kk_downloader), "Automatic Base Tags for RealUrl" (lt_basetag), "Trips" (mchtrips), "simple Glossar" (simple_glossar), "TW Productfinder" (tw_productfinder), "DB Integration" (wfqbe)

For further information on the issue in extension "Calendar Base" (cal),
please read the related advisory TYPO3-SA-2009-019 that was published
today:
http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-019/

For further information on the issue in extension "Direct Mail"
(direct_mail), please read the related advisory TYPO3-SA-2009-018 that
was published today:
http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-018/

For further information on all CSB (Collective Security Bulletin) issues,
please read the related advisory TYPO3-SA-2009-017 that was published
today:
http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-017/

In general the TYPO3 Security Team recommends to read the following pages:

The TYPO3 Security Cookbook:
http://typo3.org/fileadmin/security-team/typo3_security_cookbook_v-0.5.pdf

Make sure you are subscribed to the TYPO3 Announce List:
http://lists.typo3.org/cgi-bin/mailman/listinfo/typo3-announce

See all TYPO3 security advisories.