[TYPO3-UG Russia] Fwd: [TYPO3-announce] Security issues in third party TYPO3 extensions "Formhandler" (formhandler) and "Questionaire" (pbsurvey)

Michael Shigorin mike at osdn.org.ua
Thu Aug 25 13:51:53 CEST 2011 

----- Forwarded message from TYPO3 Security Team <security/typo3.org> -----

Date: Thu, 25 Aug 2011 13:33:27 +0200
From: TYPO3 Security Team <security/typo3.org>
To: typo3-announce/lists.typo3.org
Subject: [TYPO3-announce] Security issues in third party TYPO3 extensions "Formhandler" (formhandler) and "Questionaire" (pbsurvey)

Dear TYPO3 users,

SQL Injection and Cross Site Scripting vulnerabilities have been found in the following third party
TYPO3 extension: "Formhandler" (formhandler)

For further information on the issues in extension "Formhandler" (formhandler),
please read the related advisory TYPO3-EXT-SA-2011-003 that was published today:
http://typo3.org/teams/security/security-bulletins/typo3-extensions/typo3-ext-sa-2011-003/


Cross Site Scripting vulnerabilities have been found in the following third party
TYPO3 extension: "Questionaire" (pbsurvey)

For further information on the issues in extension "Questionaire" (pbsurvey),
please read the related advisory TYPO3-EXT-SA-2011-004 that was published today:
http://typo3.org/teams/security/security-bulletins/typo3-extensions/typo3-ext-sa-2011-004/




In general the TYPO3 Security Team recommends to read the following pages:

The TYPO3 Security Cookbook:
http://typo3.org/fileadmin/security-team/typo3_security_cookbook_v-0.5.pdf

Make sure you are subscribed to the TYPO3 Announce List:
http://lists.typo3.org/cgi-bin/mailman/listinfo/typo3-announce

See all TYPO3 security advisories:
http://typo3.org/teams/security/security-bulletins/



Regards,

Helmut Hummel
Member of the TYPO3 Security Team

--
TYPO3 Security Team homepage: http://typo3.org/teams/security/

E-Mail: security/typo3.org

_______________________________________________
TYPO3-announce mailing list
TYPO3-announce/lists.typo3.org
http://lists.typo3.org/cgi-bin/mailman/listinfo/typo3-announce
_______________________________________________
TYPO3-announce mailing list
TYPO3-announce/lists.typo3.org
http://lists.typo3.org/cgi-bin/mailman/listinfo/typo3-announce

----- End forwarded message -----

-- 
 ---- WBR, Michael Shigorin <mike at altlinux.ru>
  ------ Linux.Kiev http://www.linux.kiev.ua/

More information about the TYPO3-russia mailing list