[Typo3-announce] Security Bulletin TYPO3-20050822-1
Ekkehard Gümbel
guembel at naw.de
Mon Aug 22 17:53:45 CEST 2005
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Security Bulletin TYPO3-20050822-1
http://typo3.org/teams/security/security-bulletins/typo3-20050822-1/
Component Type: Third Party Extension. This extension is third party code
that has not been submitted to the TYPO3 extension review process yet. The
extension is not part of TYPO3 default installations.
Affected Component: moc_filemanager
Version: 0.7.1 and earlier
Vulnerability Type: Information Disclosure
Severity: High
Problem Description:
A bug has been discovered in MOC filemanager (v. 0.7.1 and earlier): An
offender may gain illegal read access to files on the server.
Solution:
An updated version (0.8.0) of the extension can be found on
typo3.org/extensions/repository/list/moc_filemanager or via Extension
Manager.
All users of this extension are advised to immediatly update this
extension.
Credits:
Thanks to the author (Jan-Erik Revsbech) for notifying us and for
providing
a fixed version.
Regards,
Ekkehard Guembel
TYPO3 Security Team
- -> This information comes with ABSOLUTELY NO WARRANTY.
- -> Visit http://typo3.org/teams/security/security-bulletins
-----BEGIN PGP SIGNATURE-----
iQA/AwUBQwnmrracx8F96kPgEQLQWgCg6BeH2xvw/9HJQoRgPEaOHP+bGk4AoL9O
wZ7b6EQYqZFIhRj+C2PVmaUL
=pEAd
-----END PGP SIGNATURE-----
More information about the TYPO3-announce
mailing list