[TYPO3-announce] Security issues in several third party TYPO3 extensions including sr_feuser_register

Henning Pingel henning at typo3.org
Mon Apr 6 07:27:52 CEST 2009


Dear users of TYPO3,

Security vulnerabilities have been discovered in the following third
party TYPO3 extensions:

"Frontend User Registration"         (sr_feuser_register),
"A21glossary Advanced Output"        (a21glossary_advanced_output),
"ClickStream Analyzer (output)"      (alternet_csa_out),
"Directory Listing"                  (dir_listing),
"Store Locator"                      (locator),
"Userdata Create/Edit"               (sg_userdata),
"Versatile Calendar Extension (VCE)" (sk_calendar),
"ultraCards"                         (th_ultracards),
"Visitor Tracking"                   (ws_stats)

For further information on the extension "Frontend User Registration"
(sr_feuser_register), please read the related advisory TYPO3-SA-2009-004:

<http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-004/>

Regarding all other extensions listed above, please read the advisory
TYPO3-SA-2009-005 (which is a Collective Security Bulletin):

<http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-005/>

In general, the TYPO3 Security Team recommends to read the following pages:

The TYPO3 Security Cookbook:
<http://typo3.org/fileadmin/security-team/typo3_security_cookbook_v-0.5.pdf>

Make sure you are subscribed to the TYPO3 Announce List:
<http://lists.netfielders.de/cgi-bin/mailman/listinfo/typo3-announce>

See all TYPO3 security advisories:
<http://typo3.org/teams/security/security-bulletins/>

Regards,

Henning Pingel
henning at typo3.org



More information about the TYPO3-announce mailing list