[TYPO3-announce] [Ticket#2010011310000016] Security issues in several third party TYPO3 extensions

[TYPO3 Security Team]

Dear TYPO3 users,

Several vulnerabilities have been found in the following third party TYPO3
extensions: 

"BB Simple Jobs" (bb_simplejobs)
"Developer log" (devlog)
"Photo Book" (goof_fotoboek)
"Unit Converter" (cs2_unitconv)
"tt_news Mail alert" (dl3_tt_news_alerts)
"Googlemaps for tt_news" (jf_easymaps)
"Reports for Job" (job_reports)
"kiddog_mysqldumper" (kiddog_mysqldumper)
"KJ: Imagelightbox" (kj_imagelightbox2)
"Majordomo" (majordomo)
"Helpdesk" (mg_help)
"Tip many friends" (mimi_tipfriends)
"MK-AnydropdownMenu" (mk_anydropdownmenu)
"MJS Event Pro" (mjseventpro)
"powermail" (powermail)
"Clan Users List" (pb_clanlist)
"Customer Reference List" (ref_list)
"SB Folderdownload" (sb_folderdownload)
"TT_Products editor" (ttpedit)
"TV21 Talkshow" (tv21_talkshow)
"VD / Geomap" (vd_geomap)
"User Links" (vm19_userlinks)
"Vote rank for news" (vote_for_tt_news)
"zak_store_management" (zak_store_management)



For further information on all CSB (Collective Security Bulletin) issues,
please read the related advisory TYPO3-SA-2009-021 that was published today:
<http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-021/>



In general the TYPO3 Security Team recommends to read the following pages:

The TYPO3 Security Cookbook:
<http://typo3.org/fileadmin/security-team/typo3_security_cookbook_v-0.5.pdf>

Make sure you are subscribed to the TYPO3 Announce List:
<http://lists.typo3.org/cgi-bin/mailman/listinfo/typo3-announce>

See all TYPO3 security advisories:
<http://typo3.org/teams/security/security-bulletins/>



Regards,

Marcus Krause
Member of the TYPO3 Security Team

--
TYPO3 Security Team homepage: http://typo3.org/teams/security/

E-Mail: security at typo3.org

Please note: when replying to this e-mail, please leave the header intact.