[TYPO3-announce] [Ticket#2010011310000016] Security issues in several third party TYPO3 extensions

TYPO3 Security Team security at typo3.org
Wed Jan 13 12:16:58 CET 2010

Dear TYPO3 users,

Several vulnerabilities have been found in the following third party TYPO3

"BB Simple Jobs" (bb_simplejobs)
"Developer log" (devlog)
"Photo Book" (goof_fotoboek)
"Unit Converter" (cs2_unitconv)
"tt_news Mail alert" (dl3_tt_news_alerts)
"Googlemaps for tt_news" (jf_easymaps)
"Reports for Job" (job_reports)
"kiddog_mysqldumper" (kiddog_mysqldumper)
"KJ: Imagelightbox" (kj_imagelightbox2)
"Majordomo" (majordomo)
"Helpdesk" (mg_help)
"Tip many friends" (mimi_tipfriends)
"MK-AnydropdownMenu" (mk_anydropdownmenu)
"MJS Event Pro" (mjseventpro)
"powermail" (powermail)
"Clan Users List" (pb_clanlist)
"Customer Reference List" (ref_list)
"SB Folderdownload" (sb_folderdownload)
"TT_Products editor" (ttpedit)
"TV21 Talkshow" (tv21_talkshow)
"VD / Geomap" (vd_geomap)
"User Links" (vm19_userlinks)
"Vote rank for news" (vote_for_tt_news)
"zak_store_management" (zak_store_management)

For further information on all CSB (Collective Security Bulletin) issues,
please read the related advisory TYPO3-SA-2009-021 that was published today:

In general the TYPO3 Security Team recommends to read the following pages:

The TYPO3 Security Cookbook:

Make sure you are subscribed to the TYPO3 Announce List:

See all TYPO3 security advisories:


Marcus Krause
Member of the TYPO3 Security Team

TYPO3 Security Team homepage: http://typo3.org/teams/security/

E-Mail: security at typo3.org

Please note: when replying to this e-mail, please leave the header intact.

More information about the TYPO3-announce mailing list