[TYPO3-announce] [Ticket#2012032810000017] Security issues in several third party TYPO3 ectensions including powermail and seo_basics
TYPO3 Security Team
security at typo3.org
Wed Mar 28 10:43:51 CEST 2012
Dear TYPO3 users,
Several vulnerabilities have been found in the following third party TYPO3 extensions:
Basic SEO Features (seo_basics)
powermail (powermail)
WhoisLookup (fe_whois)
Display CSV / Excel files or database tables (cag_tables)
Useful informations in reports module (additional_reports)
General data display (general_data_display)
Realty Manager (realty)
FEUser->BELogin (dkd_feuser_belogin)
TCFacebook Connect (tc_fbconnect)
Easy Login and Register with OpenID (FE) (dix_easylogin)
Ajado Facebook Connect (ajado_facebook)
Facebook Connect to TYPO3 (facebook2t3)
Social Login to TYPO3 (sociallogin2t3)
Event Board (kb_eventboard)
News system (news)
For further information on the issue in the extension "Basic SEO Features"
(seo_basics), please read the related advisory TYPO3-EXT-SA-2012-006 that was
published today:
http://typo3.org/teams/security/security-bulletins/typo3-extensions/typo3-ext-sa-2012-006/
For further information on the issue in the extension "powermail" (powermail),
please read the related advisory TYPO3-EXT-SA-2012-004 that was published today:
http://typo3.org/teams/security/security-bulletins/typo3-extensions/typo3-ext-sa-2012-004/
For further information on all CSB (Collective Security Bulletin) issues, please
read the related advisory TYPO3-EXT-SA-2012-005 that was published today:
http://typo3.org/teams/security/security-bulletins/typo3-extensions/typo3-ext-sa-2012-005/
In general the TYPO3 Security Team recommends to read the following pages:
The TYPO3 Security Guide:
http://typo3.org/documentation/document-library/extension-manuals/doc_guide_security/current/
Make sure you are subscribed to the TYPO3 Announce List:
http://lists.typo3.org/cgi-bin/mailman/listinfo/typo3-announce
See all TYPO3 security advisories for TYPO3 third party extensions:
http://typo3.org/teams/security/security-bulletins/typo3-extensions/
Regards,
Marcus Krause
Member of the TYPO3 Security Team
--
TYPO3 Security Team homepage: http://typo3.org/teams/security/
E-Mail: security at typo3.org
Please note: When replying to this e-mail, please leave the header intact.
More information about the TYPO3-announce
mailing list