[TYPO3-announce] [Ticket#2012032810000017] Security issues in several third party TYPO3 ectensions including powermail and seo_basics

TYPO3 Security Team security at typo3.org
Wed Mar 28 10:43:51 CEST 2012


Dear TYPO3 users,


Several vulnerabilities have been found in the following third party TYPO3 extensions:

Basic SEO Features (seo_basics)

powermail (powermail)

WhoisLookup (fe_whois)
Display CSV / Excel files or database tables (cag_tables)
Useful informations in reports module (additional_reports)
General data display (general_data_display)
Realty Manager (realty)
FEUser->BELogin (dkd_feuser_belogin)
TCFacebook Connect (tc_fbconnect)
Easy Login and Register with OpenID (FE) (dix_easylogin)
Ajado Facebook Connect (ajado_facebook)
Facebook Connect to TYPO3 (facebook2t3)
Social Login to TYPO3 (sociallogin2t3)
Event Board (kb_eventboard)
News system (news)


For further information on the issue in the extension "Basic SEO Features"
(seo_basics), please read the related advisory TYPO3-EXT-SA-2012-006 that was
published today:
http://typo3.org/teams/security/security-bulletins/typo3-extensions/typo3-ext-sa-2012-006/

For further information on the issue in the extension "powermail" (powermail),
please read the related advisory TYPO3-EXT-SA-2012-004 that was published today:
http://typo3.org/teams/security/security-bulletins/typo3-extensions/typo3-ext-sa-2012-004/


For further information on all CSB (Collective Security Bulletin) issues, please
read the related advisory TYPO3-EXT-SA-2012-005 that was published today:
http://typo3.org/teams/security/security-bulletins/typo3-extensions/typo3-ext-sa-2012-005/



In general the TYPO3 Security Team recommends to read the following pages:

The TYPO3 Security Guide:
http://typo3.org/documentation/document-library/extension-manuals/doc_guide_security/current/

Make sure you are subscribed to the TYPO3 Announce List:
http://lists.typo3.org/cgi-bin/mailman/listinfo/typo3-announce

See all TYPO3 security advisories for TYPO3 third party extensions:
http://typo3.org/teams/security/security-bulletins/typo3-extensions/




Regards,

Marcus Krause
Member of the TYPO3 Security Team

--
TYPO3 Security Team homepage: http://typo3.org/teams/security/

E-Mail: security at typo3.org

Please note: When replying to this e-mail, please leave the header intact.


More information about the TYPO3-announce mailing list