[TYPO3-announce] Vulnerabilities in multiple third party TYPO3 CMS extensions
Nicole Cordes
nicole.cordes at typo3.org
Tue May 31 11:23:16 CEST 2016
Dear TYPO3 users,
several vulnerabilities have been found in the following third party TYPO3 extensions:
"Browser - TYPO3 without PHP" (browser)
"Questionnaire" (ke_questionnaire)
"Static Methods since 2007" (div2007)
"http:BL Blocking" (mh_httpbl)
"MMC directmail subscription" (mmc_directmail_subscription)
For further information on the issues, please read the related advisories
TYPO3-EXT-SA-2016-013, TYPO3-EXT-SA-2016-014, TYPO3-EXT-SA-2016-015, TYPO3-EXT-SA-2016-016 and TYPO3-EXT-SA-2016-017 which were
published today:
TYPO3-EXT-SA-2016-013: SQL Injection in extension "Browser - TYPO3 without PHP" (browser)
https://typo3.org/teams/security/security-bulletins/typo3-extensions/typo3-ext-sa-2016-013/
TYPO3-EXT-SA-2016-014: Information Disclosure in extension "Questionnaire" (ke_questionnaire)
https://typo3.org/teams/security/security-bulletins/typo3-extensions/typo3-ext-sa-2016-014/
TYPO3-EXT-SA-2016-015: Non-Persistent Cross-Site Scripting in extension "Static Methods since 2007" (div2007)
https://typo3.org/teams/security/security-bulletins/typo3-extensions/typo3-ext-sa-2016-015/
TYPO3-EXT-SA-2016-016: Multiple vulnerabilities in extension "http:BL Blocking" (mh_httpbl)
https://typo3.org/teams/security/security-bulletins/typo3-extensions/typo3-ext-sa-2016-016/
TYPO3-EXT-SA-2016-017: Information Disclosure in "MMC directmail subscription" (mmc_directmail_subscription)
https://typo3.org/teams/security/security-bulletins/typo3-extensions/typo3-ext-sa-2016-017/
In general the TYPO3 Security Team recommends to read the following pages:
The TYPO3 Security Guide:
https://docs.typo3.org/typo3cms/SecurityGuide/
Make sure you are subscribed to the TYPO3 Announce List:
http://lists.typo3.org/cgi-bin/mailman/listinfo/typo3-announce
See all TYPO3 security advisories:
https://typo3.org/teams/security/security-bulletins/
Regards,
Nicole Cordes
Member of the TYPO3 Security Team
--
TYPO3 Security Team homepage: https://typo3.org/teams/security/
E-Mail: security at typo3.org
More information about the TYPO3-announce
mailing list