Skip to main navigation Skip to main content Skip to page footer
main logo main logo

Security issues in several third party TYPO3 extensions

28 September 2011 ยท TYPO3 Security Team 
Dear TYPO3 users,

Several vulnerabilities have been found in the following third party TYPO3
extensions:

Hut-Manager (mm_hutinfo)
Indexed Search Statistic (np_indexed_search_stat)
jQuery Colorbox (rzcolorbox)
T3C Podcasts (t3c_podcasts)
Winning Game (winning_game)
TGM gallery (tgm_gallery)
tgmv gallery (tgmv_gallery)
Frontend Shibboleth Protection (bps_shib)
dev/null robots.txt (dev_null_robots)
Inflation-Calculator (dhc_inflationcal)
DAM Frontend (dam_frontend)
Documents download (rtg_files)
MG Rooms (mg_rooms)
Grid Elements (gridelements)



For further information on all CSB (Collective Security Bulletin) issues,
please read the related advisory TYPO3-EXT-SA-2011-012 that was published today:
http://typo3.org/teams/security/security-bulletins/typo3-extensions/typo3-ext-sa-2011-012/



In general the TYPO3 Security Team recommends to read the following pages:

The TYPO3 Security Cookbook:
<http: typo3.org fileadmin security-team typo3_security_cookbook_v-0.5.pdf>

Make sure you are subscribed to the TYPO3 Announce List:
<http: lists.typo3.org cgi-bin mailman listinfo typo3-announce>

See all TYPO3 security advisories:
<http: typo3.org teams security security-bulletins></http:>


Regards,

Helmut Hummel
Member of the TYPO3 Security Team

--
TYPO3 Security Team homepage: <a href="http://typo3.org/teams/security/" target="_blank" rel="noreferrer">http://typo3.org/teams/security/</a>

E-Mail: security@typo3.org

Please note: When replying to this e-mail, please leave the header intact.
_______________________________________________
TYPO3-announce mailing list
TYPO3-announce at lists.typo3.org
<a href="http://lists.typo3.org/cgi-bin/mailman/listinfo/typo3-announce" target="_blank" rel="noreferrer">http://lists.typo3.org/cgi-bin/mailman/listinfo/typo3-announce</a>
_______________________________________________
TYPO3-announce mailing list
TYPO3-announce at lists.typo3.org
<a href="http://lists.typo3.org/cgi-bin/mailman/listinfo/typo3-announce" target="_blank" rel="noreferrer">http://lists.typo3.org/cgi-bin/mailman/listinfo/typo3-announce</a></http:></http:>
Back to list