Several vulnerabilities have been found in the following third party TYPO3 extensions:
- mm_forum (mm_forum) – Critical
- Statistics (ke_stats) – Critical
- News (tt_news) – High
- Yet Another Gallery (yag) – High
- Tools for Extbase development (pt_extbase) – High
- femanager (femanager) – High
- TYPO3 Security / Intrusion Detection System (px_phpids) – High
- Direct Mail Subscription (direct_mail_subscription) – Medium
- Alphabetic Sitemap (alpha_sitemap) – Medium
- External links click statistics (outstats) – Medium
- smarty (smarty) – Medium
- WEC Map (wec_map) – Medium
For further information on the issue in the extension mm_forum (mm_forum), please read the related advisory TYPO3-EXT-SA-2014-001 that was published today:
http://typo3.org/teams/security/security-bulletins/typo3-extensions/typo3-ext-sa-2014-001/
For further information on the issue in the extension News (tt_news), please read the related advisory TYPO3-EXT-SA-2014-003 that was published today:
http://typo3.org/teams/security/security-bulletins/typo3-extensions/typo3-ext-sa-2014-003/
For further information on the issue in the extension Direct Mail Subscription (direct_mail_subscription), please read the related advisory TYPO3-EXT-SA-2014-004 that was published today:
http://typo3.org/teams/security/security-bulletins/typo3-extensions/typo3-ext-sa-2014-004/
For further information on the issue in the extensions Yet Another Gallery (yag) and Tools for Extbase development (pt_extbase), please read the related advisory TYPO3-EXT-SA-2014-005 that was published today:
http://typo3.org/teams/security/security-bulletins/typo3-extensions/typo3-ext-sa-2014-005/
The Collective Security Bulletin TYPO3-EXT-SA-2014-002 for the remaining extensions was also published today:
http://typo3.org/teams/security/security-bulletins/typo3-extensions/typo3-ext-sa-2014-002/