BelWü Sicherheitswarnung für Typo3 Erweiterungen: mm_dam_filelist

Es sind neue Sicherheitswarnungen fuer Erweiterungen des  CMS Typo3 veroeffentlicht worden. Sollten Sie diese Erweiterungen einsetzen, entfernen Sie die Erweiterung, wie empfohlen aus Typo3.


Hier der Warntext:

Dear TYPO3 users,

Several vulnerabilities have been found in the following third party TYPO3
extensions:

The vulnerability in mm_dam_filelist is known to be exploited in the wild.
If used, we highly recommend to immediately disable the extension and remove it completely from the TYPO3 installation.

MM DAM - FEFileList (mm_dam_filelist)
Events (julle_events)
WEC Staff Directory (wec_staffdirectory)
TGM news (tgm_news)
TGM media (tgm_media)
TGM calendar module (tgm_cal)
DAM Lightbox (damlightbox)
Download system (sb_downloader)
iwbase (iwbase)
Fussballtippspiel (toto)
Font resizer (fontsizer)
Adminer (t3adminer)


For further information on all CSB (Collective Security Bulletin) issues,
please read the related advisory TYPO3-EXT-SA-2011-006 that was published today:
http://typo3.org/teams/security/security-bulletins/typo3-extensions/typo3-ext-sa-2011-006/


The link to the advisory in our last announce mail regarding the phpmyadmin extension was unfortunately wrong.
Here is the correct link:

http://typo3.org/teams/security/security-bulletins/typo3-extensions/typo3-ext-sa-2011-005/


In general the TYPO3 Security Team recommends to read the following pages:

The TYPO3 Security Cookbook:
<http://typo3.org/fileadmin/security-team/typo3_security_cookbook_v-0.5.pdf>

Make sure you are subscribed to the TYPO3 Announce List:
<http://lists.typo3.org/cgi-bin/mailman/listinfo/typo3-announce>

See all TYPO3 security advisories:
<http://typo3.org/teams/security/security-bulletins/>