Security issues in several third party TYPO3 extensions including commerce and t3m

By: Michael Stucki on behalf of the Security Team

Several vulnerabilities have been found in the following third party TYPO3 extensions: "Commerce" (commerce), "T3M E-Mail Marketing Tool" (t3m), "AIRware Lexicon" (air_lexicon), "AST ZipCodeSearch" (ast_addresszipsearch), "Car" (car), "Event Registration" (event_registr), "Solidbase Bannermanagement" (SBbanner), "t3m_affiliate" (t3m_affiliate), "AJAX Chat" (vjchat)

For further information on the issue in extension "Commerce" (commerce), please read the related advisory TYPO3-SA-2009-011 that was published today:
http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-011/

For further information on the issue in extension "T3M E-Mail Marketing Tool" (t3m), please read the related advisory TYPO3-SA-2009-012 that was published today:
http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-012/

For further information on all CSB (Collective Security Bulletin) issues, please read the related advisory TYPO3-SA-2009-013 that was published today:
http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-013/

In general the TYPO3 Security Team recommends to read the following pages:

The TYPO3 Security Cookbook:
http://typo3.org/fileadmin/security-team/typo3_security_cookbook_v-0.5.pdf

Make sure you are subscribed to the TYPO3 Announce List:
http://lists.typo3.org/cgi-bin/mailman/listinfo/typo3-announce

See all TYPO3 security advisories:
http://typo3.org/teams/security/security-bulletins/

---