It has been discovered that the extension "Dynamic Content Elements" (dce) is susceptible to Information Disclosure.

More... (http://www.typo3.org/news/article/information-disclosure-vulnerability-in-dynamic-content-elements-dce/)