Security vulnerabilities have been discovered in following third party TYPO3 extensions: "Calendar Base" (cal), "Direct Mail" (direct_mail), "[AN] Search it!" (an_searchit), "Simple download-system...

More... (http://news.typo3.org/news/article/security-issues-in-several-third-party-typo3-extensions-including-phpmyadmin-solr-maag-randomimage/)