It is currently Sun Jul 20, 2008 10:00 pm

[UPGRADE AVAIL.] Joomla Colophon

For all Non-Joomla! security issues. ie 3pd Components etc.

Moderators: Beat, rliskey, RussW, General Support Moderators

Post a reply

[UPGRADE AVAIL.] Joomla Colophon

Postby Elpie on Mon Jul 31, 2006 1:26 pm

Remote file inclusion in admin.colophon.php. Vulnerable version = 1.2, other versions may also be affected.
Last edited by RobS on Tue Aug 29, 2006 11:35 pm, edited 1 time in total.
For Mambo assistance: http://forum.mambo-foundation.org
Open Source Research & Best Practice: http://osprojects.info
User avatar
Elpie
Joomla! Guru
Joomla! Guru
 
Posts: 918
Joined: Wed Aug 17, 2005 11:26 pm
Top

Re: Joomla Colophon

Postby brian on Mon Jul 31, 2006 1:48 pm

http://secunia.com/advisories/21288/
Last edited by infograf768 on Mon Jul 31, 2006 2:14 pm, edited 1 time in total.
brian
I've been banned!
 
Posts: 4763
Joined: Fri Aug 12, 2005 7:19 am
Location: Leeds, UK
Top

Re: Joomla Colophon

Postby infograf768 on Mon Jul 31, 2006 2:16 pm

Changed ttle to reflect Secunia advisory.

Developper's site has beed defaced btw:
http://www.sirjoe.it/components/com_jd- ... k.php?p=77
Jean-Marie Simonet / infograf · http://www.info-graf.fr · GMT +2
Qui vult dare parva non debet magna rogare.
User avatar
infograf768
Joomla! Master
Joomla! Master
 
Posts: 11440
Joined: Fri Aug 12, 2005 3:47 pm
Location: •Translation Matters•
Top

Re: Joomla Colophon

Postby RobS on Tue Aug 01, 2006 6:15 am

Thanks, adding to the list.
Rob Schley - Joomla! Development Working Group - Open Source Matters Board
WebImagery - http://www.webimagery.net/ - Professional Consulting Services
JXtended - http://www.jxtended.com/ - Free and Commercial Joomla! Extensions
User avatar
RobS
Joomla! Ace
Joomla! Ace
 
Posts: 1552
Joined: Mon Dec 05, 2005 10:17 am
Location: New Orleans, LA, USA
Top

Re: Joomla Colophon

Postby elmoch on Wed Aug 02, 2006 11:15 pm

You can use JM-Credits instead of Colophon. JM-Credits doesn't have that vulnerability and is much more configurable than Colophon.

I hope you like it! ;)
My Extensions: JM-Recommend, JM-Credits, JM-Link Us (for J! 1.0.x). Find them in the 3rd Party Extensions Forum.
Joomla test installation: www.poraqui.net/joomla  User: test  Password: test
elmoch
Joomla! Engineer
Joomla! Engineer
 
Posts: 410
Joined: Fri Aug 26, 2005 10:13 pm
Location: Spain
Top

Re: Joomla Colophon

Postby infograf768 on Thu Aug 03, 2006 6:11 am

JM is MY trademark (short for Jean-Marie)  :laugh: :laugh: :laugh:

(just a French joke, totally OT)
Jean-Marie Simonet / infograf · http://www.info-graf.fr · GMT +2
Qui vult dare parva non debet magna rogare.
User avatar
infograf768
Joomla! Master
Joomla! Master
 
Posts: 11440
Joined: Fri Aug 12, 2005 3:47 pm
Location: •Translation Matters•
Top

Re: [ABANDONED] Joomla Colophon

Postby kaizen on Tue Aug 29, 2006 11:33 pm

Colophon is now in version 1.3.1 which includes fixes for the vulnerabiilities listed as well as some other updates.  Site, which was NEVER 'defaced' BTW,  is now back up and is in the process of being fully restored.

I have not abandoned this project or the other works at SchoolastechWorks, which include BadWords2 and I hope to get back on my feet after a extremely trying string of personal hardships and two tragic losses.

I'd appreciate it if the mods would update the listing as appropriate.
Last edited by kaizen on Tue Aug 29, 2006 11:35 pm, edited 1 time in total.
Robert Anthony Pitera
West of East, Inc. - http://www.westofeast.com - Taking technology in new directions™
SchoolastechWorks - http://www.schoolastech.com - Joomla Educational Development
User avatar
kaizen
Joomla! Engineer
Joomla! Engineer
 
Posts: 313
Joined: Fri Aug 26, 2005 5:05 am
Location: Pennsylvania, USA
Top
Post a reply

Return to 3rd Party/Non Joomla! Security Issues

Who is online

Users browsing this forum: No registered users and 4 guests