| Joomla! http://forum.joomla.org/ |
|
| Attention: Official List of Vulnerable 3rd Party Add-ons!!! http://forum.joomla.org/viewtopic.php?f=296&t=79477 |
Page 1 of 2 |
| Author: | RobS [ Sun Jul 23, 2006 10:11 pm ] |
| Post subject: | Attention: Official List of Vulnerable 3rd Party Add-ons!!! |
[MOD: All information on vulnerable 3rd party extensions has been moved to the Joomla! Wiki] http://docs.joomla.org/Vulnerable_Extensions_List |
|
| Author: | RobS [ Sat Jul 29, 2006 7:06 pm ] |
| Post subject: | Re: Attention: Official List of Vulnerable 3rd Party Add-ons!!! |
Updated. Added A6MamboHelpDesk to the list of vulnerable components and also updated the information for LoudMouth as it has reportedly been fixed now. Last updated July 29, 2006 @ 12:06 PM PDT. |
|
| Author: | RobS [ Tue Aug 01, 2006 6:40 am ] |
| Post subject: | Re: Attention: Official List of Vulnerable 3rd Party Add-ons!!! |
Updated again. Added 7 components to the naughty list. PC Cook Book User Home Pages 1 and 2 Mambo Gallery Manager JD-WordPress Colophon LMO Bayesian Naive Filter That brings this list to 34 components. Last updated on July 31, 2006 @ 11:34 PM PDT. |
|
| Author: | RobS [ Thu Aug 10, 2006 8:46 am ] |
| Post subject: | Re: Attention: Official List of Vulnerable 3rd Party Add-ons!!! |
Updated Again... Added JD-Wiki Community Builder (com_profiler) ((Thank you JM!)) Updated status for LMO Updated link for SMF Bridge (for SMF 1.1RC2 only) Last updated on August 10th, 2006 at 1:45 AM PDT (GMT-7) |
|
| Author: | RobS [ Thu Aug 10, 2006 9:15 am ] |
| Post subject: | Re: Attention: Official List of Vulnerable 3rd Party Add-ons!!! |
I forgot some... Added: Classifieds Events Hot Properties Last updated on August 10th, 2006 at 2:15 AM PDT (GMT-7) |
|
| Author: | RobS [ Thu Aug 10, 2006 7:07 pm ] |
| Post subject: | Re: Attention: Official List of Vulnerable 3rd Party Add-ons!!! |
Added Blogg-X Mambot. - Removed Blogg-X. It does not appear to be vulnerable upon further investigation. Updated information about Security Images. That brings the number of insecure 3rd party extensions up to 40 extensions. Last updated on August 12th, 2006 at 11:16 AM PDT (GMT-7) |
|
| Author: | RobS [ Sat Aug 12, 2006 6:18 pm ] |
| Post subject: | Re: Attention: Official List of Vulnerable 3rd Party Add-ons!!! |
Removed Blogg-X. Upon further investigation Blogg-X does not appear to be vulnerable. |
|
| Author: | infograf768 [ Tue Aug 15, 2006 5:59 am ] |
| Post subject: | Re: Attention: Official List of Vulnerable 3rd Party Add-ons!!! |
Temporarily added the abandonned Webring component until updated by Robs. |
|
| Author: | Robin [ Tue Aug 15, 2006 6:58 pm ] |
| Post subject: | Re: Attention: Official List of Vulnerable 3rd Party Add-ons!!! |
Update has come in about Mosets Hot Property, there 0.98 release should fix the security issues. Still need to verify before we change the current listing. Regards Robin |
|
| Author: | Robin [ Wed Aug 16, 2006 7:16 am ] |
| Post subject: | Re: Attention: Official List of Vulnerable 3rd Party Add-ons!!! |
I have received a reply from the developer of Mosets Tree and Hot Property. Mosets Tree 1.5.9 and Hot Property 0.98 are now solving the security issues. The list will be changed accordingly. |
|
| Author: | infograf768 [ Fri Aug 18, 2006 4:22 am ] |
| Post subject: | Re: Attention: Official List of Vulnerable 3rd Party Add-ons!!! |
See here for hacks concerning Joomlaboard 1.1.2 and CB 1.0.1 to make them compatible with register globals off as set in globals.php http://forum.joomla.org/index.php/topic,86525.0.html (please integrate in your list, Robs) |
|
| Author: | Robin [ Fri Aug 18, 2006 6:33 am ] |
| Post subject: | Re: Attention: Official List of Vulnerable 3rd Party Add-ons!!! |
Thanks JM, added as a note/reference to the listing. |
|
| Author: | Robin [ Fri Aug 18, 2006 11:23 am ] |
| Post subject: | Re: Attention: Official List of Vulnerable 3rd Party Add-ons!!! |
Added JIM 1.0.1. (PMS) to the list, regarding http://secunia.com/advisories/21545/ (http://extensions.joomla.org/component/ ... Itemid,35/) Robin |
|
| Author: | Robin [ Fri Aug 18, 2006 11:34 am ] |
| Post subject: | Re: Attention: Official List of Vulnerable 3rd Party Add-ons!!! |
Added Mambelfish 1.x due to report ; http://secunia.com/advisories/21544/ |
|
| Author: | infograf768 [ Wed Aug 23, 2006 7:11 am ] |
| Post subject: | Re: Attention: Official List of Vulnerable 3rd Party Add-ons!!! |
JCE vulnerability. Patch available. http://www.cellardoor.za.net/index.php? ... mla.org%29 |
|
| Author: | infograf768 [ Sat Aug 26, 2006 8:32 am ] |
| Post subject: | Re: Attention: Official List of Vulnerable 3rd Party Add-ons!!! |
I am informed a JCE 1.1 release is soon to get out. All potential holes will be plugged. |
|
| Author: | infograf768 [ Sun Aug 27, 2006 8:38 am ] |
| Post subject: | Re: Attention: Official List of Vulnerable 3rd Party Add-ons!!! |
SEF404x has been found vulnerable. No crack known yet. Developer contacted. Extension taken off from JED until fixed. |
|
| Author: | RobS [ Fri Sep 01, 2006 10:10 am ] |
| Post subject: | Re: Attention: Official List of Vulnerable 3rd Party Add-ons!!! |
Updated again... Added BigApe Backup Added SEF404x Updated Colophon |
|
| Author: | infograf768 [ Tue Sep 05, 2006 4:54 am ] |
| Post subject: | Re: Attention: Official List of Vulnerable 3rd Party Add-ons!!! |
Remository v3.25 vulnerable. Update to 3.26 See http://forum.joomla.org/index.php/topic ... #msg461272 |
|
| Author: | Tonie [ Thu Sep 28, 2006 8:04 am ] |
| Post subject: | Re: Attention: Official List of Vulnerable 3rd Party Add-ons!!! |
Added Facile Forms 1.46g and older, upgrade available. |
|
| Author: | rliskey [ Thu Oct 05, 2006 7:32 am ] |
| Post subject: | Re: Attention: Official List of Vulnerable 3rd Party Add-ons!!! |
The Official List of Vulnerable 3rd Party/Non Joomla! Extensions is the new home for information on vulnerable 3rd party extensions. It contains a table style overview of all known vulnerable extensions with links to detailed information on each one. http://forum.joomla.org/index.php/board,346.0.html This thread will remain for announcements and discussions related to vulnerable 3rd party extension security issues. |
|
| Author: | rliskey [ Sat Oct 21, 2006 1:45 am ] |
| Post subject: | Re: Attention: Official List of Vulnerable 3rd Party Add-ons!!! |
The Big Ape entry was updated with a link to a patch that was released by the developer. |
|
| Author: | rliskey [ Sat Oct 21, 2006 1:49 am ] |
| Post subject: | Re: Attention: Official List of Vulnerable 3rd Party Add-ons!!! |
Joomlaboard entry has been updated to advise upgrade to version 1.1.3 http://forum.joomla.org/index.php/topic ... #msg501968 |
|
| Author: | rliskey [ Sun Oct 22, 2006 4:45 am ] |
| Post subject: | Re: Attention: Official List of Vulnerable 3rd Party Add-ons!!! |
BSQ Site Stats entry updated due to SQL injection vulnerability. http://forum.joomla.org/index.php/topic,100146 |
|
| Author: | Tonie [ Mon Nov 13, 2006 7:49 pm ] |
| Post subject: | Re: Attention: Official List of Vulnerable 3rd Party Add-ons!!! |
Security issue with JCE 1.0.4, please read here |
|
| Author: | rliskey [ Sat Jan 06, 2007 6:09 am ] |
| Post subject: | Re: Attention: Official List of Vulnerable 3rd Party Add-ons!!! |
Added a link to the Adobe Reader XSS vulnerability report. This is not a Joomla! or third party issue, but because so many sites use PDF files, I think it's worth noting. http://forum.joomla.org/index.php/topic ... #msg506694 |
|
| Author: | rliskey [ Tue Mar 13, 2007 6:11 pm ] |
| Post subject: | Re: Attention: Official List of Vulnerable 3rd Party Add-ons!!! |
VirtueMart vulnerability reported by the vendor. For all versions below 1.0.10. Patch available; upgrade immediately. http://forum.joomla.org/index.php/topic,150053 |
|
| Author: | rliskey [ Sun Mar 18, 2007 9:56 pm ] |
| Post subject: | Re: Attention: Official List of Vulnerable 3rd Party Add-ons!!! |
Seems there's a vulnerable, abandoned project floating around called "Link Directory" that some people are finding and installing. Name: Link Directory Short Name: com_linkdirectory Versions: All (abandoned project) Reference: http://forum.joomla.org/index.php?topic=149131.new#new |
|
| Author: | rliskey [ Sun May 13, 2007 8:56 pm ] |
| Post subject: | Re: Attention: Official List of Vulnerable 3rd Party Add-ons!!! |
The Official Vulnerable Extensions List is now hosted on the Help site, in the FAQs section. The Security and Performance FAQs are an easy-to-navigate list of essential information gleaned from quality Security Forum posts. |
|
| Author: | rliskey [ Thu Jun 21, 2007 7:10 pm ] |
| Post subject: | Re: Attention: Official List of Vulnerable 3rd Party Add-ons!!! |
The Vulnerable Extensions List is once again improved. All data is now available in one view. http://help.joomla.org/component/option ... temid,268/ |
|
| Page 1 of 2 | All times are UTC |
| Powered by phpBB © 2000, 2002, 2005, 2007 phpBB Group http://www.phpbb.com/ |
|