2 new exploit
Moderator: General Support Moderators
Forum rules
Forum Rules
Absolute Beginner's Guide to Joomla! <-- please read before posting, this means YOU.
Security Checklist
Forum Post Assistant - If you are serious about wanting help, you will use this tool to help you post.
Forum Rules
Absolute Beginner's Guide to Joomla! <-- please read before posting, this means YOU.
Security Checklist
Forum Post Assistant - If you are serious about wanting help, you will use this tool to help you post.
- lafrance
- Joomla! Ace
- Posts: 1116
- Joined: Thu Jan 11, 2007 5:02 pm
- Location: Alberta,Canada
- Contact:
2 new exploit
Mamboleto Component 2.0 RC3 sqlinjection
and
'corePHP' JPhoto
and
'corePHP' JPhoto
VEL contributor @ http://docs.joomla.org/Investigation_of_exploits
OSM,Trademark and Licensing Team,jed editor
Please no pm direct contact irc freenode.net #joomla
OSM,Trademark and Licensing Team,jed editor
Please no pm direct contact irc freenode.net #joomla
- PhilD
- Joomla! Hero
- Posts: 2737
- Joined: Sat Oct 21, 2006 10:20 pm
- Location: Wisconsin USA
- Contact:
Re: 2 new exploit
Could you provide more information on the issues the extensions have and a link to where the issues were reported to?
This will help in verifying the issues so a determination can be made as to place on the vulnerability list or not.
This will help in verifying the issues so a determination can be made as to place on the vulnerability list or not.
PhilD
- lafrance
- Joomla! Ace
- Posts: 1116
- Joined: Thu Jan 11, 2007 5:02 pm
- Location: Alberta,Canada
- Contact:
Re: 2 new exploit
hello!PhilD wrote:Could you provide more information on the issues the extensions have and a link to where the issues were reported to?
This will help in verifying the issues so a determination can be made as to place on the vulnerability list or not.
posted them both on our http://docs.joomla.org/Investigation_of ... ation_list
from the list on http://www.exploit-db.com/webapps
VEL contributor @ http://docs.joomla.org/Investigation_of_exploits
OSM,Trademark and Licensing Team,jed editor
Please no pm direct contact irc freenode.net #joomla
OSM,Trademark and Licensing Team,jed editor
Please no pm direct contact irc freenode.net #joomla
- PhilD
- Joomla! Hero
- Posts: 2737
- Joined: Sat Oct 21, 2006 10:20 pm
- Location: Wisconsin USA
- Contact:
- spignataro
- Joomla! Ace
- Posts: 1179
- Joined: Thu Aug 18, 2005 3:31 pm
- Location: Battle Creek, MI
- Contact:
Re: 2 new exploit
Please removed JPhoto - patch has been released.
Kindest regards,
Kindest regards,
- mandville
- Joomla! Master
- Posts: 15152
- Joined: Mon Mar 20, 2006 1:56 am
- Location: The Girly Side of Joomla in Sussex
Re: 2 new exploit
The vulnerabilities were moved to the main http://docs.joomla.org/Vulnerable_Extensions_List and have been removed from the investigation list
as stated on the list http://docs.joomla.org/Vulnerable_Extensions_List
Having an update does not mean the users are aware of the vulnerability or update, hence we don't automatically remove it on resolution
Thanks
Hello,spignataro wrote:Please removed JPhoto - patch has been released.
Kindest regards,
as stated on the list http://docs.joomla.org/Vulnerable_Extensions_List
Can you please provide a link to the update so we can add it to the list?Items will be removed after a suitable period and not on resolution <snip>
Finally a link to the notice about any update with link or Not Known where none is known.
Having an update does not mean the users are aware of the vulnerability or update, hence we don't automatically remove it on resolution
Thanks
HU2HY- Poor questions = Poor answer
Un requested Help PM's will be reported, added to the foe list and possibly just deleted
{VEL Team Leader}{TM Auditor }{ Showcase & Security forums Moderator}
Un requested Help PM's will be reported, added to the foe list and possibly just deleted
{VEL Team Leader}{TM Auditor }{ Showcase & Security forums Moderator}
- spignataro
- Joomla! Ace
- Posts: 1179
- Joined: Thu Aug 18, 2005 3:31 pm
- Location: Battle Creek, MI
- Contact:
Re: 2 new exploit
mandville,
http://www.corephp.com/blog/uber-fast-j ... y-release/
Here is the posting for JPhoto. Release is already been made available to our user base.
Kindest regards,
http://www.corephp.com/blog/uber-fast-j ... y-release/
Here is the posting for JPhoto. Release is already been made available to our user base.
Kindest regards,
- lafrance
- Joomla! Ace
- Posts: 1116
- Joined: Thu Jan 11, 2007 5:02 pm
- Location: Alberta,Canada
- Contact:
Re: 2 new exploit
Hello!spignataro wrote:Please removed JPhoto - patch has been released.
Kindest regards,
Thank you done,PhilD could you edit main page to reflect this also.
Thank You
VEL contributor @ http://docs.joomla.org/Investigation_of_exploits
OSM,Trademark and Licensing Team,jed editor
Please no pm direct contact irc freenode.net #joomla
OSM,Trademark and Licensing Team,jed editor
Please no pm direct contact irc freenode.net #joomla
- mandville
- Joomla! Master
- Posts: 15152
- Joined: Mon Mar 20, 2006 1:56 am
- Location: The Girly Side of Joomla in Sussex
Re: 2 new exploit
Link and status updated on the VEL to show the developer update.
HU2HY- Poor questions = Poor answer
Un requested Help PM's will be reported, added to the foe list and possibly just deleted
{VEL Team Leader}{TM Auditor }{ Showcase & Security forums Moderator}
Un requested Help PM's will be reported, added to the foe list and possibly just deleted
{VEL Team Leader}{TM Auditor }{ Showcase & Security forums Moderator}
- PhilD
- Joomla! Hero
- Posts: 2737
- Joined: Sat Oct 21, 2006 10:20 pm
- Location: Wisconsin USA
- Contact:
Re: 2 new exploit
Thanks, for making the page edit to the VEL mandville.
VEL - I like that it is easier to spell
VEL - I like that it is easier to spell
PhilD
- mandville
- Joomla! Master
- Posts: 15152
- Joined: Mon Mar 20, 2006 1:56 am
- Location: The Girly Side of Joomla in Sussex
Re: 2 new exploit
December even has its own http://[no tiny url]/vel1209PhilD wrote:Thanks, for making the page edit to the VEL mandville.
VEL - I like that it is easier to spell
HU2HY- Poor questions = Poor answer
Un requested Help PM's will be reported, added to the foe list and possibly just deleted
{VEL Team Leader}{TM Auditor }{ Showcase & Security forums Moderator}
Un requested Help PM's will be reported, added to the foe list and possibly just deleted
{VEL Team Leader}{TM Auditor }{ Showcase & Security forums Moderator}