2 new exploit

lafrance · Post by **lafrance** » Thu Dec 10, 2009 8:14 pm

Mamboleto Component 2.0 RC3 sqlinjection
and
'corePHP' JPhoto

PhilD · Post by **PhilD** » Fri Dec 11, 2009 12:54 am

Could you provide more information on the issues the extensions have and a link to where the issues were reported to?

This will help in verifying the issues so a determination can be made as to place on the vulnerability list or not.

lafrance · Post by **lafrance** » Fri Dec 11, 2009 1:11 am

PhilD wrote:Could you provide more information on the issues the extensions have and a link to where the issues were reported to?

This will help in verifying the issues so a determination can be made as to place on the vulnerability list or not.

hello!

posted them both on our http://docs.joomla.org/Investigation_of ... ation_list
from the list on http://www.exploit-db.com/webapps

PhilD · Post by **PhilD** » Fri Dec 11, 2009 3:37 am

Thanks for the additional information

spignataro · Post by **spignataro** » Sun Dec 13, 2009 2:54 am

Please removed JPhoto - patch has been released.

Kindest regards,

Post by **mandville** » Sun Dec 13, 2009 4:13 am

The vulnerabilities were moved to the main http://docs.joomla.org/Vulnerable_Extensions_List and have been removed from the investigation list

spignataro wrote:Please removed JPhoto - patch has been released.

Kindest regards,

Hello,
as stated on the list http://docs.joomla.org/Vulnerable_Extensions_List

Items will be removed after a suitable period and not on resolution <snip>
Finally a link to the notice about any update with link or Not Known where none is known.

Can you please provide a link to the update so we can add it to the list?

Having an update does not mean the users are aware of the vulnerability or update, hence we don't automatically remove it on resolution
Thanks

spignataro · Post by **spignataro** » Sun Dec 13, 2009 4:46 am

mandville,

http://www.corephp.com/blog/uber-fast-j ... y-release/

Here is the posting for JPhoto. Release is already been made available to our user base.

Kindest regards,

lafrance · Post by **lafrance** » Sun Dec 13, 2009 6:09 am

spignataro wrote:Please removed JPhoto - patch has been released.

Kindest regards,

Hello!

Thank you done,PhilD could you edit main page to reflect this also.

Thank You

Post by **mandville** » Sun Dec 13, 2009 10:18 am

Link and status updated on the VEL to show the developer update.

PhilD · Post by **PhilD** » Sun Dec 13, 2009 2:22 pm

Thanks, for making the page edit to the VEL mandville.

VEL - I like that it is easier to spell

Post by **mandville** » Sun Dec 13, 2009 2:36 pm

PhilD wrote:Thanks, for making the page edit to the VEL mandville.

VEL - I like that it is easier to spell

December even has its own http://[no tiny url]/vel1209

The Joomla! Forum™

2 new exploit

2 new exploit

Re: 2 new exploit

Re: 2 new exploit

Re: 2 new exploit

Re: 2 new exploit

Re: 2 new exploit

Re: 2 new exploit

Re: 2 new exploit

Re: 2 new exploit

Re: 2 new exploit

Re: 2 new exploit