Vulnerability List last 3 months from NVD - US Gov.
Moderator: General Support Moderators
Forum rules
Forum Rules
Absolute Beginner's Guide to Joomla! <-- please read before posting, this means YOU.
Security Checklist
Forum Post Assistant - If you are serious about wanting help, you will use this tool to help you post.
Forum Rules
Absolute Beginner's Guide to Joomla! <-- please read before posting, this means YOU.
Security Checklist
Forum Post Assistant - If you are serious about wanting help, you will use this tool to help you post.
-
- Joomla! Ace
- Posts: 1964
- Joined: Tue Jun 09, 2009 2:21 am
- Location: WV
- Contact:
Re: Vulnerability List last 3 months from NVD - US Gov.
http://jeffchannell.com - Joomla Extensions & Support
http://biziant.com - Open Joomla Firewall/IDS
Unsolicited private messages/emails = hire me to fix your problem.
http://biziant.com - Open Joomla Firewall/IDS
Unsolicited private messages/emails = hire me to fix your problem.
καλλιστι
- mandville
- Joomla! Master
- Posts: 15152
- Joined: Mon Mar 20, 2006 1:56 am
- Location: The Girly Side of Joomla in Sussex
Re: Vulnerability List last 3 months from NVD - US Gov.
think i got them all on the vulnerability list http://docs.joomla.org/Vulnerable_Extensions_List unless theres any others you can spot.
there are 2 thats curenty under investigation (Joomla Component mygallery ( farbinform_krell) Remote SQL Injection Vulnerability) and (Google Calendar Component) to find which actual components they are etc
there are 2 thats curenty under investigation (Joomla Component mygallery ( farbinform_krell) Remote SQL Injection Vulnerability) and (Google Calendar Component) to find which actual components they are etc
HU2HY- Poor questions = Poor answer
Un requested Help PM's will be reported, added to the foe list and possibly just deleted
{VEL Team Leader}{TM Auditor }{ Showcase & Security forums Moderator}
Un requested Help PM's will be reported, added to the foe list and possibly just deleted
{VEL Team Leader}{TM Auditor }{ Showcase & Security forums Moderator}
- ot2sen
- Joomla! Master
- Posts: 10381
- Joined: Thu Aug 18, 2005 9:58 am
- Location: Hillerød - Denmark
- Contact:
Re: Vulnerability List last 3 months from NVD - US Gov.
Latest LyftenBloggie 1.0.4 Secunia report from yesterday:
http://secunia.com/advisories/37499/
Sent a mail to dev. at their contact form to let them know.
http://secunia.com/advisories/37499/
Sent a mail to dev. at their contact form to let them know.
Ole Bang Ottosen
Dansk frivillig Joomla! support websted - joomla.dk
OpenTranslators Core Team opentranslators.org
Dansk frivillig Joomla! support websted - joomla.dk
OpenTranslators Core Team opentranslators.org
- mandville
- Joomla! Master
- Posts: 15152
- Joined: Mon Mar 20, 2006 1:56 am
- Location: The Girly Side of Joomla in Sussex
Re: Vulnerability List last 3 months from NVD - US Gov.
Thanks - added to list and JED reported
HU2HY- Poor questions = Poor answer
Un requested Help PM's will be reported, added to the foe list and possibly just deleted
{VEL Team Leader}{TM Auditor }{ Showcase & Security forums Moderator}
Un requested Help PM's will be reported, added to the foe list and possibly just deleted
{VEL Team Leader}{TM Auditor }{ Showcase & Security forums Moderator}
- xillibit
- Joomla! Apprentice
- Posts: 38
- Joined: Sun Feb 18, 2007 4:46 pm
- Location: France
Re: Vulnerability List last 3 months from NVD - US Gov.
Fireboard has vulnerabilities too, but is not in your list : http://jeffchannell.com/Joomla/kunena-f ... ility.html
UPDATE 3: Kunena is a Joomla 1.5 implementation of Fireboard. As it turns out, Fireboard is also vulnerable to this attack vector.
- mandville
- Joomla! Master
- Posts: 15152
- Joined: Mon Mar 20, 2006 1:56 am
- Location: The Girly Side of Joomla in Sussex
Re: Vulnerability List last 3 months from NVD - US Gov.
as we dont have any references to the fireboard vulnerability (that was posted Last Updated on Monday, 06 July 2009 22:15 ), or the time to test out any vulnerability, we have not listed it.
If the developer wishes to contact me via these forums to assure its users, we will be glad to leave it off the list!
If the developer wishes to contact me via these forums to assure its users, we will be glad to leave it off the list!
HU2HY- Poor questions = Poor answer
Un requested Help PM's will be reported, added to the foe list and possibly just deleted
{VEL Team Leader}{TM Auditor }{ Showcase & Security forums Moderator}
Un requested Help PM's will be reported, added to the foe list and possibly just deleted
{VEL Team Leader}{TM Auditor }{ Showcase & Security forums Moderator}
-
- Joomla! Ace
- Posts: 1964
- Joined: Tue Jun 09, 2009 2:21 am
- Location: WV
- Contact:
Re: Vulnerability List last 3 months from NVD - US Gov.
http://jeffchannell.com - Joomla Extensions & Support
http://biziant.com - Open Joomla Firewall/IDS
Unsolicited private messages/emails = hire me to fix your problem.
http://biziant.com - Open Joomla Firewall/IDS
Unsolicited private messages/emails = hire me to fix your problem.
καλλιστι
- mandville
- Joomla! Master
- Posts: 15152
- Joined: Mon Mar 20, 2006 1:56 am
- Location: The Girly Side of Joomla in Sussex
Re: Vulnerability List last 3 months from NVD - US Gov.
yes, i am looking this one atm, and dont you go all "wall of shame" post on me now JeffC
HU2HY- Poor questions = Poor answer
Un requested Help PM's will be reported, added to the foe list and possibly just deleted
{VEL Team Leader}{TM Auditor }{ Showcase & Security forums Moderator}
Un requested Help PM's will be reported, added to the foe list and possibly just deleted
{VEL Team Leader}{TM Auditor }{ Showcase & Security forums Moderator}
- mandville
- Joomla! Master
- Posts: 15152
- Joined: Mon Mar 20, 2006 1:56 am
- Location: The Girly Side of Joomla in Sussex
Re: Vulnerability List last 3 months from NVD - US Gov.
ok its a repeat by a claimer skid.
both exploits i chased refer to version 1.0 VM now at 1.14
compare 10533 and 10407 talk about plagiarism....and its already on the VEL
both exploits i chased refer to version 1.0 VM now at 1.14
compare 10533 and 10407 talk about plagiarism....and its already on the VEL
HU2HY- Poor questions = Poor answer
Un requested Help PM's will be reported, added to the foe list and possibly just deleted
{VEL Team Leader}{TM Auditor }{ Showcase & Security forums Moderator}
Un requested Help PM's will be reported, added to the foe list and possibly just deleted
{VEL Team Leader}{TM Auditor }{ Showcase & Security forums Moderator}
-
- Joomla! Ace
- Posts: 1964
- Joined: Tue Jun 09, 2009 2:21 am
- Location: WV
- Contact:
Re: Vulnerability List last 3 months from NVD - US Gov.
Both are from the same person. I'm not sure this still works.mandville wrote:ok its a repeat by a claimer skid.
both exploits i chased refer to version 1.0 VM now at 1.14
compare 10533 and 10407 talk about plagiarism....and its already on the VEL
http://jeffchannell.com - Joomla Extensions & Support
http://biziant.com - Open Joomla Firewall/IDS
Unsolicited private messages/emails = hire me to fix your problem.
http://biziant.com - Open Joomla Firewall/IDS
Unsolicited private messages/emails = hire me to fix your problem.
καλλιστι
-
- Joomla! Apprentice
- Posts: 15
- Joined: Thu May 04, 2006 6:26 am
Re: Vulnerability List last 3 months from NVD - US Gov.
Hi Team,
I'm RAXO All-mode PRO developer (http://extensions.joomla.org/extensions ... news/11399).
I'd like to ask to republish our extension, please.
Vulnerability issue was because of external thumbnail library (TimThumb). Within 12 hours I fixed the problem and released new module version 1.5.0 where this library is updated to the latest secure version.
Security page notice:
http://raxo.org/forum/viewtopic.php?f=2&t=60#p2056
We're sending our clients the updated version since yesterday. But it takes a couple of days to deliver the update to every customer from our list.
Thank you
Alex B.
I'm RAXO All-mode PRO developer (http://extensions.joomla.org/extensions ... news/11399).
I'd like to ask to republish our extension, please.
Vulnerability issue was because of external thumbnail library (TimThumb). Within 12 hours I fixed the problem and released new module version 1.5.0 where this library is updated to the latest secure version.
Security page notice:
http://raxo.org/forum/viewtopic.php?f=2&t=60#p2056
We're sending our clients the updated version since yesterday. But it takes a couple of days to deliver the update to every customer from our list.
Thank you
Alex B.
- mandville
- Joomla! Master
- Posts: 15152
- Joined: Mon Mar 20, 2006 1:56 am
- Location: The Girly Side of Joomla in Sussex
Re: Vulnerability List last 3 months from NVD - US Gov.
PLease follow the procedure laid out inShur wrote:I'm RAXO All-mode PRO developer (http://extensions.joomla.org/extensions ... news/11399).
I'd like to ask to republish our extension, please.
http://docs.joomla.org/Vulnerable_Exten ... om_the_VEL and then visit.
http://[no tiny url]/velunlist
I am locking this topic as it is unrelated and your situation is dealt with by the procedures in the email you recieved.
HU2HY- Poor questions = Poor answer
Un requested Help PM's will be reported, added to the foe list and possibly just deleted
{VEL Team Leader}{TM Auditor }{ Showcase & Security forums Moderator}
Un requested Help PM's will be reported, added to the foe list and possibly just deleted
{VEL Team Leader}{TM Auditor }{ Showcase & Security forums Moderator}