1. Problem - Not using httponly flag,
2. Problem - Using vunerable script jQuery 1.3.2 (JS)
They didn't mentioned problem with old CMS version!
Are those 2 problems due old version of my site (Joomla 1.5.26)?
Can I fix this problems whitout upgrade-in to Joomla 2.5 or Joomla 3.x?
Are those two problems big security Vulnerability?
Would upgrade to Joomla 2.5 or 3.0 automaticly solve those problems?
Thank you very much!
Problem Description :: Forum Post Assistant (v1.2.4) : 18th March 2015 wrote:Revision company made an Vulnerability Scanning and get results: 1. Not using httponly flag, 2. Using vunerable script jQuery 1.3.2 (JS)
Last PHP Error(s) Reported :: Forum Post Assistant (v1.2.4) : 18th March 2015 wrote:[18-Mar-2015 17:03:58 UTC] PHP Warning: curl_setopt() [<a href='function.curl-setopt'>function.curl-setopt</a>]: CURLOPT_FOLLOWLOCATION cannot be activated when safe_mode is enabled or an open_basedir is set in /home/url/public_html/plugins/authentication/gmail.php on line 66
Forum Post Assistant (v1.2.4) : 18th March 2015 wrote:Basic Environment :: wrote:Joomla! Instance :: Joomla! 1.5.26-Stable (senu takaa ama busani) 27-March-2012
Joomla! Configured :: Yes | Read-Only (444) | Owner: vzzzhr (uid: 1/gid: 1) | Group: vzzzhr (gid: 1) | Valid For: 1.5
Configuration Options :: Offline: 0 | SEF: 0 | SEF Suffix: 0 | SEF ReWrite: 0 | .htaccess/web.config: Yes | GZip: 0 | Cache: 1 | FTP Layer: 0 | SSL: 0 | Error Reporting: 0 | Site Debug: 0 | Language Debug: 0 | Database Credentials Present: Yes
Host Configuration :: OS: Linux | OS Version: 2.6.32-531.29.2.lve1.3.11.1.el6.x86_64 | Technology: x86_64 | Web Server: Apache | Encoding: gzip, deflate | Doc Root: /home/url/public_html | System TMP Writable: Yes
PHP Configuration :: Version: 5.3.29 | PHP API: cgi-fcgi | Session Path Writable: Yes | Display Errors: 1 | Error Reporting: 6135 | Log Errors To: error_log | Last Known Error: 18th March 2015 20:07:43. | Register Globals: | Magic Quotes: | Safe Mode: 1 | Open Base: | Uploads: 1 | Max. Upload Size: 64M | Max. POST Size: 8M | Max. Input Time: 120 | Max. Execution Time: 60 | Memory Limit: 256M
MySQL Configuration :: Version: 5.6.23 (Client:5.6.23) | Host: --protected-- (--protected--) | Collation: utf8_general_ci (Character Set: utf8) | Database Size: 11.53 MiB | #of Tables: 61Detailed Environment :: wrote:PHP Extensions :: Core (5.3.29) | date (5.3.29) | ereg () | libxml () | openssl () | pcre () | sqlite3 (0.7-dev) | zlib (1.1) | bcmath () | calendar () | ctype () | curl () | dom (20031129) | hash (1.0) | filter (0.11.0) | ftp () | gd () | gettext () | SPL (0.2) | iconv () | session () | json (1.2.1) | mbstring () | mcrypt () | mysql (1.0) | mysqli (0.1) | standard (5.3.29) | Phar (2.0.1) | posix () | Reflection ($Id: 4af6c4c676864b1c0bfa693845af0688645c37cf $) | imap () | SimpleXML (0.1) | soap () | sockets () | exif (1.4 $Id$) | tokenizer (0.1) | xml () | xmlreader (0.1) | xmlrpc (0.51) | xmlwriter (0.1) | xsl (0.1) | zip (1.11.0) | cgi-fcgi () | PDO (1.0.4dev) | pdo_sqlite (1.0.1) | pdo_mysql (1.0.2) | imagick (3.1.2) | SQLite (2.0-dev) | ionCube Loader () | Zend Guard Loader () | Zend Engine (2.3.0) |
Potential Missing Extensions :: suhosin |
Switch User Environment (Experimental) :: PHP CGI: Yes | Server SU: No | PHP SU: Yes | Custom SU (LiteSpeed/Cloud/Grid): Yes
Potential Ownership Issues: NoFolder Permissions :: wrote:Core Folders :: images/ (755) | components/ (755) | modules/ (755) | plugins/ (755) | language/ (755) | templates/ (755) | cache/ (755) | logs/ (755) | tmp/ (755) | administrator/components/ (755) | administrator/modules/ (755) | administrator/language/ (755) | administrator/templates/ (755) |
Elevated Permissions (First 10) ::Extensions Discovered :: wrote:Components :: SITE :: Wrapper (1.5.0) | MailTo (1.5.0) | User (1.5.0) | Gantry (3.0.6) |
Components :: ADMIN :: VVisit_Counter (2.0) | JoomGallery (1.5.7.5) | Weblinks (1.5.0) | EasyBook Reloaded (2.0.4) | Mass Mail (1.5.0) | Messaging (1.5.0) | Installation Manager (1.5.0) | Frontpage (1.5.0) | Content Page (1.5.0) | Search (1.5.0) | Plugin Manager (1.5.0) | Configuration Manager (1.5.0) | Media Manager (1.5.0) | Template Manager (1.5.0) | Contact Items (1.0.0) | Module Manager (1.5.0) | Polls (1.5.0) | RokModule (1.2) | Menus Manager (1.5.0) | Newsfeeds (1.5.0) | Banners (1.5.0) | Control Panel (1.5.0) | Akeeba (3.0) | RokDownloads Bundle (1.0.1) | QTablePrefix (1.0.7) | RokDownloads (1.0.1) | Cache Manager (1.5.0) | Language Manager (1.5.0) | User Manager (1.5.0) | WeblinksWT (1.0.0) | Gantry (3.0.6) | RokCandy (1.2) | Trash (1.0.0) | RokNavMenu Bundle (1.12) | RokCandy Bundle (1.2) | JCE (1.5.7) |
Modules :: SITE :: Custom HTML (1.5.0) | RokAjaxSearch (1.9) | Sections (1.5.0) | JoomImages for JoomGallery (1.5.5.1) | Feed Display (1.5.0) | Lof ArticlesSroller Module (1.0.0) | Statistics (1.5.0) | RokNavMenu (1.12) | Rokdownloads Latest Downloads (1.0.1) | Newsflash (1.5.0) | Related Items (1.0.0) | JoomGallery Stats for JoomGall (1.5.5) | Latest News (1.5.0) | Breadcrumbs (1.5.0) | JoomJComments (1.5 BETA3) | GTranslate (1.5.x.19) | JoomCategories for JoomGallery (1.5.7.1) | Login (1.5.0) | Wrapper (1.0.0) | Related Articles Plus (1.1.0) | RokNewsflash (1.4) | Categorie_Menu (1.6b) | Menu (1.5.0) | Banner (1.5.0) | Footer (1.5.0) | Search (1.0.0) | Poll (1.5.0) | AutGen menu (2.2) | RokTabs (1.20) | Vinaora Visitors Counter (2.0) | RokDownloads Most Downloaded (1.0.1) | JoomGallery Treeview (1.5.7.1) | RokWeather (0.8) | Rokdownloads Recently Updated (1.0.1) | WebLink Information (1.1.2) | Who\'s Online (1.0.0) | Random Image (1.5.0) | Archived Content (1.5.0) | Most Read Content (1.5.0) | Shout Box (1.2.0) | EasyBook Reloaded - Latest Ent (2.0.2) | Syndicate (1.5.0) | RokStories (1.8) |
Modules :: ADMIN :: Custom HTML (1.5.0) | Feed Display (1.5.0) | Items Stats (1.0.0) | Admin Submenu (1.0.0) | Popular Items (1.0.0) | Toolbar (1.0.0) | Unread Items (1.0.0) | Logged in Users (1.0.0) | User Status (1.5.0) | Login Form (1.0.0) | Admin Menu (1.0.0) | Latest News (1.0.0) | Footer (1.0.0) | Quick Icons (1.0.0) | Online Users (1.0.0) | Title (1.0.0) |
Plugins :: SITE :: System - KeyCAPTCHA (5.0.9) | System - Log (1.5) | System - RokBox (2.3) | System - Cache (1.5) | System - Joo Recaptcha (1.5.8) | System - RokCandy (1.2) | System - RokGZipper (1.8) | System - Debug (1.5) | System - Legacy (1.5) | System - RokGantry Cache (1.0) | System - SEF (1.5) | System - Vinaora Visitors Coun (2.0) | System - Backlinks (1.5) | System - Remember Me (1.5) | System - Mootools Upgrade (1.5) | Authentication - OpenID (1.5) | Authentication - Example (1.5) | Authentication - LDAP (1.5) | Authentication - Joomla (1.5) | Authentication - GMail (1.5) | XML-RPC - Joomla API (1.0) | XML-RPC - Blogger API (1.0) | JoomGallery - Display CB Name (1.5) | JoomGallery - Integrate EasyCa (1.5 BETA) | JoomGallery - Display JomSocia (1.5 BETA) | JoomGallery - JoomJCom (1.5 BETA5) | JoomGallery - Integrate Slimbo (1.5.2) | User - Example (1.0) | User - Joomla! (1.5) | Search - RokDownloads (1.0.1) | Search - Sections (1.5) | Search - Contacts (1.5) | Search - Newsfeeds (1.5) | Search - Content (1.5) | Search - Categories (1.5) | Search - Weblinks (1.5) | AllVideos (by JoomlaWorks) (3.1) | Content - RokDownloads Link (1.0.1) | Content - RokBox (1.6) | Content - Pagebreak (1.5) | Inhalt - JoomGallery insert im (1.5 BETA2) | Content - Example (1.0) | googleMaps (1.5.10) | Content - Email Cloaking (1.5) | Simple Image Gallery (by Jooml (2.2) | Simple Image Gallery Plugin (1.2.1) | Content - Page Navigation (1.5) | Content - Load Modules (1.5) | Content - WebLinks (1.0) | Content - Code Highlighter (Ge (1.5) | Content - Vote (1.5) | RokNavMenu - Boost (1.12) | RokNavMenu - Extended Link (1.12) | Button - RokDownload Link (1.5.0) | Button - Pagebreak (1.5) | Button - Readmore (1.5) | Button - RokCandy (1.2) | Button - Image (1.0.0) | Editor - JCE 1.5.6 (1.5.6) | Editor - XStandard Lite for Jo (1.0) | Editor - RokPad (1.2) | Editor - TinyMCE 3 (3.2.6) | Advanced Code Editor (1.5.6) | File Browser (1.5.0 Stable) | File Manager (1.5.0 Stable) | Image Manager Extended (1.5.5) | Object Support (1.5.1) | Paste (1.5.0) | Paste (1.5.6) | Image Manager (1.5.2) | Advanced Link (1.5.1) | Joomla! Links for Advanced Lin (1.2.1) | SpellChecker (2.0.0) |Templates Discovered :: wrote:Templates :: SITE :: rhuk_milkyway (1.0.2) | beez (1.0.0) | JA_Purity (1.2.0) | rt_panacea_j15 (1.5.2) |
Templates :: ADMIN :: Khepri (1.0) |