[UPGRADE AVAIL.] Joomla Colophon

For all Non-Joomla! security issues. ie 3pd Components etc.

Moderator: General Support Moderators

Forum rules
Locked
User avatar
Elpie
Joomla! Guru
Joomla! Guru
Posts: 903
Joined: Wed Aug 17, 2005 11:26 pm
Contact:

[UPGRADE AVAIL.] Joomla Colophon

Post by Elpie » Mon Jul 31, 2006 1:26 pm

Remote file inclusion in admin.colophon.php. Vulnerable version = 1.2, other versions may also be affected.
Last edited by RobS on Tue Aug 29, 2006 11:35 pm, edited 1 time in total.
For Mambo assistance: http://forum.mambo-foundation.org
Open Source Research & Best Practice: http://osprojects.info

User avatar
brian
Joomla! Master
Joomla! Master
Posts: 12781
Joined: Fri Aug 12, 2005 7:19 am
Location: Leeds, UK
Contact:

Re: Joomla Colophon

Post by brian » Mon Jul 31, 2006 1:48 pm

Last edited by infograf768 on Mon Jul 31, 2006 2:14 pm, edited 1 time in total.
"Exploited yesterday... Hacked tomorrow"
Blog http://brian.teeman.net/
Joomla Hidden Secrets http://hiddenjoomlasecrets.com/

User avatar
infograf768
Joomla! Master
Joomla! Master
Posts: 19133
Joined: Fri Aug 12, 2005 3:47 pm
Location: **Translation Matters**

Re: Joomla Colophon

Post by infograf768 » Mon Jul 31, 2006 2:16 pm

Changed ttle to reflect Secunia advisory.

Developper's site has beed defaced btw:
http://www.sirjoe.it/components/com_jd- ... k.php?p=77
Jean-Marie Simonet / infograf
---------------------------------
ex-Joomla Translation Coordination Team • ex-Joomla! Production Working Group

User avatar
RobS
Joomla! Ace
Joomla! Ace
Posts: 1366
Joined: Mon Dec 05, 2005 10:17 am
Location: New Orleans, LA, USA
Contact:

Re: Joomla Colophon

Post by RobS » Tue Aug 01, 2006 6:15 am

Thanks, adding to the list.
Rob Schley - Open Source Matters
Webimagery - http://www.webimagery.net/ - Professional Consulting Services
JXtended - http://www.jxtended.com/ - Free and Commercial Joomla! Extensions

elmoch
Joomla! Explorer
Joomla! Explorer
Posts: 410
Joined: Fri Aug 26, 2005 10:13 pm
Location: Spain
Contact:

Re: Joomla Colophon

Post by elmoch » Wed Aug 02, 2006 11:15 pm

You can use JM-Credits instead of Colophon. JM-Credits doesn't have that vulnerability and is much more configurable than Colophon.

I hope you like it! ;)
My Extensions: JM-Recommend, JM-Credits, JM-Link Us (for J! 1.0.x). Find them in the 3rd Party Extensions Forum.
Joomla test installation: www.poraqui.net/joomla  User: test  Password: test

User avatar
infograf768
Joomla! Master
Joomla! Master
Posts: 19133
Joined: Fri Aug 12, 2005 3:47 pm
Location: **Translation Matters**

Re: Joomla Colophon

Post by infograf768 » Thu Aug 03, 2006 6:11 am

JM is MY trademark (short for Jean-Marie)  :laugh: :laugh: :laugh:

(just a French joke, totally OT)
Jean-Marie Simonet / infograf
---------------------------------
ex-Joomla Translation Coordination Team • ex-Joomla! Production Working Group

User avatar
kaizen
Joomla! Explorer
Joomla! Explorer
Posts: 294
Joined: Fri Aug 26, 2005 5:05 am
Location: Pennsylvania, USA
Contact:

Re: [ABANDONED] Joomla Colophon

Post by kaizen » Tue Aug 29, 2006 11:33 pm

Colophon is now in version 1.3.1 which includes fixes for the vulnerabiilities listed as well as some other updates.  Site, which was NEVER 'defaced' BTW,  is now back up and is in the process of being fully restored.

I have not abandoned this project or the other works at SchoolastechWorks, which include BadWords2 and I hope to get back on my feet after a extremely trying string of personal hardships and two tragic losses.

I'd appreciate it if the mods would update the listing as appropriate.
Last edited by kaizen on Tue Aug 29, 2006 11:35 pm, edited 1 time in total.
Robert Anthony Pitera
West of East, Inc. - http://www.westofeast.com - Taking technology in new directions™


Locked

Return to “3rd Party/Non Joomla! Security Issues”