Joomla! • View topic - [ABANDONED] Hashcash Component <= v1.2.1 Remote File Include Vulnerabilities

Joomla!®
Welcome to Joomla!

Joomla! is an award-winning open source CMS for building powerful websites.

Recent Joomla! News
Support Joomla!
- Shop Joomla! Gear
- Contribution
About
What Is Joomla?

Joomla is an award-winning content management system (CMS), which enables you to build Web sites and powerful online applications.
Read more...

Joomla! for Business

Joomla! is a extremely customizable and adaptable for Enterprise, SMBs, NPOs and beyond. Read more...

Joomla! for Developers

No matter what level of experience you hold, Joomla! has strengths to match; programmers, designers and end users alike!Read more...

Learn more about Joomla!
- The Software
- The Project
- The Leadership
- Open Source Matters
Community & Support
Connect!
Support!
Read!
Get involved with Joomla!

Joomla is an open source project and contributions from the community are essential to its growth and success. Anyone can contribute on any level, even newcomers can contribute to Joomla. Read more...
Extend
Directories
Developers
Download
Download Joomla! 2.5
- 2.5 Full Package
- Update Packages
- Demo Joomla! 2.5
Download Joomla! 1.5
- 1.5 Full Package
- Update Packages
- Demo Joomla! 1.5
Getting Started with Joomla!
Internationalization
Internationalization

Board index » Joomla! Older Version Support » Joomla! 1.0 » Security - 1.0.x » 3rd Party/Non Joomla! Security Issues

[ABANDONED] Hashcash Component <= v1.2.1 Remote File Include Vulnerabilities

Moderators: mandville, lafrance, General Support Moderators

Page 1 of 1

[ 2 posts ]

Print view

Previous topic | Next topic

Author

Message

gustavo

Post subject: [ABANDONED] Hashcash Component <= v1.2.1 Remote File Include Vulnerabilities

Posted: Wed Jul 12, 2006 3:07 pm

Joomla! Explorer

Joined: Fri Aug 19, 2005 12:51 pm
Posts: 427
Location: Argentina

Quote:

Author : Matdhule
Contact : matdhule@gmail.com
Application : com_hashcash components
Version : latest version [1.2.1]
Download : http://developer.joomla.org/sf/frs/do/v ... m_hashcash

Have a nice day
Gustavo

_________________
Comunidad Joomla: Maintenance, support, translation and distribution for the Joomla!. Help site online. Member of the Spanish [es_ES] Joomla Translation Team. http://comunidadjoomla.org

Last edited by RobS on Thu Jul 27, 2006 8:15 am, edited 1 time in total.

Top

gustavo

Post subject: Re: Hashcash Mambo Component <= v1.2.1 Remote File Include Vulnerabilities

Posted: Fri Jul 14, 2006 12:58 pm

Joomla! Explorer

Joined: Fri Aug 19, 2005 12:51 pm
Posts: 427
Location: Argentina

and two days after, the official report on secutiry related sites..

Quote:

Advisory ID : FrSIRT/ADV-2006-2802
CVE ID : GENERIC-MAP-NOMATCH
Rated as : High Risk
Remotely Exploitable : Yes
Locally Exploitable : Yes
Release Date : 2006-07-14

Technical Description
A vulnerability has been identified in Hashcash (component for Joomla!), which may be exploited by attackers to execute arbitrary commands. This flaw is due to an input validation error in the "server.php" script that fails to validate the "mosConfig_absolute_path" parameter, which could be exploited by remote attackers to include malicious files and execute arbitrary commands with the privileges of the web server.

Have a nice day
Gustavo

Top

Page 1 of 1

[ 2 posts ]

Board index » Joomla! Older Version Support » Joomla! 1.0 » Security - 1.0.x » 3rd Party/Non Joomla! Security Issues

Who is online

Users browsing this forum: No registered users and 9 guests

You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot post attachments in this forum

Jump to:

Welcome to Joomla!

Recent Joomla! News

Support Joomla!

What Is Joomla?

Joomla! for Business

Joomla! for Developers

Learn more about Joomla!

Connect!

Support!

Read!

Get involved with Joomla!

Directories

Developers

Download Joomla! 2.5

Download Joomla! 1.5

Getting Started with Joomla!

Internationalization

The Joomla! Forum ™

[ABANDONED] Hashcash Component <= v1.2.1 Remote File Include Vulnerabilities

Who is online