The Joomla! Forum ™





Post new topic This topic is locked, you cannot edit posts or make further replies.  [ 40 posts ]  Go to page 1, 2  Next
Author Message
PostPosted: Sun Jul 23, 2006 10:11 pm 
User avatar
Joomla! Ace
Joomla! Ace

Joined: Mon Dec 05, 2005 10:17 am
Posts: 1367
Location: New Orleans, LA, USA
[MOD: All information on vulnerable 3rd party extensions has been moved to the Joomla! Wiki]
http://docs.joomla.org/Vulnerable_Extensions_List

_________________
Rob Schley - Open Source Matters
Webimagery - http://www.webimagery.net/ - Professional Consulting Services
JXtended - http://www.jxtended.com/ - Free and Commercial Joomla! Extensions


Last edited by rliskey on Fri Jul 06, 2007 5:03 pm, edited 1 time in total.

Top
 Profile  
 
PostPosted: Sat Jul 29, 2006 7:06 pm 
User avatar
Joomla! Ace
Joomla! Ace

Joined: Mon Dec 05, 2005 10:17 am
Posts: 1367
Location: New Orleans, LA, USA
Updated.  Added A6MamboHelpDesk to the list of vulnerable components and also updated the information for LoudMouth as it has reportedly been fixed now.

Last updated July 29, 2006 @ 12:06 PM PDT.

_________________
Rob Schley - Open Source Matters
Webimagery - http://www.webimagery.net/ - Professional Consulting Services
JXtended - http://www.jxtended.com/ - Free and Commercial Joomla! Extensions


Top
 Profile  
 
PostPosted: Tue Aug 01, 2006 6:40 am 
User avatar
Joomla! Ace
Joomla! Ace

Joined: Mon Dec 05, 2005 10:17 am
Posts: 1367
Location: New Orleans, LA, USA
Updated again.  Added 7 components to the naughty list.

PC Cook Book
User Home Pages 1 and 2
Mambo Gallery Manager
JD-WordPress
Colophon
LMO
Bayesian Naive Filter

That brings this list to 34 components.
Last updated on July 31, 2006 @ 11:34 PM PDT.

_________________
Rob Schley - Open Source Matters
Webimagery - http://www.webimagery.net/ - Professional Consulting Services
JXtended - http://www.jxtended.com/ - Free and Commercial Joomla! Extensions


Top
 Profile  
 
PostPosted: Thu Aug 10, 2006 8:46 am 
User avatar
Joomla! Ace
Joomla! Ace

Joined: Mon Dec 05, 2005 10:17 am
Posts: 1367
Location: New Orleans, LA, USA
Updated Again...

Added
JD-Wiki
Community Builder (com_profiler)  ((Thank you JM!))
Updated status for LMO
Updated link for SMF Bridge (for SMF 1.1RC2 only)

Last updated on August 10th, 2006 at 1:45 AM PDT (GMT-7)

_________________
Rob Schley - Open Source Matters
Webimagery - http://www.webimagery.net/ - Professional Consulting Services
JXtended - http://www.jxtended.com/ - Free and Commercial Joomla! Extensions


Top
 Profile  
 
PostPosted: Thu Aug 10, 2006 9:15 am 
User avatar
Joomla! Ace
Joomla! Ace

Joined: Mon Dec 05, 2005 10:17 am
Posts: 1367
Location: New Orleans, LA, USA
I forgot some...

Added:
Classifieds
Events
Hot Properties

Last updated on August 10th, 2006 at 2:15 AM PDT (GMT-7)

_________________
Rob Schley - Open Source Matters
Webimagery - http://www.webimagery.net/ - Professional Consulting Services
JXtended - http://www.jxtended.com/ - Free and Commercial Joomla! Extensions


Top
 Profile  
 
PostPosted: Thu Aug 10, 2006 7:07 pm 
User avatar
Joomla! Ace
Joomla! Ace

Joined: Mon Dec 05, 2005 10:17 am
Posts: 1367
Location: New Orleans, LA, USA
Added Blogg-X Mambot. - Removed Blogg-X.  It does not appear to be vulnerable upon further investigation.
Updated information about Security Images.

That brings the number of insecure 3rd party extensions up to 40 extensions.

Last updated on August 12th, 2006 at 11:16 AM PDT (GMT-7)

_________________
Rob Schley - Open Source Matters
Webimagery - http://www.webimagery.net/ - Professional Consulting Services
JXtended - http://www.jxtended.com/ - Free and Commercial Joomla! Extensions


Last edited by RobS on Sat Aug 12, 2006 6:17 pm, edited 1 time in total.

Top
 Profile  
 
PostPosted: Sat Aug 12, 2006 6:18 pm 
User avatar
Joomla! Ace
Joomla! Ace

Joined: Mon Dec 05, 2005 10:17 am
Posts: 1367
Location: New Orleans, LA, USA
Removed Blogg-X.  Upon further investigation Blogg-X does not appear to be vulnerable.

_________________
Rob Schley - Open Source Matters
Webimagery - http://www.webimagery.net/ - Professional Consulting Services
JXtended - http://www.jxtended.com/ - Free and Commercial Joomla! Extensions


Top
 Profile  
 
PostPosted: Tue Aug 15, 2006 5:59 am 
User avatar
Joomla! Master
Joomla! Master

Joined: Fri Aug 12, 2005 3:47 pm
Posts: 17327
Location: **Translation Matters**
Temporarily added the abandonned Webring component until updated by Robs.

_________________
Jean-Marie Simonet / infograf · http://www.info-graf.fr
Multilanguage in 2.5: http://help.joomla.org/files/EN-GB_multilang_tutorial.pdf
---------------------------------
Joomla Translation Coordination Team • Joomla! Production Working Group


Top
 Profile  
 
PostPosted: Tue Aug 15, 2006 6:58 pm 
User avatar
Joomla! Master
Joomla! Master

Joined: Thu Aug 18, 2005 10:41 am
Posts: 15753
Update has come in about Mosets Hot Property, there 0.98 release should fix the security issues. Still need to verify before we change the current listing.

Regards Robin

_________________
Regards Robin

http://www.linkedin.com/in/robinmuilwijk - http://twitter.com/i_robin


Top
 Profile  
 
PostPosted: Wed Aug 16, 2006 7:16 am 
User avatar
Joomla! Master
Joomla! Master

Joined: Thu Aug 18, 2005 10:41 am
Posts: 15753
I have received a reply from the developer of Mosets Tree and Hot Property. Mosets Tree 1.5.9 and Hot Property 0.98 are now solving the security issues. The list will be changed accordingly.

_________________
Regards Robin

http://www.linkedin.com/in/robinmuilwijk - http://twitter.com/i_robin


Top
 Profile  
 
PostPosted: Fri Aug 18, 2006 4:22 am 
User avatar
Joomla! Master
Joomla! Master

Joined: Fri Aug 12, 2005 3:47 pm
Posts: 17327
Location: **Translation Matters**
See here for hacks concerning Joomlaboard 1.1.2 and CB 1.0.1 to make them compatible with register globals off as set in globals.php

http://forum.joomla.org/index.php/topic,86525.0.html

(please integrate in your list, Robs)

_________________
Jean-Marie Simonet / infograf · http://www.info-graf.fr
Multilanguage in 2.5: http://help.joomla.org/files/EN-GB_multilang_tutorial.pdf
---------------------------------
Joomla Translation Coordination Team • Joomla! Production Working Group


Top
 Profile  
 
PostPosted: Fri Aug 18, 2006 6:33 am 
User avatar
Joomla! Master
Joomla! Master

Joined: Thu Aug 18, 2005 10:41 am
Posts: 15753
Thanks JM, added as a note/reference to the listing.

_________________
Regards Robin

http://www.linkedin.com/in/robinmuilwijk - http://twitter.com/i_robin


Top
 Profile  
 
PostPosted: Fri Aug 18, 2006 11:23 am 
User avatar
Joomla! Master
Joomla! Master

Joined: Thu Aug 18, 2005 10:41 am
Posts: 15753
Added JIM 1.0.1. (PMS) to the list, regarding http://secunia.com/advisories/21545/

(http://extensions.joomla.org/component/ ... Itemid,35/)

Robin

_________________
Regards Robin

http://www.linkedin.com/in/robinmuilwijk - http://twitter.com/i_robin


Top
 Profile  
 
PostPosted: Fri Aug 18, 2006 11:34 am 
User avatar
Joomla! Master
Joomla! Master

Joined: Thu Aug 18, 2005 10:41 am
Posts: 15753
Added Mambelfish 1.x due to report ; http://secunia.com/advisories/21544/

_________________
Regards Robin

http://www.linkedin.com/in/robinmuilwijk - http://twitter.com/i_robin


Top
 Profile  
 
PostPosted: Wed Aug 23, 2006 7:11 am 
User avatar
Joomla! Master
Joomla! Master

Joined: Fri Aug 12, 2005 3:47 pm
Posts: 17327
Location: **Translation Matters**
JCE vulnerability. Patch available.
http://www.cellardoor.za.net/index.php? ... mla.org%29

_________________
Jean-Marie Simonet / infograf · http://www.info-graf.fr
Multilanguage in 2.5: http://help.joomla.org/files/EN-GB_multilang_tutorial.pdf
---------------------------------
Joomla Translation Coordination Team • Joomla! Production Working Group


Top
 Profile  
 
PostPosted: Sat Aug 26, 2006 8:32 am 
User avatar
Joomla! Master
Joomla! Master

Joined: Fri Aug 12, 2005 3:47 pm
Posts: 17327
Location: **Translation Matters**
I am informed a JCE 1.1 release is soon to get out. All potential holes will be plugged.

_________________
Jean-Marie Simonet / infograf · http://www.info-graf.fr
Multilanguage in 2.5: http://help.joomla.org/files/EN-GB_multilang_tutorial.pdf
---------------------------------
Joomla Translation Coordination Team • Joomla! Production Working Group


Top
 Profile  
 
PostPosted: Sun Aug 27, 2006 8:38 am 
User avatar
Joomla! Master
Joomla! Master

Joined: Fri Aug 12, 2005 3:47 pm
Posts: 17327
Location: **Translation Matters**
SEF404x has been found vulnerable.
No crack known yet.
Developer contacted.
Extension taken off from JED until fixed.

_________________
Jean-Marie Simonet / infograf · http://www.info-graf.fr
Multilanguage in 2.5: http://help.joomla.org/files/EN-GB_multilang_tutorial.pdf
---------------------------------
Joomla Translation Coordination Team • Joomla! Production Working Group


Top
 Profile  
 
PostPosted: Fri Sep 01, 2006 10:10 am 
User avatar
Joomla! Ace
Joomla! Ace

Joined: Mon Dec 05, 2005 10:17 am
Posts: 1367
Location: New Orleans, LA, USA
Updated again...

Added BigApe Backup
Added SEF404x
Updated Colophon

_________________
Rob Schley - Open Source Matters
Webimagery - http://www.webimagery.net/ - Professional Consulting Services
JXtended - http://www.jxtended.com/ - Free and Commercial Joomla! Extensions


Top
 Profile  
 
PostPosted: Tue Sep 05, 2006 4:54 am 
User avatar
Joomla! Master
Joomla! Master

Joined: Fri Aug 12, 2005 3:47 pm
Posts: 17327
Location: **Translation Matters**
Remository v3.25 vulnerable.
Update to 3.26

See http://forum.joomla.org/index.php/topic ... #msg461272

_________________
Jean-Marie Simonet / infograf · http://www.info-graf.fr
Multilanguage in 2.5: http://help.joomla.org/files/EN-GB_multilang_tutorial.pdf
---------------------------------
Joomla Translation Coordination Team • Joomla! Production Working Group


Top
 Profile  
 
PostPosted: Thu Sep 28, 2006 8:04 am 
User avatar
Joomla! Master
Joomla! Master

Joined: Thu Aug 18, 2005 7:13 am
Posts: 16549
Added Facile Forms 1.46g and older, upgrade available.

_________________
Joomla forum global moderator.

Have fun


Top
 Profile  
 
PostPosted: Thu Oct 05, 2006 7:32 am 
User avatar
Joomla! Guru
Joomla! Guru

Joined: Tue Jun 06, 2006 7:41 am
Posts: 828
Location: California, Germany, Norway
The Official List of Vulnerable 3rd Party/Non Joomla! Extensions is the new home for information on vulnerable 3rd party extensions. It contains a table style overview of all known vulnerable extensions with links to detailed information on each one.
http://forum.joomla.org/index.php/board,346.0.html

This thread will remain for announcements and discussions related to vulnerable 3rd party extension security issues.

_________________
Home: http://www.ronliskey.com
Business http://www.communitygrove.com


Last edited by rliskey on Thu Oct 05, 2006 7:40 am, edited 1 time in total.

Top
 Profile  
 
PostPosted: Sat Oct 21, 2006 1:45 am 
User avatar
Joomla! Guru
Joomla! Guru

Joined: Tue Jun 06, 2006 7:41 am
Posts: 828
Location: California, Germany, Norway
The Big Ape entry was updated with a link to a patch that was released by the developer.

_________________
Home: http://www.ronliskey.com
Business http://www.communitygrove.com


Top
 Profile  
 
PostPosted: Sat Oct 21, 2006 1:49 am 
User avatar
Joomla! Guru
Joomla! Guru

Joined: Tue Jun 06, 2006 7:41 am
Posts: 828
Location: California, Germany, Norway
Joomlaboard entry has been updated to advise upgrade to version 1.1.3
http://forum.joomla.org/index.php/topic ... #msg501968

_________________
Home: http://www.ronliskey.com
Business http://www.communitygrove.com


Top
 Profile  
 
PostPosted: Sun Oct 22, 2006 4:45 am 
User avatar
Joomla! Guru
Joomla! Guru

Joined: Tue Jun 06, 2006 7:41 am
Posts: 828
Location: California, Germany, Norway
BSQ Site Stats entry updated due to SQL injection vulnerability.
http://forum.joomla.org/index.php/topic,100146

_________________
Home: http://www.ronliskey.com
Business http://www.communitygrove.com


Top
 Profile  
 
PostPosted: Mon Nov 13, 2006 7:49 pm 
User avatar
Joomla! Master
Joomla! Master

Joined: Thu Aug 18, 2005 7:13 am
Posts: 16549
Security issue with JCE 1.0.4, please read here

_________________
Joomla forum global moderator.

Have fun


Top
 Profile  
 
PostPosted: Sat Jan 06, 2007 6:09 am 
User avatar
Joomla! Guru
Joomla! Guru

Joined: Tue Jun 06, 2006 7:41 am
Posts: 828
Location: California, Germany, Norway
Added a link to the Adobe Reader XSS vulnerability report. This is not a Joomla! or third party issue, but because so many sites use PDF files, I think it's worth noting.

http://forum.joomla.org/index.php/topic ... #msg506694

_________________
Home: http://www.ronliskey.com
Business http://www.communitygrove.com


Top
 Profile  
 
PostPosted: Tue Mar 13, 2007 6:11 pm 
User avatar
Joomla! Guru
Joomla! Guru

Joined: Tue Jun 06, 2006 7:41 am
Posts: 828
Location: California, Germany, Norway
VirtueMart vulnerability reported by the vendor. For all versions below 1.0.10.
Patch available; upgrade immediately.
http://forum.joomla.org/index.php/topic,150053

_________________
Home: http://www.ronliskey.com
Business http://www.communitygrove.com


Top
 Profile  
 
PostPosted: Sun Mar 18, 2007 9:56 pm 
User avatar
Joomla! Guru
Joomla! Guru

Joined: Tue Jun 06, 2006 7:41 am
Posts: 828
Location: California, Germany, Norway
Seems there's a vulnerable, abandoned project floating around called "Link Directory" that some people are finding and installing.

Name: Link Directory
Short Name: com_linkdirectory
Versions: All (abandoned project)
Reference: http://forum.joomla.org/index.php?topic=149131.new#new

_________________
Home: http://www.ronliskey.com
Business http://www.communitygrove.com


Last edited by rliskey on Sun Mar 18, 2007 9:58 pm, edited 1 time in total.

Top
 Profile  
 
PostPosted: Sun May 13, 2007 8:56 pm 
User avatar
Joomla! Guru
Joomla! Guru

Joined: Tue Jun 06, 2006 7:41 am
Posts: 828
Location: California, Germany, Norway
The Official Vulnerable Extensions List is now hosted on the Help site, in the FAQs section.

The Security and Performance FAQs are an easy-to-navigate list of essential information gleaned from quality Security Forum posts.


_________________
Home: http://www.ronliskey.com
Business http://www.communitygrove.com


Last edited by rliskey on Sun May 13, 2007 9:07 pm, edited 1 time in total.

Top
 Profile  
 
PostPosted: Thu Jun 21, 2007 7:10 pm 
User avatar
Joomla! Guru
Joomla! Guru

Joined: Tue Jun 06, 2006 7:41 am
Posts: 828
Location: California, Germany, Norway
The Vulnerable Extensions List is once again improved. All data is now available in one view.
http://help.joomla.org/component/option ... temid,268/

_________________
Home: http://www.ronliskey.com
Business http://www.communitygrove.com


Top
 Profile  
 
Display posts from previous:  Sort by  
Post new topic This topic is locked, you cannot edit posts or make further replies.  [ 40 posts ]  Go to page 1, 2  Next



Who is online

Users browsing this forum: No registered users and 4 guests


You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot post attachments in this forum

Jump to:  
Powered by phpBB® Forum Software © phpBB Group