Joomla! • View topic - Attention: Official List of Vulnerable 3rd Party Add-ons!!!

Board index » Joomla! Older Version Support » Joomla! 1.0 » Security - 1.0.x » 3rd Party/Non Joomla! Security Issues

Attention: Official List of Vulnerable 3rd Party Add-ons!!!

Moderators: lafrance, mandville, General Support Moderators

Page 1 of 2

[ 40 posts ]

Go to page 1, 2 Next

Print view

Previous topic | Next topic

Author

Message

RobS

Post subject: Attention: Official List of Vulnerable 3rd Party Add-ons!!!

Posted: Sun Jul 23, 2006 10:11 pm

Joomla! Ace

Joined: Mon Dec 05, 2005 10:17 am
Posts: 1367
Location: New Orleans, LA, USA

[MOD: All information on vulnerable 3rd party extensions has been moved to the Joomla! Wiki]
http://docs.joomla.org/Vulnerable_Extensions_List

_________________
Rob Schley - Open Source Matters
Webimagery - http://www.webimagery.net/ - Professional Consulting Services
JXtended - http://www.jxtended.com/ - Free and Commercial Joomla! Extensions

Last edited by rliskey on Fri Jul 06, 2007 5:03 pm, edited 1 time in total.

Top

RobS

Post subject: Re: Attention: Official List of Vulnerable 3rd Party Add-ons!!!

Posted: Sat Jul 29, 2006 7:06 pm

Joomla! Ace

Joined: Mon Dec 05, 2005 10:17 am
Posts: 1367
Location: New Orleans, LA, USA

Updated. Added A6MamboHelpDesk to the list of vulnerable components and also updated the information for LoudMouth as it has reportedly been fixed now.

Last updated July 29, 2006 @ 12:06 PM PDT.

Top

RobS

Post subject: Re: Attention: Official List of Vulnerable 3rd Party Add-ons!!!

Posted: Tue Aug 01, 2006 6:40 am

Joomla! Ace

Joined: Mon Dec 05, 2005 10:17 am
Posts: 1367
Location: New Orleans, LA, USA

Updated again. Added 7 components to the naughty list.

PC Cook Book
User Home Pages 1 and 2
Mambo Gallery Manager
JD-WordPress
Colophon
LMO
Bayesian Naive Filter

That brings this list to 34 components.
Last updated on July 31, 2006 @ 11:34 PM PDT.

Top

RobS

Post subject: Re: Attention: Official List of Vulnerable 3rd Party Add-ons!!!

Posted: Thu Aug 10, 2006 8:46 am

Joomla! Ace

Joined: Mon Dec 05, 2005 10:17 am
Posts: 1367
Location: New Orleans, LA, USA

Updated Again...

Added
JD-Wiki
Community Builder (com_profiler) ((Thank you JM!))
Updated status for LMO
Updated link for SMF Bridge (for SMF 1.1RC2 only)

Last updated on August 10th, 2006 at 1:45 AM PDT (GMT-7)

Top

RobS

Post subject: Re: Attention: Official List of Vulnerable 3rd Party Add-ons!!!

Posted: Thu Aug 10, 2006 9:15 am

Joomla! Ace

Joined: Mon Dec 05, 2005 10:17 am
Posts: 1367
Location: New Orleans, LA, USA

I forgot some...

Added:
Classifieds
Events
Hot Properties

Last updated on August 10th, 2006 at 2:15 AM PDT (GMT-7)

Top

RobS

Post subject: Re: Attention: Official List of Vulnerable 3rd Party Add-ons!!!

Posted: Thu Aug 10, 2006 7:07 pm

Joomla! Ace

Joined: Mon Dec 05, 2005 10:17 am
Posts: 1367
Location: New Orleans, LA, USA

Added Blogg-X Mambot. - Removed Blogg-X. It does not appear to be vulnerable upon further investigation.
Updated information about Security Images.

That brings the number of insecure 3rd party extensions up to 40 extensions.

Last updated on August 12th, 2006 at 11:16 AM PDT (GMT-7)

Last edited by RobS on Sat Aug 12, 2006 6:17 pm, edited 1 time in total.

Top

RobS

Post subject: Re: Attention: Official List of Vulnerable 3rd Party Add-ons!!!

Posted: Sat Aug 12, 2006 6:18 pm

Joomla! Ace

Joined: Mon Dec 05, 2005 10:17 am
Posts: 1367
Location: New Orleans, LA, USA

Removed Blogg-X. Upon further investigation Blogg-X does not appear to be vulnerable.

Top

infograf768

Post subject: Re: Attention: Official List of Vulnerable 3rd Party Add-ons!!!

Posted: Tue Aug 15, 2006 5:59 am

Joomla! Master

Joined: Fri Aug 12, 2005 3:47 pm
Posts: 16668
Location: **Translation Matters**

Temporarily added the abandonned Webring component until updated by Robs.

_________________
Jean-Marie Simonet / infograf · http://www.info-graf.fr
Multilanguage in 2.5: http://help.joomla.org/files/EN-GB_multilang_tutorial.pdf
---------------------------------
Joomla Translation Coordination Team • Joomla! Production Working Group

Top

Robin

Post subject: Re: Attention: Official List of Vulnerable 3rd Party Add-ons!!!

Posted: Tue Aug 15, 2006 6:58 pm

Joomla! Master

Joined: Thu Aug 18, 2005 10:41 am
Posts: 15750

Update has come in about Mosets Hot Property, there 0.98 release should fix the security issues. Still need to verify before we change the current listing.

Regards Robin

_________________
Regards Robin

http://www.linkedin.com/in/robinmuilwijk - http://twitter.com/i_robin

Top

Robin

Post subject: Re: Attention: Official List of Vulnerable 3rd Party Add-ons!!!

Posted: Wed Aug 16, 2006 7:16 am

Joomla! Master

Joined: Thu Aug 18, 2005 10:41 am
Posts: 15750

I have received a reply from the developer of Mosets Tree and Hot Property. Mosets Tree 1.5.9 and Hot Property 0.98 are now solving the security issues. The list will be changed accordingly.

_________________
Regards Robin

http://www.linkedin.com/in/robinmuilwijk - http://twitter.com/i_robin

Top

infograf768

Post subject: Re: Attention: Official List of Vulnerable 3rd Party Add-ons!!!

Posted: Fri Aug 18, 2006 4:22 am

Joomla! Master

Joined: Fri Aug 12, 2005 3:47 pm
Posts: 16668
Location: **Translation Matters**

See here for hacks concerning Joomlaboard 1.1.2 and CB 1.0.1 to make them compatible with register globals off as set in globals.php

http://forum.joomla.org/index.php/topic,86525.0.html

(please integrate in your list, Robs)

Top

Robin

Post subject: Re: Attention: Official List of Vulnerable 3rd Party Add-ons!!!

Posted: Fri Aug 18, 2006 6:33 am

Joomla! Master

Joined: Thu Aug 18, 2005 10:41 am
Posts: 15750

Thanks JM, added as a note/reference to the listing.

_________________
Regards Robin

http://www.linkedin.com/in/robinmuilwijk - http://twitter.com/i_robin

Top

Robin

Post subject: Re: Attention: Official List of Vulnerable 3rd Party Add-ons!!!

Posted: Fri Aug 18, 2006 11:23 am

Joomla! Master

Joined: Thu Aug 18, 2005 10:41 am
Posts: 15750

Added JIM 1.0.1. (PMS) to the list, regarding http://secunia.com/advisories/21545/

(http://extensions.joomla.org/component/ ... Itemid,35/)

Robin

_________________
Regards Robin

http://www.linkedin.com/in/robinmuilwijk - http://twitter.com/i_robin

Top

Robin

Post subject: Re: Attention: Official List of Vulnerable 3rd Party Add-ons!!!

Posted: Fri Aug 18, 2006 11:34 am

Joomla! Master

Joined: Thu Aug 18, 2005 10:41 am
Posts: 15750

Added Mambelfish 1.x due to report ; http://secunia.com/advisories/21544/

_________________
Regards Robin

http://www.linkedin.com/in/robinmuilwijk - http://twitter.com/i_robin

Top

infograf768

Post subject: Re: Attention: Official List of Vulnerable 3rd Party Add-ons!!!

Posted: Wed Aug 23, 2006 7:11 am

Joomla! Master

Joined: Fri Aug 12, 2005 3:47 pm
Posts: 16668
Location: **Translation Matters**

JCE vulnerability. Patch available.
http://www.cellardoor.za.net/index.php? ... mla.org%29

Top

infograf768

Post subject: Re: Attention: Official List of Vulnerable 3rd Party Add-ons!!!

Posted: Sat Aug 26, 2006 8:32 am

Joomla! Master

Joined: Fri Aug 12, 2005 3:47 pm
Posts: 16668
Location: **Translation Matters**

I am informed a JCE 1.1 release is soon to get out. All potential holes will be plugged.

Top

infograf768

Post subject: Re: Attention: Official List of Vulnerable 3rd Party Add-ons!!!

Posted: Sun Aug 27, 2006 8:38 am

Joomla! Master

Joined: Fri Aug 12, 2005 3:47 pm
Posts: 16668
Location: **Translation Matters**

SEF404x has been found vulnerable.
No crack known yet.
Developer contacted.
Extension taken off from JED until fixed.

Top

RobS

Post subject: Re: Attention: Official List of Vulnerable 3rd Party Add-ons!!!

Posted: Fri Sep 01, 2006 10:10 am

Joomla! Ace

Joined: Mon Dec 05, 2005 10:17 am
Posts: 1367
Location: New Orleans, LA, USA

Updated again...

Added BigApe Backup
Added SEF404x
Updated Colophon

Top

infograf768

Post subject: Re: Attention: Official List of Vulnerable 3rd Party Add-ons!!!

Posted: Tue Sep 05, 2006 4:54 am

Joomla! Master

Joined: Fri Aug 12, 2005 3:47 pm
Posts: 16668
Location: **Translation Matters**

Remository v3.25 vulnerable.
Update to 3.26

See http://forum.joomla.org/index.php/topic ... #msg461272

Top

Tonie

Post subject: Re: Attention: Official List of Vulnerable 3rd Party Add-ons!!!

Posted: Thu Sep 28, 2006 8:04 am

Joomla! Master

Joined: Thu Aug 18, 2005 7:13 am
Posts: 16353

Added Facile Forms 1.46g and older, upgrade available.

_________________
Joomla forum global moderator.

Take care

Top

rliskey

Post subject: Re: Attention: Official List of Vulnerable 3rd Party Add-ons!!!

Posted: Thu Oct 05, 2006 7:32 am

Joomla! Guru

Joined: Tue Jun 06, 2006 7:41 am
Posts: 828
Location: California, Germany, Norway

The Official List of Vulnerable 3rd Party/Non Joomla! Extensions is the new home for information on vulnerable 3rd party extensions. It contains a table style overview of all known vulnerable extensions with links to detailed information on each one.
http://forum.joomla.org/index.php/board,346.0.html

This thread will remain for announcements and discussions related to vulnerable 3rd party extension security issues.

_________________
Home: http://www.ronliskey.com
Business http://www.communitygrove.com

Last edited by rliskey on Thu Oct 05, 2006 7:40 am, edited 1 time in total.

Top

rliskey

Post subject: Re: Attention: Official List of Vulnerable 3rd Party Add-ons!!!

Posted: Sat Oct 21, 2006 1:45 am

Joomla! Guru

Joined: Tue Jun 06, 2006 7:41 am
Posts: 828
Location: California, Germany, Norway

The Big Ape entry was updated with a link to a patch that was released by the developer.

_________________
Home: http://www.ronliskey.com
Business http://www.communitygrove.com

Top

rliskey

Post subject: Re: Attention: Official List of Vulnerable 3rd Party Add-ons!!!

Posted: Sat Oct 21, 2006 1:49 am

Joomla! Guru

Joined: Tue Jun 06, 2006 7:41 am
Posts: 828
Location: California, Germany, Norway

Joomlaboard entry has been updated to advise upgrade to version 1.1.3
http://forum.joomla.org/index.php/topic ... #msg501968

_________________
Home: http://www.ronliskey.com
Business http://www.communitygrove.com

Top

rliskey

Post subject: Re: Attention: Official List of Vulnerable 3rd Party Add-ons!!!

Posted: Sun Oct 22, 2006 4:45 am

Joomla! Guru

Joined: Tue Jun 06, 2006 7:41 am
Posts: 828
Location: California, Germany, Norway

BSQ Site Stats entry updated due to SQL injection vulnerability.
http://forum.joomla.org/index.php/topic,100146

_________________
Home: http://www.ronliskey.com
Business http://www.communitygrove.com

Top

Tonie

Post subject: Re: Attention: Official List of Vulnerable 3rd Party Add-ons!!!

Posted: Mon Nov 13, 2006 7:49 pm

Joomla! Master

Joined: Thu Aug 18, 2005 7:13 am
Posts: 16353

Security issue with JCE 1.0.4, please read here

_________________
Joomla forum global moderator.

Take care

Top

rliskey

Post subject: Re: Attention: Official List of Vulnerable 3rd Party Add-ons!!!

Posted: Sat Jan 06, 2007 6:09 am

Joomla! Guru

Joined: Tue Jun 06, 2006 7:41 am
Posts: 828
Location: California, Germany, Norway

Added a link to the Adobe Reader XSS vulnerability report. This is not a Joomla! or third party issue, but because so many sites use PDF files, I think it's worth noting.

http://forum.joomla.org/index.php/topic ... #msg506694

_________________
Home: http://www.ronliskey.com
Business http://www.communitygrove.com

Top

rliskey

Post subject: Re: Attention: Official List of Vulnerable 3rd Party Add-ons!!!

Posted: Tue Mar 13, 2007 6:11 pm

Joomla! Guru

Joined: Tue Jun 06, 2006 7:41 am
Posts: 828
Location: California, Germany, Norway

VirtueMart vulnerability reported by the vendor. For all versions below 1.0.10.
Patch available; upgrade immediately.
http://forum.joomla.org/index.php/topic,150053

_________________
Home: http://www.ronliskey.com
Business http://www.communitygrove.com

Top

rliskey

Post subject: Re: Attention: Official List of Vulnerable 3rd Party Add-ons!!!

Posted: Sun Mar 18, 2007 9:56 pm

Joomla! Guru

Joined: Tue Jun 06, 2006 7:41 am
Posts: 828
Location: California, Germany, Norway

Seems there's a vulnerable, abandoned project floating around called "Link Directory" that some people are finding and installing.

Name: Link Directory
Short Name: com_linkdirectory
Versions: All (abandoned project)
Reference: http://forum.joomla.org/index.php?topic=149131.new#new

_________________
Home: http://www.ronliskey.com
Business http://www.communitygrove.com

Last edited by rliskey on Sun Mar 18, 2007 9:58 pm, edited 1 time in total.

Top

rliskey

Post subject: Re: Attention: Official List of Vulnerable 3rd Party Add-ons!!!

Posted: Sun May 13, 2007 8:56 pm

Joomla! Guru

Joined: Tue Jun 06, 2006 7:41 am
Posts: 828
Location: California, Germany, Norway

The Official Vulnerable Extensions List is now hosted on the Help site, in the FAQs section.

The Security and Performance FAQs are an easy-to-navigate list of essential information gleaned from quality Security Forum posts.

_________________
Home: http://www.ronliskey.com
Business http://www.communitygrove.com

Last edited by rliskey on Sun May 13, 2007 9:07 pm, edited 1 time in total.

Top

rliskey

Post subject: Re: Attention: Official List of Vulnerable 3rd Party Add-ons!!!

Posted: Thu Jun 21, 2007 7:10 pm

Joomla! Guru

Joined: Tue Jun 06, 2006 7:41 am
Posts: 828
Location: California, Germany, Norway

The Vulnerable Extensions List is once again improved. All data is now available in one view.
http://help.joomla.org/component/option ... temid,268/

_________________
Home: http://www.ronliskey.com
Business http://www.communitygrove.com

Top

Page 1 of 2

[ 40 posts ]

Go to page 1, 2 Next

Board index » Joomla! Older Version Support » Joomla! 1.0 » Security - 1.0.x » 3rd Party/Non Joomla! Security Issues

Who is online

Users browsing this forum: No registered users and 3 guests

You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot post attachments in this forum

Jump to:

Welcome to Joomla!

Recent Joomla! News

Support Joomla!

What Is Joomla?

Joomla! for Business

Joomla! for Developers

Learn more about Joomla!

Connect!

Support!

Read!

Get involved with Joomla!

Directories

Developers

Download Joomla! 2.5

Download Joomla! 3.1

Getting Started with Joomla!

Internationalization

The Joomla! Forum ™

Attention: Official List of Vulnerable 3rd Party Add-ons!!!

Who is online