The Joomla! Forum ™





Post new topic Reply to topic  [ 7 posts ] 
Author Message
PostPosted: Mon Jul 31, 2006 1:26 pm 
User avatar
Joomla! Guru
Joomla! Guru

Joined: Wed Aug 17, 2005 11:26 pm
Posts: 903
Remote file inclusion in admin.colophon.php. Vulnerable version = 1.2, other versions may also be affected.

_________________
For Mambo assistance: http://forum.mambo-foundation.org
Open Source Research & Best Practice: http://osprojects.info


Last edited by RobS on Tue Aug 29, 2006 11:35 pm, edited 1 time in total.

Top
 Profile  
 
 Post subject: Re: Joomla Colophon
PostPosted: Mon Jul 31, 2006 1:48 pm 
User avatar
Joomla! Master
Joomla! Master

Joined: Fri Aug 12, 2005 7:19 am
Posts: 10491
Location: Leeds, UK
http://secunia.com/advisories/21288/

_________________
"Exploited yesterday... Hacked tomorrow"
Blog http://brian.teeman.net/
Joomla Hidden Secrets http://hiddenjoomlasecrets.com/


Last edited by infograf768 on Mon Jul 31, 2006 2:14 pm, edited 1 time in total.

Top
 Profile  
 
 Post subject: Re: Joomla Colophon
PostPosted: Mon Jul 31, 2006 2:16 pm 
User avatar
Joomla! Master
Joomla! Master

Joined: Fri Aug 12, 2005 3:47 pm
Posts: 17264
Location: **Translation Matters**
Changed ttle to reflect Secunia advisory.

Developper's site has beed defaced btw:
http://www.sirjoe.it/components/com_jd- ... k.php?p=77

_________________
Jean-Marie Simonet / infograf · http://www.info-graf.fr
Multilanguage in 2.5: http://help.joomla.org/files/EN-GB_multilang_tutorial.pdf
---------------------------------
Joomla Translation Coordination Team • Joomla! Production Working Group


Top
 Profile  
 
 Post subject: Re: Joomla Colophon
PostPosted: Tue Aug 01, 2006 6:15 am 
User avatar
Joomla! Ace
Joomla! Ace

Joined: Mon Dec 05, 2005 10:17 am
Posts: 1367
Location: New Orleans, LA, USA
Thanks, adding to the list.

_________________
Rob Schley - Open Source Matters
Webimagery - http://www.webimagery.net/ - Professional Consulting Services
JXtended - http://www.jxtended.com/ - Free and Commercial Joomla! Extensions


Top
 Profile  
 
 Post subject: Re: Joomla Colophon
PostPosted: Wed Aug 02, 2006 11:15 pm 
Joomla! Explorer
Joomla! Explorer

Joined: Fri Aug 26, 2005 10:13 pm
Posts: 410
Location: Spain
You can use JM-Credits instead of Colophon. JM-Credits doesn't have that vulnerability and is much more configurable than Colophon.

I hope you like it! ;)

_________________
My Extensions: JM-Recommend, JM-Credits, JM-Link Us (for J! 1.0.x). Find them in the 3rd Party Extensions Forum.
Joomla test installation: www.poraqui.net/joomla  User: test  Password: test


Top
 Profile  
 
 Post subject: Re: Joomla Colophon
PostPosted: Thu Aug 03, 2006 6:11 am 
User avatar
Joomla! Master
Joomla! Master

Joined: Fri Aug 12, 2005 3:47 pm
Posts: 17264
Location: **Translation Matters**
JM is MY trademark (short for Jean-Marie)  :laugh: :laugh: :laugh:

(just a French joke, totally OT)

_________________
Jean-Marie Simonet / infograf · http://www.info-graf.fr
Multilanguage in 2.5: http://help.joomla.org/files/EN-GB_multilang_tutorial.pdf
---------------------------------
Joomla Translation Coordination Team • Joomla! Production Working Group


Top
 Profile  
 
PostPosted: Tue Aug 29, 2006 11:33 pm 
User avatar
Joomla! Explorer
Joomla! Explorer

Joined: Fri Aug 26, 2005 5:05 am
Posts: 294
Location: Pennsylvania, USA
Colophon is now in version 1.3.1 which includes fixes for the vulnerabiilities listed as well as some other updates.  Site, which was NEVER 'defaced' BTW,  is now back up and is in the process of being fully restored.

I have not abandoned this project or the other works at SchoolastechWorks, which include BadWords2 and I hope to get back on my feet after a extremely trying string of personal hardships and two tragic losses.

I'd appreciate it if the mods would update the listing as appropriate.

_________________
Robert Anthony Pitera
West of East, Inc. - http://www.westofeast.com - Taking technology in new directions™


Last edited by kaizen on Tue Aug 29, 2006 11:35 pm, edited 1 time in total.

Top
 Profile  
 
Display posts from previous:  Sort by  
Post new topic Reply to topic  [ 7 posts ] 



Who is online

Users browsing this forum: No registered users and 3 guests


You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot post attachments in this forum

Jump to:  
Powered by phpBB® Forum Software © phpBB Group