Difference between revisions of "Vulnerable Extensions List 0210"
From Joomla! Documentation
(New page: {| cellspacing="0" cellpadding="0" style="margin:0em 0em 1em 0em; width:100%" | colspan="1" style="width:100%; vertical-align:top; text-align: center; border:1px solid red; background-colo...) |
m (Tom Hutchison moved page Vulnerable Extensions List 0210 to Archived:Vulnerable Extensions List 0210: archiving) |
||
| (21 intermediate revisions by 3 users not shown) | |||
| Line 1: | Line 1: | ||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
== February 2010 Reported Vulnerable Extensions == | == February 2010 Reported Vulnerable Extensions == | ||
<startFeed /> | <startFeed /> | ||
'''Please check with the extension publisher in case of any questions over the security of their product.''' | '''Please check with the extension publisher in case of any questions over the security of their product.''' | ||
| − | Report Vulnerable extensions either in the [[jforum:432]] security | + | Report Vulnerable extensions either in the [[jforum:432]] security topic clearly marked with the first word in the title being ''Vulnerable Report'' where the security moderators or JSST team will respond. For a guide to the [http://docs.joomla.org/Vulnerable_Extensions_List_0210#Codes_used codes] |
| − | |||
| − | |||
| − | |||
| − | [http://docs.joomla.org/ | ||
| − | |||
| + | [http://docs.joomla.org/Vulnerable_Extensions_List Previous Reports] | ||
{| class="wikitable sortable" border="1" | {| class="wikitable sortable" border="1" | ||
| Line 24: | Line 11: | ||
! '''Extension''' | ! '''Extension''' | ||
! class="unsortable"| '''Details''' | ! class="unsortable"| '''Details''' | ||
| − | ! ''' | + | ! '''Date Added''' |
| − | ! '''Extension Update Link''' | + | ! '''Extension Update Link & Date''' |
|- | |- | ||
| + | |style="background:red; color:white" | | ||
| − | + | == [http://extensions.joomla.org/extensions/multimedia/video-players-a-gallery/9501 Jvideodirect] == | |
| − | | | + | | SQLi |
| − | | | + | |Jan 29 |
| + | |style="background:red; color:white" | ''' Not Known''' | ||
|- | |- | ||
| + | |style="#cef2e0; color:black" | | ||
| − | + | == [http://extensions.joomla.org/extensions/calendars-a-events/events/95 JEvent] == | |
| − | | | + | | SQLi |
| − | | | + | |reported Jan 29 |
| − | | | + | |style="background:#cef2e0; color:black" | ''' fixes in version 1.5.3.b''' |
|- | |- | ||
| − | | | + | |style="background:red; color:white" | |
| − | | | + | == Item3 == |
| − | | | + | |3a |
| − | | | + | |3b |
| + | |3c | ||
|- | |- | ||
| − | | | + | |style="background:red; color:white" | |
| + | == Item4 == | ||
| | | | ||
| | | | ||
| Line 49: | Line 41: | ||
|} | |} | ||
<endFeed /> | <endFeed /> | ||
| + | |||
| + | ''This list is change protected, for updates or additions [http://forum.joomla.org/memberlist.php?mode=viewprofile&u=28000 Mandville] or [http://forum.joomla.org/memberlist.php?mode=viewprofile&u=87230 lafrance] | ||
| + | '' | ||
| + | |||
| + | |||
| + | |||
| + | == Codes used == | ||
| + | SQLi - SQL injection [http://en.wikipedia.org/wiki/Code_injection#SQL_injection wikipedia] | ||
| + | |||
| + | LFI - Local File Inclusion [http://www.scribd.com/doc/6498408/Remote-and-Local-File-Inclusion-Explained scribd] | ||
| + | |||
| + | RFI - Remote file inclusion [http://en.wikipedia.org/wiki/Remote_File_Inclusion wikipedia] | ||
| + | |||
| + | DT - Directory Traversal [http://en.wikipedia.org/wiki/Directory_traversal wikipedia] | ||
| + | |||
| + | == Developers - How to get yourself removed from the from the VEL == | ||
| + | |||
| + | Resolved items will be removed after a suitable period and not on resolution | ||
| + | |||
| + | Please solve the issues and: | ||
| + | |||
| + | * If JED listed | ||
| + | Attach the new zip file at your actual JED listing. | ||
| + | |||
| + | Change the extension version at JED listing. | ||
| + | |||
| + | Contact the JED by mail with a notice and ask them republish your listing. | ||
| + | |||
| + | |||
| + | * If not JED listed. | ||
| + | Inform us by PM of the link to your resolution notice on your website. | ||
| + | |||
| + | |||
| + | NB '''We do not fix, we report''' | ||
| + | |||
| + | |||
| + | == Notes == | ||
| + | We try and put the newest item to the top of the list but it is not always possible. | ||
| + | List as discussed in [[jtopic:455746]] by [http://forum.joomla.org/memberlist.php?mode=viewprofile&u=67439 PhilD] editing by [http://forum.joomla.org/memberlist.php?mode=viewprofile&u=28000 Mandville] | ||
| + | For instructions on how to [http://forum.joomla.org/viewtopic.php?f=432&t=478030 receive the feed.] | ||
| + | ---- | ||
| + | |||
| + | |||
| + | ---- | ||
| + | |||
| + | [[Category:Archived pages]] | ||
Latest revision as of 14:17, 15 January 2014
This page has been archived. This page contains information for an unsupported Joomla! version or is no longer relevant. It exists only as a historical reference, it will not be improved and its content may be incomplete and/or contain broken links.
February 2010 Reported Vulnerable Extensions[edit]
<startFeed />
Please check with the extension publisher in case of any questions over the security of their product. Report Vulnerable extensions either in the jforum:432 security topic clearly marked with the first word in the title being Vulnerable Report where the security moderators or JSST team will respond. For a guide to the codes
| Extension | Details | Date Added | Extension Update Link & Date |
|---|---|---|---|
Jvideodirect[edit] |
SQLi | Jan 29 | Not Known |
JEvent[edit] |
SQLi | reported Jan 29 | fixes in version 1.5.3.b |
Item3[edit] |
3a | 3b | 3c |
Item4[edit] |
<endFeed />
This list is change protected, for updates or additions Mandville or lafrance
Codes used[edit]
SQLi - SQL injection wikipedia
LFI - Local File Inclusion scribd
RFI - Remote file inclusion wikipedia
DT - Directory Traversal wikipedia
Developers - How to get yourself removed from the from the VEL[edit]
Resolved items will be removed after a suitable period and not on resolution
Please solve the issues and:
- If JED listed
Attach the new zip file at your actual JED listing.
Change the extension version at JED listing.
Contact the JED by mail with a notice and ask them republish your listing.
- If not JED listed.
Inform us by PM of the link to your resolution notice on your website.
NB We do not fix, we report
Notes[edit]
We try and put the newest item to the top of the list but it is not always possible. List as discussed in jtopic:455746 by PhilD editing by Mandville For instructions on how to receive the feed.