Actions

Archived

Difference between revisions of "Vulnerable Extensions List (Archived)"

From Joomla! Documentation

(24 intermediate revisions by 9 users not shown)
Line 1: Line 1:
{{review}}
+
{{underconstruction}}  
 
+
For a more recent list please see [[Vulnerable_Extensions_List_oct]]
'''ToDo'''
+
# Some links left to cleanup.
+
# Should this format be converted to a wiki template for easier editing?
+
# Should each item be it's own file?
+
# Links to old forum topics are broken. Is there a pattern we can use to map these to the new forum path/topics?
+
 
+
 
+
  
 
<table border="1" cellpadding="3" cellspacing="3">
 
<table border="1" cellpadding="3" cellspacing="3">
Line 19: Line 12:
 
<tr>
 
<tr>
  
<td style="font-family: inherit; font-style: inherit; font-variant: inherit; font-weight: inherit; font-size: inherit; line-height: inherit; font-size-adjust: inherit; font-stretch: inherit; color: inherit" valign="top">
+
<td>
<p>
+
<b>  A6MamboCredits</b>
+
</p>
+
 
<p>
 
<p>
com_a6mambocredits
+
<b>A6MamboCredits</b>
 
</p>
 
</p>
 +
<p>com_a6mambocredits</p>
 
</td>
 
</td>
  
 
<td>All </td>
 
<td>All </td>
<td>Abandoned. Remove completely or use at your own risk.</td>
+
<td>Abandoned. Remove completely or use at your own risk.</td>
 
<td>[http://secunia.com/advisories/21540/ Secunia Advisory] <br />
 
<td>[http://secunia.com/advisories/21540/ Secunia Advisory] <br />
[http://forum.joomla.org/index.php/topic,86978.0.html Forum Topic<br />] </td>
+
[http://forum.joomla.org/index.php/topic,86978.0.html Forum Topic]</td>
 
<td> 2006</td>
 
<td> 2006</td>
  
Line 46: Line 37:
 
</td>
 
</td>
 
<td> All </td>
 
<td> All </td>
<td> Abandoned. Remove completely or use at your own risk.
+
<td> Abandoned. Remove completely or use at your own risk.
 
</td>
 
</td>
 
<td>  
 
<td>  
Line 52: Line 43:
 
[http://secunia.com/advisories/21540/ Secunia Advisory] <br />
 
[http://secunia.com/advisories/21540/ Secunia Advisory] <br />
  
[http://secunia.com/advisories/21227/">Secunia Advisory]  
+
[http://secunia.com/advisories/21227/ Secunia Advisory]  
 
</td>
 
</td>
 
<td> 2006</td>
 
<td> 2006</td>
Line 68: Line 59:
 
<td> &lt;= 2.2.0</td>
 
<td> &lt;= 2.2.0</td>
 
<td>  
 
<td>  
Abandoned. Remove completely or use at your own risk.  
+
Abandoned. Remove completely or use at your own risk.  
 
</td>
 
</td>
  
<td> [http://forum.joomla.org/index.php/topic,76621.0.html Forum Topic] </td>
+
<td> [http://forum.joomla.org/index.php/topic,76621.0.html Forum Topic]</td>
 
<td> 2006</td>
 
<td> 2006</td>
 
</tr>
 
</tr>
Line 81: Line 72:
 
<td>Upgrade to latest stable version.
 
<td>Upgrade to latest stable version.
 
</td>
 
</td>
<td> [http://www.adobe.com/support/security/advisories/apsa07-01.html Adobe Advisory]  
+
<td>[http://www.adobe.com/support/security/advisories/apsa07-01.html Adobe Advisory]  
 
</td>
 
</td>
<td> 2006</td>
+
<td>2006</td>
 
</tr>
 
</tr>
  
Line 93: Line 84:
 
</td>
 
</td>
  
<td><b> [http://forum.joomla.org/index.php?topic=185805.msg882326#msg882326">Forum Topic] </b><br />
+
<td>[http://forum.joomla.org/index.php?topic=185805.msg882326#msg882326 Forum Topic]<br />
 
</td>
 
</td>
 
<td>June 30, 2006<br />
 
<td>June 30, 2006<br />
Line 104: Line 95:
 
</td>
 
</td>
 
<td> Upgrade to latest stable version.</td>
 
<td> Upgrade to latest stable version.</td>
<td> [http://www.milw0rm.com/exploits/3736 milwOrm Advisory] <br />
+
<td> [http://www.milw0rm.com/exploits/3736 milwOrm Advisory]<br />
[http://www.frsirt.com/english/advisories/2007/1394 FrSIRT Advisory<br />]  <b> [http://forum.joomla.org/index.php/topic,160876.msg775119.html#msg775119">Forum Topic] </b> [http://www.frsirt.com/english/advisories/2007/1394 <br />
+
[http://www.frsirt.com/english/adisories/2007/1394 FrSIRT Advisory]<br />
</td>
+
[http://forum.joomla.org/index.php/topic,160876.msg775119.html#msg775119 Forum Topic]</td>
 
<td> 26 June 2007<br />
 
<td> 26 June 2007<br />
 
</td>
 
</td>
Line 126: Line 117:
 
</td>
 
</td>
  
<td> [http://forum.joomla.org/index.php/topic,76328.0.html Forum Topic]  
+
<td>[http://forum.joomla.org/index.php/topic,76328.0.html Forum Topic]  
 
</td>
 
</td>
 
<td>2006</td>
 
<td>2006</td>
Line 138: Line 129:
 
</td>
 
</td>
 
<td>
 
<td>
<p>
+
<p>[http://www.milw0rm.com/exploits/3734 milwOrm Advisory] <br />
[http://www.milw0rm.com/exploits/3734 milwOrm Advisory] <br />
+
[http://www.frsirt.com/english/advisories/2007/1392 FrSIRT Advisory]<br />
 
+
[http://forum.joomla.org/index.php/topic,160876.msg775119.html#msg775119 Forum Topic]
[http://www.frsirt.com/english/advisories/2007/1392 FrSIRT Advisory<br />
+
<b></b>] <b> [http://forum.joomla.org/index.php/topic,160876.msg775119.html#msg775119">Forum Topic] </b>
+
 
</p>
 
</p>
 
<p>
 
<p>
Line 166: Line 155:
 
<td> No Fix Available. Disable or remove until a fix is available.
 
<td> No Fix Available. Disable or remove until a fix is available.
 
</td>
 
</td>
<td> [http://forum.joomla.org/index.php/topic,81594.0.html Forum Topic]  
+
<td>[http://forum.joomla.org/index.php/topic,81594.0.html Forum Topic]  
  
 
</td>
 
</td>
 
<td> 2006</td>
 
<td> 2006</td>
 +
</tr>
 +
<tr>
 +
<td>
 +
<p>
 +
<b>Bible Study</b>
 +
</p>
 +
<p>
 +
 +
com_biblestudy
 +
</p>
 +
</td>
 +
<td> &lt;= 6.0.7b and below
 +
</td>
 +
<td> Fix Available. SQL Insertion attack
 +
</td>
 +
<td>http://joomlacode.org/gf/project/biblestudy/
 +
 +
</td>
 +
<td> 2008</td>
 
</tr>
 
</tr>
 
<tr>
 
<tr>
Line 202: Line 210:
 
<td>Upgrade to latest stable version.<br />
 
<td>Upgrade to latest stable version.<br />
 
</td>
 
</td>
<td> [http://forum.joomla.org/index.php/topic,77899.0.html Forum Topic] <br />
+
<td>[http://forum.joomla.org/index.php/topic,77899.0.html Forum Topic]<br />
 
[http://secunia.com/advisories/22142/ Secunia Advisory] </td>
 
[http://secunia.com/advisories/22142/ Secunia Advisory] </td>
 
<td> 2006</td>
 
<td> 2006</td>
Line 214: Line 222:
 
<td>  No further information at this time.</td>
 
<td>  No further information at this time.</td>
  
<td> <b> [http://forum.joomla.org/index.php/topic,154777.msg748946.html#msg748946">Forum Topic ] </b></td>
+
<td>[http://forum.joomla.org/index.php/topic,154777.msg748946.html#msg748946 Forum Topic] </b></td>
 
<td> 26 June 2007<br />
 
<td> 26 June 2007<br />
 
</td>
 
</td>
Line 232: Line 240:
 
<td>Upgrade to latest stable version.</td>
 
<td>Upgrade to latest stable version.</td>
  
<td> [http://forum.joomla.org/index.php/topic,82457.0.html Forum Topic] </td>
+
<td>[http://forum.joomla.org/index.php/topic,82457.0.html Forum Topic]</td>
 
<td> 2006</td>
 
<td> 2006</td>
 
</tr>
 
</tr>
Line 248: Line 256:
 
<td> &lt;= 1.2</td>
 
<td> &lt;= 1.2</td>
 
<td>Upgrade to latest stable version.</td>
 
<td>Upgrade to latest stable version.</td>
<td> [http://secunia.com/advisories/21288/" target="_blank Secunia Advisory]<br />
+
<td>[http://secunia.com/advisories/21288/ Secunia Advisory]<br />
 
+
 
[http://forum.joomla.org/index.php/topic,81587.0.html Forum Topic]</td>
 
[http://forum.joomla.org/index.php/topic,81587.0.html Forum Topic]</td>
 
<td> 2006</td>
 
<td> 2006</td>
Line 278: Line 285:
 
[http://forum.joomla.org/index.php/topic,86525.msg441456.html#msg441456 Forum Topic]</td>
 
[http://forum.joomla.org/index.php/topic,86525.msg441456.html#msg441456 Forum Topic]</td>
 
<td> 2006</td>
 
<td> 2006</td>
 +
</tr>
 +
<tr>
 +
<td>
 +
<p>
 +
<b>DS-Syndicate</b>
 +
 +
</p>
 +
<p>
 +
com_ds-syndicate
 +
</p>
 +
</td>
 +
<td>All versions?</td>
 +
<td>
 +
<p>SQL injection vulnerability.<br />
 +
Remove completely or use at your own risk.<br />Component has been removed from JED. Abandoned?
 +
</p>
 +
</p>
 +
</td>
 +
<td>
 +
[http://www.frsirt.com/english/advisories/2008/2859 http://www.frsirt.com/english/advisories/2008/2859]
 +
<td>Nov. 27, 2008</td>
 
</tr>
 
</tr>
 
<tr>
 
<tr>
Line 452: Line 480:
 
<td>
 
<td>
 
<p>
 
<p>
[http://www.milw0rm.com/exploits/3753">MilwOrm Advisory] <br />
+
[http://www.milw0rm.com/exploits/3753 MilwOrm Advisory] <br />
[http://www.frsirt.com/english/advisories/2007/1429">FrSIRT Advisory]   
+
[http://www.frsirt.com/english/advisories/2007/1429 FrSIRT Advisory]   
 
</p>
 
</p>
  
Line 500: Line 528:
 
<td> &lt;= 1.2.1</td>
 
<td> &lt;= 1.2.1</td>
 
<td>Upgrade to latest stable version.</td>
 
<td>Upgrade to latest stable version.</td>
<td> [http://forum.joomla.org/index.php/topic,77899.0.html Forum Topic] </td>
+
<td>[http://forum.joomla.org/index.php/topic,77899.0.html Forum Topic]</td>
  
 
<td> 2006</td>
 
<td> 2006</td>
Line 516: Line 544:
 
<td> &lt;= 2.0-1.0 RC2</td>
 
<td> &lt;= 2.0-1.0 RC2</td>
 
<td> Patch Available.  <br />
 
<td> Patch Available.  <br />
See [http://forum.joomla.org/index.php/topic,81064.msg418374.html#msg418374 this post.] </td>
+
See [http://forum.joomla.org/index.php/topic,81064.msg418374.html#msg418374 this post]. </td>
  
<td> [http://forum.joomla.org/index.php/topic,81064.0.html Forum Topic] </td>
+
<td>[http://forum.joomla.org/index.php/topic,81064.0.html Forum Topic] </td>
 
<td> 2006</td>
 
<td> 2006</td>
 
</tr>
 
</tr>
Line 538: Line 566:
 
<p>
 
<p>
 
Abandoned project. <br />
 
Abandoned project. <br />
Upgrade to [http://joomlacode.org/gf/project/nuwiki/">nuWiki]  
+
Upgrade to [http://joomlacode.org/gf/project/nuwiki/ nuWiki]  
 
</p>
 
</p>
 
</td>
 
</td>
Line 567: Line 595:
 
</td>
 
</td>
 
<td>Upgrade to latest stable version. The developer fixed security issues but didn't create a higher version number.</td>
 
<td>Upgrade to latest stable version. The developer fixed security issues but didn't create a higher version number.</td>
<td> [http://secunia.com/advisories/21545/ Secunia Advisory] </td>
+
<td>[http://secunia.com/advisories/21545/ Secunia Advisory] </td>
  
 
<td> 2006</td>
 
<td> 2006</td>
Line 577: Line 605:
  
 
<td> Upgrade to latest stable version.</td>
 
<td> Upgrade to latest stable version.</td>
<td> <b> [http://forum.joomla.org/index.php/topic,226147.0.html  Forum Topic] </b></td>
+
<td>[http://forum.joomla.org/index.php/topic,226147.0.html  Forum Topic]</td>
 
<td>27 Oct 2007<br />
 
<td>27 Oct 2007<br />
 
</td>
 
</td>
Line 594: Line 622:
  
 
<td> Upgrade to latest stable version.</td>
 
<td> Upgrade to latest stable version.</td>
<td><b> [http://forum.joomla.org/index.php/topic,163589.msg847010.html#msg847010">Forum Topic ] </b></td>
+
<td>[http://forum.joomla.org/index.php/topic,163589.msg847010.html#msg847010 Forum Topic]</td>
 
<td> 26 June 2007<br />
 
<td> 26 June 2007<br />
 
</td>
 
</td>
Line 630: Line 658:
  
 
<td> &lt;= 1.2.4</td>
 
<td> &lt;= 1.2.4</td>
<td>Upgrade to latest stable version. [http://www.thejfactory.com ] </td>
+
<td>Upgrade to latest stable version. [http://www.thejfactory.com] </td>
<td> [http://forum.joomla.org/index.php?topic=180367">Forum Topic]   
+
<td>[http://forum.joomla.org/index.php?topic=180367 Forum Topic]   
 
</td>
 
</td>
 
<td> May 2007</td>
 
<td> May 2007</td>
Line 664: Line 692:
 
</td>
 
</td>
 
<td> &lt;= 4.0j</td>
 
<td> &lt;= 4.0j</td>
<td> Upgrade to version 4.1 then apply Security Patch 1.  [http://mamboxchange.com/frs/?group_id=39&amp;release_id=5995 Download here.] </td>
+
<td> Upgrade to version 4.1 then apply Security Patch 1.  [http://mamboxchange.com/frs/?group_id=39&amp;release_id=5995 Download here].</td>
 
<td>  [http://forum.joomla.org/index.php/topic,76337.0.html Forum Topic] <br />
 
<td>  [http://forum.joomla.org/index.php/topic,76337.0.html Forum Topic] <br />
  
[http://mamboxchange.com/forum/forum.php?forum_id=7638 MamboExchange Advisory<br />] </td>
+
[http://mamboxchange.com/forum/forum.php?forum_id=7638 MamboExchange Advisory]</td>
 
<td> 2006</td>
 
<td> 2006</td>
 
</tr>
 
</tr>
Line 700: Line 728:
 
<td> &lt;= 1.x</td>
 
<td> &lt;= 1.x</td>
  
<td> Upgrade to 1.5 (or to Joom!Fish)  [http://mamboxchange.com/frs/download.php/4518/MambelFish_1.5.zip Download Mambelfish<br />]  [http://extensions.joomla.org/component/option,com_mtree/task,viewlink/link_id,460/Itemid,35/ Download Joom!Fish ] </td>
+
<td> Upgrade to 1.5 (or to Joom!Fish)  [http://mamboxchange.com/frs/download.php/4518/MambelFish_1.5.zip Download Mambelfish<br />]  [http://extensions.joomla.org/component/option,com_mtree/task,viewlink/link_id,460/Itemid,35/ Download Joom!Fish] </td>
 
<td>  [http://secunia.com/advisories/21544/ Secunia Advisory] </td>
 
<td>  [http://secunia.com/advisories/21544/ Secunia Advisory] </td>
 
<td> 2006</td>
 
<td> 2006</td>
Line 741: Line 769:
 
<td>
 
<td>
 
<p>
 
<p>
[http://securityreason.com/exploitalert/846 Security Reason Advisory<br />]  [http://forum.joomla.org/index.php/topic,76898.0.html Forum Topic] <br />
+
[http://securityreason.com/exploitalert/846 Security Reason Advisory]  [http://forum.joomla.org/index.php/topic,76898.0.html Forum Topic] <br />
 
[http://securityreason.com/exploitalert/846 Security Reason]  
 
[http://securityreason.com/exploitalert/846 Security Reason]  
 
</p>
 
</p>
Line 759: Line 787:
 
</td>
 
</td>
 
<td> &lt;= 1.5.8</td>
 
<td> &lt;= 1.5.8</td>
<td>Upgrade to latest stable version. [http://www.mosets.com/download/ ] </td>
+
<td>Upgrade to latest stable version. [http://www.mosets.com/download/] </td>
 
<td>  [http://forum.joomla.org/index.php/topic,78298.0.html Forum Topic] </td>
 
<td>  [http://forum.joomla.org/index.php/topic,78298.0.html Forum Topic] </td>
  
Line 775: Line 803:
 
</td>
 
</td>
 
<td> &lt;= 1.0.8</td>
 
<td> &lt;= 1.0.8</td>
<td> Temporary Fix Available.  See  [http://forum.joomla.org/index.php/topic,78533.0.html this thread] for details.</td>
+
<td> Temporary Fix Available.  See  [http://forum.joomla.org/index.php/topic,78533.0.html this thread] for details.</td>
  
 
<td>  [http://forum.joomla.org/index.php/topic,78533.0.html Forum Topic] </td>
 
<td>  [http://forum.joomla.org/index.php/topic,78533.0.html Forum Topic] </td>
Line 830: Line 858:
 
</td>
 
</td>
 
<td> &lt;= 2.0.0 RC5 Unpatched</td>
 
<td> &lt;= 2.0.0 RC5 Unpatched</td>
<td> [http://projects.j-prosolution.com/project-news/opensef-news/security-patch-for-opensef.html Download patch ] </td>
+
<td> [http://projects.j-prosolution.com/project-news/opensef-news/security-patch-for-opensef.html Download patch] </td>
 
<td valign="top"> [http://forum.joomla.org/index.php/topic,77301.0.html Forum Topic] </td>
 
<td valign="top"> [http://forum.joomla.org/index.php/topic,77301.0.html Forum Topic] </td>
 
<td> 2006</td>
 
<td> 2006</td>
Line 865: Line 893:
 
<td>&lt;= v1_beta </td>
 
<td>&lt;= v1_beta </td>
 
<td>Upgrade to latest stable version. [http://forge.joomla.org/sf/frs/do/viewRelease/projects.performs/frs.com_performs.com_performs_v2_beta ] </td>
 
<td>Upgrade to latest stable version. [http://forge.joomla.org/sf/frs/do/viewRelease/projects.performs/frs.com_performs.com_performs_v2_beta ] </td>
<td>  [http://secunia.com/advisories/21044/ Secunia Advisory<br />
+
<td>  [http://secunia.com/advisories/21044/ Secunia Advisory]<br />  [http://forum.joomla.org/index.php/topic,76654.0.html Forum Topic] <br />
]   [http://forum.joomla.org/index.php/topic,76654.0.html Forum Topic] <br />
+
 
[http://forum.joomla.org/index.php/topic,76862.0.html Forum Topic] <br />
 
[http://forum.joomla.org/index.php/topic,76862.0.html Forum Topic] <br />
 
</td>
 
</td>
Line 878: Line 905:
 
<td> Upgrade to latest version.<br />
 
<td> Upgrade to latest version.<br />
 
</td>
 
</td>
<td>  [http://forum.joomla.org/index.php?topic=174770.new#new">Forum Topic]  
+
<td>  [http://forum.joomla.org/index.php?topic=174770.new#new Forum Topic]  
  
 
<br />
 
<br />
Line 896: Line 923:
 
</td>
 
</td>
 
<td> &lt;= 1.1.5</td>
 
<td> &lt;= 1.1.5</td>
<td>Upgrade to latest stable version. [http://forge.joomla.org/sf/frs/do/viewRelease/projects.peoplebook/frs.component.component_1_1_6_0 ] </td>
+
<td>Upgrade to latest stable version. [http://forge.joomla.org/sf/frs/do/viewRelease/projects.peoplebook/frs.component.component_1_1_6_0] </td>
  
<td> [http://forge.joomla.org/sf/go/artf5410?nav=1 Joomla Forge<br />]  </td>
+
<td>[http://forge.joomla.org/sf/go/artf5410?nav=1 Joomla Forge]  </td>
 
<td> 2006</td>
 
<td> 2006</td>
 
</tr>
 
</tr>
Line 912: Line 939:
 
</td>
 
</td>
 
<td> &lt;= 0.8</td>
 
<td> &lt;= 0.8</td>
<td> Author suggest manually patching. [http://www.princeclan.org/ ] </td>
+
<td> Author suggest manually patching. [http://www.princeclan.org/] </td>
  
<td> See  [http://www.princeclan.org/ this site.] </td>
+
<td> See  [http://www.princeclan.org/ this site]. </td>
 
<td> 2006</td>
 
<td> 2006</td>
 
</tr>
 
</tr>
Line 928: Line 955:
 
</td>
 
</td>
 
<td> &lt;= 1.22.07</td>
 
<td> &lt;= 1.22.07</td>
<td>Upgrade to latest stable version. [http://www.joomlaxt.com/index.php?option=com_remository&amp;Itemid=77&amp;func=fileinfo&amp;id=9 ] </td>
+
<td>Upgrade to latest stable version. [http://www.joomlaxt.com/index.php?option=com_remository&amp;Itemid=77&amp;func=fileinfo&amp;id=9] </td>
  
 
<td> [http://secunia.com/advisories/21068/ Secunia Advisory] <br />
 
<td> [http://secunia.com/advisories/21068/ Secunia Advisory] <br />
Line 948: Line 975:
  
 
<td> &lt;= 1.11.3</td>
 
<td> &lt;= 1.11.3</td>
<td>Upgrade to latest stable version. [http://forge.joomla.org/sf/go/projects.rsgallery2/frs.rsg2_alpha_builds.rsg2_1_11_4 ] </td>
+
<td>Upgrade to latest stable version. [http://forge.joomla.org/sf/go/projects.rsgallery2/frs.rsg2_alpha_builds.rsg2_1_11_4]</td>
 
<td>  [http://forum.joomla.org/index.php/topic,73453.0.html Forum Topic]  
 
<td>  [http://forum.joomla.org/index.php/topic,73453.0.html Forum Topic]  
 
</td>
 
</td>
Line 960: Line 987:
 
<td> Upgrade to latest stable version.</td>
 
<td> Upgrade to latest stable version.</td>
  
<td><b> [http://forum.joomla.org/index.php/topic,154792.msg749006.html#msg749006">Forum Topic] </b></td>
+
<td><b> [http://forum.joomla.org/index.php/topic,154792.msg749006.html#msg749006 Forum Topic] </b></td>
 
<td> 26 June 2007<br />
 
<td> 26 June 2007<br />
 
</td>
 
</td>
Line 1,015: Line 1,042:
  
 
<td> Abandoned.  Remove completely or use at your own risk.<br />
 
<td> Abandoned.  Remove completely or use at your own risk.<br />
[http://www.simplemachines.org/community/index.php?topic=97649.0 ] </td>
+
[http://www.simplemachines.org/community/index.php?topic=97649.0] </td>
 
<td>  
 
<td>  
 
[http://secunia.com/advisories/21055/ Secunia Advisory] <br />
 
[http://secunia.com/advisories/21055/ Secunia Advisory] <br />
Line 1,035: Line 1,062:
 
</td>
 
</td>
 
<td> All</td>
 
<td> All</td>
<td>Upgrade to latest JoomlaBoard.  JoomlaBoard is compatible with SimpleBoard.  [http://developer.joomla.org/sf/frs/do/viewRelease/projects.simpleboard/frs.joomlaboard_1_1.joomlaboard_1_1_2 Download here.] </td>
+
<td>Upgrade to latest JoomlaBoard.  JoomlaBoard is compatible with SimpleBoard.  [http://developer.joomla.org/sf/frs/do/viewRelease/projects.simpleboard/frs.joomlaboard_1_1.joomlaboard_1_1_2 Download here].</td>
 
<td>
 
<td>
  
Line 1,059: Line 1,086:
 
<td>
 
<td>
 
<p>
 
<p>
Versions other than 1.1RC2.  Fix Available.  [http://www.simplemachines.org/community/index.php?topic=100140.0 <br />
+
Versions other than 1.1RC2.  Fix Available.  [http://www.simplemachines.org/community/index.php?topic=100140.0 See this thread].
See this thread.]  
+
 
</p>
 
</p>
  
Line 1,117: Line 1,143:
 
</td>
 
</td>
 
<td> &lt;= 1.1.1 (?)</td>
 
<td> &lt;= 1.1.1 (?)</td>
<td>Upgrade to latest stable version. [http://www.ravenswoodit.co.uk/index.php?option=com_docman&amp;task=cat_view&amp;gid=78&amp;Itemid=13 ] </td>
+
<td>Upgrade to latest stable version. [http://www.ravenswoodit.co.uk/index.php?option=com_docman&amp;task=cat_view&amp;gid=78&amp;Itemid=13] </td>
 
<td>  [http://forum.joomla.org/index.php/topic,81308.msg416865.html#msg416865 Forum Topic]<br />
 
<td>  [http://forum.joomla.org/index.php/topic,81308.msg416865.html#msg416865 Forum Topic]<br />
 
   [http://secunia.com/advisories/21305/ Secunia Advisory] <br />
 
   [http://secunia.com/advisories/21305/ Secunia Advisory] <br />
Line 1,127: Line 1,153:
 
<td><b>VirtueMart</b></td>
 
<td><b>VirtueMart</b></td>
  
<td> &lt;= 1.0.11</td>
+
<td> &lt;= 1.0.13a</td>
<td>Upgrade to version 1.1.11 and apply patch. Available  [http://virtuemart.net/index.php?option=com_docman&amp;task=cat_view&amp;gid=101&amp;Itemid=66 here.] </td>
+
<td>Upgrade to version >= 1.0.14. Available  [http://virtuemart.net/index.php?option=com_content&task=view&id=54&Itemid=147 here]. </td>
<td> [http://forum.joomla.org/index.php/topic,183215.0.html  Forum Topic] </td>
+
<td> [http://virtuemart.net/index.php?option=com_content&task=view&id=275&Itemid=127 Security Bulletin] </td>
<td>June 2007</td>
+
<td>January 2008</td>
 
</tr>
 
</tr>
 
<tr>
 
<tr>
Line 1,138: Line 1,164:
 
<td> 2.1.1</td>
 
<td> 2.1.1</td>
 
<td> Upgrade to latest stable version.</td>
 
<td> Upgrade to latest stable version.</td>
<td> <b> [http://forum.joomla.org/index.php/topic,146478.msg737784.html#msg737784">Forum Topic ] </b></td>
+
<td>[http://forum.joomla.org/index.php/topic,146478.msg737784.html#msg737784 Forum Topic]</td>
  
 
<td> 26 June 2007<br />
 
<td> 26 June 2007<br />
Line 1,147: Line 1,173:
 
<td>&lt;= 2.5.1 RC4</td>
 
<td>&lt;= 2.5.1 RC4</td>
  
<td> [http://www.zoomfactory.org/index.php?option=com_remository&amp;Itemid=61&amp;func=select&amp;id=1 Upgrade to latest stable version.] </td>
+
<td> [http://www.zoomfactory.org/index.php?option=com_remository&amp;Itemid=61&amp;func=select&amp;id=1 Upgrade to latest stable version].</td>
 
<td> [http://www.frsirt.com/english/advisories/2007/1353 FrSIRT Advisory] <br />
 
<td> [http://www.frsirt.com/english/advisories/2007/1353 FrSIRT Advisory] <br />
 
[http://forum.joomla.org/index.php/topic,160119.0.html Forum Topic] </td>
 
[http://forum.joomla.org/index.php/topic,160119.0.html Forum Topic] </td>
 
<td> 2006</td>
 
<td> 2006</td>
 
</tr>
 
</tr>
 +
                <tr>
 +
                        <td> <b>BF Survey Pro<br />BF Survey Basic<br />BF Quiz</b></td>
 +
                        <td>&lt;=1.2.5<br />&lt;=1.0<br />&lt;=1.1.1</td>
 +
                        <td>[http://www.tamlyncreative.com.au/software/index.php/downloads.html Upgrade to latest versions]</td>
 +
                        <td>[http://forum.joomla.org/viewtopic.php?f=431&t=336055&start=0 Forum Post]<br />[http://www.tamlyncreative.com.au/software/forum/index.php?topic=357.0 Developer's Forum Post]</td>
 +
                        <td>September, 2009</td>
 +
                </tr>
 +
                <tr>
 +
                        <td> <b>Photoblog (com_photoblog)</td>
 +
                        <td>Unknown</td>
 +
                        <td>Unknown</td>
 +
                        <td>[http://www.securityfocus.com/bid/36809/info Security Focus Advisory]</td>
 +
                        <td>October 26, 2009</td>
 +
                </tr>
 +
 
</table>
 
</table>
  
 
[[Category:Security]]
 
[[Category:Security]]

Revision as of 13:41, 8 October 2011

Replacement filing cabinet.png
This page has been archived - Please Do Not Edit or Create Pages placed in this namespace. The pages in the Archived namespace exist only as a historical reference, it will not be improved and its content may be incomplete.
Documentation all together tranparent small.png
Under Construction

This article or section is in the process of an expansion or major restructuring. You are welcome to assist in its construction by editing it as well. If this article or section has not been edited in several days, please remove this template.
This article was last edited by Mandville (talk| contribs) 2 years ago. (Purge)

For a more recent list please see Vulnerable_Extensions_List_oct

Name Versions Solution References Updated

A6MamboCredits

com_a6mambocredits

All Abandoned. Remove completely or use at your own risk. Secunia Advisory
Forum Topic
2006

A6MamboHelpDesk

com_a6mambohelpdesk

All Abandoned. Remove completely or use at your own risk.

Forum Topic
Secunia Advisory

Secunia Advisory

2006

Advanced Poll

com_advancedpoll (?)

<= 2.2.0

Abandoned. Remove completely or use at your own risk.

Forum Topic 2006
Adobe Acrobat Reader
(Not a Joomla! extension, but worth noting.)
<= 7.0.8 Upgrade to latest stable version. Adobe Advisory 2006
Akocomment All SQL Injection with PHP magic_quotes OFF. No upgrade path yet.

Fix: Turn PHP magic_quotes ON

Forum Topic
June 30, 2006
Article <= 1.1
Upgrade to latest stable version. milwOrm Advisory

FrSIRT Advisory

Forum Topic
26 June 2007

ArtLinks

com_artlinks

All Abandoned. Remove completely or use at your own risk. Forum Topic 2006
AutoStand <= 1.1
No further information at this time.

milwOrm Advisory
FrSIRT Advisory
Forum Topic

 

26 June 2007

Bayesian Naive Filter

com_bayesiannaivefilter

<= 1.1 No Fix Available. Disable or remove until a fix is available. Forum Topic 2006

Bible Study

com_biblestudy

<= 6.0.7b and below Fix Available. SQL Insertion attack http://joomlacode.org/gf/project/biblestudy/ 2008

BigApe Backup

com_babackup

All A patch is available from the developer. See this post. Secunia Advisory
Forum Topic
2006

BSQ Site Stats

com_bsqsitestats

<= 2.2.1 Upgrade to latest stable version.
Forum Topic
Secunia Advisory
2006
Car Manager
<= 1.1
No further information at this time. Forum Topic 26 June 2007

Classifieds

com_classifieds

<= 1.3 Upgrade to latest stable version. Forum Topic 2006

Colophon

com_colophon

<= 1.2 Upgrade to latest stable version. Secunia Advisory
Forum Topic
2006

Community Builder

com_profiler

<= 1.0.0

Upgrade to latest stable version.

See here for a fix for register_globals = off

Jomopolis Topic

Forum Topic

Forum Topic
2006

DS-Syndicate

com_ds-syndicate

All versions?

SQL injection vulnerability.
Remove completely or use at your own risk.
Component has been removed from JED. Abandoned?

http://www.frsirt.com/english/advisories/2008/2859

Nov. 27, 2008

Events

com_events

<= 1.3 Beta Upgrade to latest stable version. Forum Topic 2006
Expose Flash Gallery RC4 Download patch
Forum Topic 20 July 2007

ExtCalendar

com_extcalendar

<= 0.9.1 Upgrade to version 0.9.2. Seethis post for details. Also check the new forked project, JCal. Secunia Advisory

Forum Topic
Forum Topic

Forum Topic
2006

Facile Forms

com_facileforms

<= 1.4.6 Upgrade to latest stable version. Forum Topic 2006

Galleria

com_galleria

All Abandoned. Remove completely or use at your own risk. NVD Advisory
Forum Topic
2006

Gmaps

com_gmaps

<=1.01 Upgrade to the latest version, which can be downloaded here
Security Focus Advisory
6 August 2007

Hash Cash

com_hashcash

All Abandoned. Remove completely or use at your own risk. Secunia Advisory
2006

Hot Property

com_hotproperties (?)

<= 0.97 Upgrade to latest stable version. No references available at this time. 2006

JCE

com_jce

<= 1.0.4 Apply patch, download it here, or use latest stable version.

Secunia Advisory
Cellardoor
Secunia Advisory

2006

JoomlaPack

com_jpack

1.0.4a2 RE Upgrade to latest stable version.

MilwOrm Advisory
FrSIRT Advisory

2006

JoomlaBoard

com_joomlaboard

<= 1.1.1

Upgrade to latest stable version.

RG_EMULATION Fix

Secunia Advisory

Forum Topic

Forum Topic

2006

JoomlaLib

com_joomlalib

<= 1.2.1 Upgrade to latest stable version. Forum Topic 2006

JD-WordPress

com_jd-wp

<= 2.0-1.0 RC2 Patch Available.
See this post.
Forum Topic 2006

JD-Wiki

com_jd-wiki

All

Abandoned project.
Upgrade to nuWiki

Forum Topic

Forum Topic

6 July 2007

JIM 1.0.1. (PMS)

com_jim

1.0.1
Upgrade to latest stable version. The developer fixed security issues but didn't create a higher version number. Secunia Advisory 2006
joomSEF (ARTIO) <=2.2.1 Upgrade to latest stable version. Forum Topic 27 Oct 2007

jPack

com_jpack

< 1.0.4-b1 Upgrade to latest stable version. Forum Topic 26 June 2007

Link Directory

com_linkdirectory

All
Remove. Abandoned project.
No references. 2006

Letterman

mod_letterman

<= 1.2.4 Upgrade to latest stable version. [1] Forum Topic May 2007

LMO

com_lmo

<= 1.0b2 Upgrade to latest stable version. [2] FrSIRT Advisory
Forum Topic
2006

LoudMouth

com_loudmouth

<= 4.0j Upgrade to version 4.1 then apply Security Patch 1. Download here. Forum Topic
MamboExchange Advisory
2006

MamCom (?)

com_trade

All
Abandoned. Remove completely or use at your own risk.
*Unconfirmed* 2006

MambelFish 1.x

com_mambelfish

<= 1.x Upgrade to 1.5 (or to Joom!Fish) Download Mambelfish
Download Joom!Fish
Secunia Advisory 2006

Mambo Gallery Manager

com_mgm

All Abandoned. Remove completely or use at your own risk. Forum Topic
FrSIRT Advisory
2006

MiniBB

com_minibb

<= 1.5a Abandoned. Remove completely or use at your own risk.

Security Reason Advisory Forum Topic
Security Reason

2006

Mos Tree

com_mtree

<= 1.5.8 Upgrade to latest stable version. [3] Forum Topic 2006

MosMedia

com_mosmedia

<= 1.0.8 Temporary Fix Available. See this thread for details. Forum Topic 2006

MoSpray

com_mospray

<= 1.8 RC1 Abandoned. Remove completely or use at your own risk. Forum Topic 2006

Multibanners

com_multibanners

* Note: Not the same as the Multibanners Module.

All
Abandoned. Remove completely or use at your own risk. Secunia Advisory

Forum Topic

2006

OpenSEF

com_sef

<= 2.0.0 RC5 Unpatched Download patch Forum Topic 2006

PC Cook Book

com_pccookbook

<= 1.3.1 No Fix Available. Disable or remove. FrSIRT Advisory

Forum Topic

2006

Per Forms

com_performs

<= v1_beta Upgrade to latest stable version. [4] Secunia Advisory
Forum Topic

Forum Topic

2006
Phil-A-Form < 1.2
Upgrade to latest version.
Forum Topic



May 2007

People Book

com_peoplebook

<= 1.1.5 Upgrade to latest stable version. [5] Joomla Forge 2006

Prince Clan Chess

com_pcchess

<= 0.8 Author suggest manually patching. [6] See this site. 2006

PollXT

com_pollxt

<= 1.22.07 Upgrade to latest stable version. [7] Secunia Advisory

Forum Topic
Secunia Advisory

2006

RS Gallery2

com_rsgallery2

<= 1.11.3 Upgrade to latest stable version. [8] Forum Topic 06
RWCards < 2.4.4
Upgrade to latest stable version. Forum Topic 26 June 2007
Security Images

com_securityimages

<= 3.0.5 Upgrade to latest stable version. Secunia Advisory

Forum Topic

June 2007
SEF404x

com_sef

All No Fix Available. Remove completely or use at your own risk. No references.
2006
sh404SEF 1.2.4 t, u, or w Patch or update.
Forum Topic 23 Oct, 2007

Site Map

com_sitemap


All
Abandoned. Remove completely or use at your own risk.
[9]

Secunia Advisory
Forum Topic
Secunia Advisory

2006

SimpleBoard

com_simpleboard

All Upgrade to latest JoomlaBoard. JoomlaBoard is compatible with SimpleBoard. Download here.

Secunia Advisory
Secunia Advisory
Forum Topic
Secunia Advisory

2006

SMF Bridge

com_smf

<= 1.1.4

Versions other than 1.1RC2. Fix Available. See this thread.

 

Version 1.1RC2 only. Upgrade available.
See this thread.

Secunia Advisory

Simple Machines Advisory
Forum Topic
Forum Topic
Forum Topic
Forum Topic

Secunia Advisory

2006

TaskHopper

com_thopper

<= 1.1
Upgrade to latest version.

Forum Topic

2006

User Home Pages 1 and 2

com_uhp and com_uhp2

<= 1.1.1 (?) Upgrade to latest stable version. [10] Forum Topic
  Secunia Advisory 

Forum Topic

June 2007
VirtueMart <= 1.0.13a Upgrade to version >= 1.0.14. Available here. Security Bulletin January 2008
WordPress
(Not a Joomla! extension, but worth noting.)
2.1.1 Upgrade to latest stable version. Forum Topic 26 June 2007
zOOm Media Gallery <= 2.5.1 RC4 Upgrade to latest stable version. FrSIRT Advisory
Forum Topic
2006
BF Survey Pro
BF Survey Basic
BF Quiz
<=1.2.5
<=1.0
<=1.1.1
Upgrade to latest versions Forum Post
Developer's Forum Post
September, 2009
Photoblog (com_photoblog) Unknown Unknown Security Focus Advisory October 26, 2009