Actions

Archived

Vulnerable Extensions List (Archived)

From Joomla! Documentation

Revision as of 01:35, 1 April 2008 by Rliskey (Talk | contribs)

Replacement filing cabinet.png
This page has been archived - Please Do Not Edit or Create Pages placed in this namespace. The pages in the Archived namespace exist only as a historical reference, it will not be improved and its content may be incomplete.
Name Versions Solution References Updated

A6MamboCredits

com_a6mambocredits

All Abandoned. Remove completely or use at your own risk. <a href="http://secunia.com/advisories/21540/" target="_blank">Secunia Advisory</a>

<a href="http://forum.joomla.org/index.php/topic,86978.0.html" target="_blank">Forum Topic

</a>
2006

A6MamboHelpDesk

com_a6mambohelpdesk

All Abandoned. Remove completely or use at your own risk.

<a href="http://forum.joomla.org/index.php/topic,80890.0.html" target="_blank">Forum Topic</a>
<a href="http://secunia.com/advisories/21540/" target="_blank">Secunia Advisory</a>

<a href="http://secunia.com/advisories/21227/">Secunia Advisory</a>

2006

Advanced Poll

com_advancedpoll (?)

<= 2.2.0

Abandoned. Remove completely or use at your own risk.

<a href="http://forum.joomla.org/index.php/topic,76621.0.html" target="_blank">Forum Topic</a> 2006
Adobe Acrobat Reader
(Not a Joomla! extension, but worth noting.)
<= 7.0.8 Upgrade to latest stable version. <a href="http://www.adobe.com/support/security/advisories/apsa07-01.html" target="_blank">Adobe Advisory</a> 2006
Akocomment All SQL Injection with PHP magic_quotes OFF. No upgrade path yet.

Fix: Turn PHP magic_quotes ON

<a href="http://forum.joomla.org/index.php?topic=185805.msg882326#msg882326">Forum Topic</a>
June 30, 2006
Article <= 1.1
Upgrade to latest stable version. <a href="http://www.milw0rm.com/exploits/3736" target="_blank">milwOrm Advisory</a>

<a href="http://www.frsirt.com/english/advisories/2007/1394" target="_blank">FrSIRT Advisory
</a><a href="http://forum.joomla.org/index.php/topic,160876.msg775119.html#msg775119">Forum Topic</a><a href="http://www.frsirt.com/english/advisories/2007/1394" target="_blank">

</a>
26 June 2007

ArtLinks

com_artlinks

All Abandoned. Remove completely or use at your own risk. <a href="http://forum.joomla.org/index.php/topic,76328.0.html" target="_blank">Forum Topic</a> 2006
AutoStand <= 1.1
No further information at this time.

<a href="http://www.milw0rm.com/exploits/3734" target="_blank">milwOrm Advisory</a>
<a href="http://www.frsirt.com/english/advisories/2007/1392" target="_blank">FrSIRT Advisory
</a><a href="http://forum.joomla.org/index.php/topic,160876.msg775119.html#msg775119">Forum Topic</a>

 

26 June 2007

Bayesian Naive Filter

com_bayesiannaivefilter

<= 1.1 No Fix Available. Disable or remove until a fix is available. <a href="http://forum.joomla.org/index.php/topic,81594.0.html" target="_blank">Forum Topic</a> 2006

BigApe Backup

com_babackup

All A patch is available from the developer. <a href="http://forum.joomla.org/index.php/topic,87736.msg465256.html#msg465256" target="_blank">See this post.</a> <a href="http://secunia.com/advisories/21574/" target="_blank">Secunia Advisory</a>
<a href="http://forum.joomla.org/index.php/topic,87736.0.html" target="_blank">Forum Topic</a>
2006

BSQ Site Stats

com_bsqsitestats

<= 2.2.1 Upgrade to latest stable version.
<a href="http://forum.joomla.org/index.php/topic,77899.0.html" target="_blank">Forum Topic</a>
<a href="http://secunia.com/advisories/22142/" target="_blank">Secunia Advisory</a>
2006
Car Manager
<= 1.1
No further information at this time. <a href="http://forum.joomla.org/index.php/topic,154777.msg748946.html#msg748946">Forum Topic </a> 26 June 2007

Classifieds

com_classifieds

<= 1.3 Upgrade to latest stable version. <a href="http://forum.joomla.org/index.php/topic,82457.0.html" target="_blank">Forum Topic</a> 2006

Colophon

com_colophon

<= 1.2 Upgrade to latest stable version. " target="_blank Secunia Advisory
Forum Topic
2006

Community Builder

com_profiler

<= 1.0.0

Upgrade to latest stable version.

See here for a fix for register_globals = off

Jomopolis Topic

Forum Topic

Forum Topic
2006

Events

com_events

<= 1.3 Beta Upgrade to latest stable version. Forum Topic 2006
Expose Flash Gallery RC4 Download patch
Forum Topic 20 July 2007

ExtCalendar

com_extcalendar

<= 0.9.1 Upgrade to version 0.9.2. Seethis post for details. Also check the new forked project, JCal. Secunia Advisory

Forum Topic
Forum Topic

Forum Topic
2006

Facile Forms

com_facileforms

<= 1.4.6 Upgrade to latest stable version. Forum Topic 2006

Galleria

com_galleria

All Abandoned. Remove completely or use at your own risk. NVD Advisory
Forum Topic
2006

Gmaps

com_gmaps

<=1.01 Upgrade to the latest version, which can be downloaded here
Security Focus Advisory
6 August 2007

Hash Cash

com_hashcash

All Abandoned. Remove completely or use at your own risk. Secunia Advisory
2006

Hot Property

com_hotproperties (?)

<= 0.97 Upgrade to latest stable version. No references available at this time. 2006

JCE

com_jce

<= 1.0.4 Apply patch, download it here, or use latest stable version.

Secunia Advisory
Cellardoor
Secunia Advisory

2006

JoomlaPack

com_jpack

1.0.4a2 RE Upgrade to latest stable version.

<a href="http://www.milw0rm.com/exploits/3753">MilwOrm Advisory</a>
<a href="http://www.frsirt.com/english/advisories/2007/1429">FrSIRT Advisory</a>

2006

JoomlaBoard

com_joomlaboard

<= 1.1.1

Upgrade to latest stable version.

<a href="http://forum.joomla.org/index.php/topic,86525.msg441456.html#msg441456" target="_blank">RG_EMULATION Fix</a>

<a href="http://secunia.com/advisories/21059/" target="_blank">Secunia Advisory</a>

<a href="http://forum.joomla.org/index.php/topic,76852.0.html" target="_blank">Forum Topic</a>

<a href="http://forum.joomla.org/index.php/topic,86525.msg441513.html#msg441513" target="_blank">Forum Topic</a>

2006

JoomlaLib

com_joomlalib

<= 1.2.1 Upgrade to latest stable version. <a href="http://forum.joomla.org/index.php/topic,77899.0.html" target="_blank">Forum Topic</a> 2006

JD-WordPress

com_jd-wp

<= 2.0-1.0 RC2 Patch Available.
See <a href="http://forum.joomla.org/index.php/topic,81064.msg418374.html#msg418374" target="_blank">this post.</a>
<a href="http://forum.joomla.org/index.php/topic,81064.0.html" target="_blank">Forum Topic</a> 2006

JD-Wiki

com_jd-wiki

All

Abandoned project.
Upgrade to <a href="http://joomlacode.org/gf/project/nuwiki/">nuWiki</a>

<a href="http://forum.joomla.org/index.php/topic,80188.msg427986.html#msg427986" target="_blank">Forum Topic</a>

<a href="http://forum.joomla.org/index.php?topic=177926.0" target="_blank">Forum Topic</a>

6 July 2007

JIM 1.0.1. (PMS)

com_jim

1.0.1
Upgrade to latest stable version. The developer fixed security issues but didn't create a higher version number. <a href="http://secunia.com/advisories/21545/" target="_blank">Secunia Advisory</a> 2006
joomSEF (ARTIO) <=2.2.1 Upgrade to latest stable version. <a href="http://forum.joomla.org/index.php/topic,226147.0.html">Forum Topic</a> 27 Oct 2007

jPack

com_jpack

< 1.0.4-b1 Upgrade to latest stable version. <a href="http://forum.joomla.org/index.php/topic,163589.msg847010.html#msg847010">Forum Topic </a> 26 June 2007

Link Directory

com_linkdirectory

All
Remove. Abandoned project.
No references. 2006

Letterman

mod_letterman

<= 1.2.4 Upgrade to latest stable version.<a href="http://www.thejfactory.com" target="_blank"> </a> <a href="http://forum.joomla.org/index.php?topic=180367">Forum Topic</a> May 2007

LMO

com_lmo

<= 1.0b2 Upgrade to latest stable version.<a href="http://forge.joomla.org/sf/frs/do/viewRelease/projects.lmo/frs.com_lmo.com_lmo_1_0_b3" target="_blank"> </a> <a href="http://www.frsirt.com/english/advisories/2006/3063" target="_blank">FrSIRT Advisory</a>
<a href="http://forum.joomla.org/index.php/topic,81590.0.html" target="_blank">Forum Topic</a>
2006

LoudMouth

com_loudmouth

<= 4.0j Upgrade to version 4.1 then apply Security Patch 1. <a href="http://mamboxchange.com/frs/?group_id=39&release_id=5995" target="_blank">Download here.</a> <a href="http://forum.joomla.org/index.php/topic,76337.0.html" target="_blank">Forum Topic</a>

<a href="http://mamboxchange.com/forum/forum.php?forum_id=7638" target="_blank">MamboExchange Advisory

</a>
2006

MamCom (?)

com_trade

All
Abandoned. Remove completely or use at your own risk.
*Unconfirmed* 2006

MambelFish 1.x

com_mambelfish

<= 1.x Upgrade to 1.5 (or to Joom!Fish) <a href="http://mamboxchange.com/frs/download.php/4518/MambelFish_1.5.zip" target="_blank">Download Mambelfish
</a><a href="http://extensions.joomla.org/component/option,com_mtree/task,viewlink/link_id,460/Itemid,35/" target="_blank">Download Joom!Fish </a>
<a href="http://secunia.com/advisories/21544/" target="_blank">Secunia Advisory</a> 2006

Mambo Gallery Manager

com_mgm

All Abandoned. Remove completely or use at your own risk. <a href="http://forum.joomla.org/index.php/topic,81616.0.html" target="_blank">Forum Topic</a>
<a href="http://www.frsirt.com/english/advisories/2006/3054" target="_blank">FrSIRT Advisory</a>
2006

MiniBB

com_minibb

<= 1.5a Abandoned. Remove completely or use at your own risk.

<a href="http://securityreason.com/exploitalert/846" target="_blank">Security Reason Advisory
</a><a href="http://forum.joomla.org/index.php/topic,76898.0.html" target="_blank">Forum Topic</a>
<a href="http://securityreason.com/exploitalert/846" target="_blank">Security Reason</a>

2006

Mos Tree

com_mtree

<= 1.5.8 Upgrade to latest stable version.<a href="http://www.mosets.com/download/" target="_blank"> </a> <a href="http://forum.joomla.org/index.php/topic,78298.0.html" target="_blank">Forum Topic</a> 2006

MosMedia

com_mosmedia

<= 1.0.8 Temporary Fix Available. See <a href="http://forum.joomla.org/index.php/topic,78533.0.html" target="_blank">this thread</a> for details. <a href="http://forum.joomla.org/index.php/topic,78533.0.html" target="_blank">Forum Topic</a> 2006

MoSpray

com_mospray

<= 1.8 RC1 Abandoned. Remove completely or use at your own risk. <a href="http://forum.joomla.org/index.php/topic,76331.0.html" target="_blank">Forum Topic</a> 2006

Multibanners

com_multibanners

* Note: Not the same as the Multibanners Module.

All
Abandoned. Remove completely or use at your own risk. <a href="http://secunia.com/advisories/21168/" target="_blank">Secunia Advisory</a>

<a href="http://forum.joomla.org/index.php/topic,77977.0.html" target="_blank">Forum Topic</a>

2006

OpenSEF

com_sef

<= 2.0.0 RC5 Unpatched <a href="http://projects.j-prosolution.com/project-news/opensef-news/security-patch-for-opensef.html" target="_blank">Download patch </a> <a href="http://forum.joomla.org/index.php/topic,77301.0.html" target="_blank">Forum Topic</a> 2006

PC Cook Book

com_pccookbook

<= 1.3.1 No Fix Available. Disable or remove. <a href="http://www.frsirt.com/english/advisories/2006/2739" target="_blank">FrSIRT Advisory</a>

<a href="http://forum.joomla.org/index.php/topic,76009.0.html" target="_blank">Forum Topic</a>

2006

Per Forms

com_performs

<= v1_beta Upgrade to latest stable version.<a href="http://forge.joomla.org/sf/frs/do/viewRelease/projects.performs/frs.com_performs.com_performs_v2_beta" target="_blank"></a> <a href="http://secunia.com/advisories/21044/" target="_blank">Secunia Advisory

</a><a href="http://forum.joomla.org/index.php/topic,76654.0.html" target="_blank">Forum Topic</a>
<a href="http://forum.joomla.org/index.php/topic,76862.0.html" target="_blank">Forum Topic</a>

2006
Phil-A-Form < 1.2
Upgrade to latest version.
<a href="http://forum.joomla.org/index.php?topic=174770.new#new">Forum Topic</a>



May 2007

People Book

com_peoplebook

<= 1.1.5 Upgrade to latest stable version.<a href="http://forge.joomla.org/sf/frs/do/viewRelease/projects.peoplebook/frs.component.component_1_1_6_0" target="_blank"> </a> <a href="http://forge.joomla.org/sf/go/artf5410?nav=1" target="_blank">Joomla Forge
</a>
2006

Prince Clan Chess

com_pcchess

<= 0.8 Author suggest manually patching. <a href="http://www.princeclan.org/" target="_blank"></a> See <a href="http://www.princeclan.org/" target="_blank">this site.</a> 2006

PollXT

com_pollxt

<= 1.22.07 Upgrade to latest stable version.<a href="http://www.joomlaxt.com/index.php?option=com_remository&Itemid=77&func=fileinfo&id=9" target="_blank"></a> <a href="http://secunia.com/advisories/21068/" target="_blank">Secunia Advisory</a>

<a href="http://forum.joomla.org/index.php/topic,77975.0.html" target="_blank">Forum Topic</a>
<a href="http://secunia.com/advisories/21068/" target="_blank">Secunia Advisory</a>

2006

RS Gallery2

com_rsgallery2

<= 1.11.3 Upgrade to latest stable version.<a href="http://forge.joomla.org/sf/go/projects.rsgallery2/frs.rsg2_alpha_builds.rsg2_1_11_4" target="_blank"></a> <a href="http://forum.joomla.org/index.php/topic,73453.0.html" target="_blank">Forum Topic</a> 06
RWCards < 2.4.4
Upgrade to latest stable version. <a href="http://forum.joomla.org/index.php/topic,154792.msg749006.html#msg749006">Forum Topic</a> 26 June 2007
Security Images

com_securityimages

<= 3.0.5 Upgrade to latest stable version. <a href="http://secunia.com/advisories/21260/" target="_blank">Secunia Advisory</a>

<a href="http://forum.joomla.org/index.php/topic,81589.0.html" target="_blank">Forum Topic</a>

June 2007
SEF404x

com_sef

All No Fix Available. Remove completely or use at your own risk. No references.
2006
sh404SEF 1.2.4 t, u, or w Patch or update.
<a href="http://forum.joomla.org/index.php/topic,226147.0.html">Forum Topic</a> 23 Oct, 2007

Site Map

com_sitemap


All
Abandoned. Remove completely or use at your own risk.
<a href="http://www.simplemachines.org/community/index.php?topic=97649.0" target="_blank"></a>

<a href="http://secunia.com/advisories/21055/" target="_blank">Secunia Advisory</a>
<a href="http://forum.joomla.org/index.php/topic,76326.0.html" target="_blank">Forum Topic</a>
<a href="http://secunia.com/advisories/21055/" target="_blank">Secunia Advisory</a>

2006

SimpleBoard

com_simpleboard

All Upgrade to latest JoomlaBoard. JoomlaBoard is compatible with SimpleBoard. <a href="http://developer.joomla.org/sf/frs/do/viewRelease/projects.simpleboard/frs.joomlaboard_1_1.joomlaboard_1_1_2" target="_blank">Download here.</a>

<a href="http://secunia.com/advisories/20981/" target="_blank">Secunia Advisory</a>
<a href="http://secunia.com/advisories/20409/" target="_blank">Secunia Advisory</a>
<a href="http://forum.joomla.org/index.php/topic,75668.0.html" target="_blank">Forum Topic</a>
<a href="http://secunia.com/advisories/20981/" target="_blank">Secunia Advisory</a>

2006

SMF Bridge

com_smf

<= 1.1.4

Versions other than 1.1RC2. Fix Available. <a href="http://www.simplemachines.org/community/index.php?topic=100140.0" target="_blank">
See this thread.</a>

 

Version 1.1RC2 only. Upgrade available.
<a href="http://www.simplemachines.org/community/index.php?topic=97649.0" target="_blank">See this thread.</a>

<a href="http://secunia.com/advisories/21079/" target="_blank">Secunia Advisory</a>

<a href="http://www.simplemachines.org/community/index.php?topic=100140.0" target="_blank">Simple Machines Advisory</a>
<a href="http://forum.joomla.org/index.php/topic,78313.0.html" target="_blank">Forum Topic</a>
<a href="http://forum.joomla.org/index.php/topic,77716.0.html" target="_blank">Forum Topic</a>
<a href="http://forum.joomla.org/index.php/topic,78359.0.html" target="_blank">Forum Topic</a>
<a href="http://forum.joomla.org/index.php/topic,76609.0.html" target="_blank">Forum Topic</a>

<a href="http://secunia.com/advisories/21079/" target="_blank">Secunia Advisory</a>

2006

TaskHopper

com_thopper

<= 1.1
Upgrade to latest version.

<a href="http://forum.joomla.org/index.php/topic,159111.0.html" target="_blank">Forum Topic</a>

2006

User Home Pages 1 and 2

com_uhp and com_uhp2

<= 1.1.1 (?) Upgrade to latest stable version.<a href="http://www.ravenswoodit.co.uk/index.php?option=com_docman&task=cat_view&gid=78&Itemid=13" target="_blank"></a> <a href="http://forum.joomla.org/index.php/topic,81308.msg416865.html#msg416865" target="_blank">Forum Topic

</a><a href="http://secunia.com/advisories/21305/" target="_blank">Secunia Advisory</a>
<a href="http://forum.joomla.org/index.php/topic,81308.msg416865.html#msg416865" target="_blank">Forum Topic</a>

June 2007
VirtueMart <= 1.0.11 Upgrade to version 1.1.11 and apply patch. Available <a href="http://virtuemart.net/index.php?option=com_docman&task=cat_view&gid=101&Itemid=66" target="_blank">here.</a> <a href="http://forum.joomla.org/index.php/topic,183215.0.html">Forum Topic</a> June 2007
WordPress
(Not a Joomla! extension, but worth noting.)
2.1.1 Upgrade to latest stable version. <a href="http://forum.joomla.org/index.php/topic,146478.msg737784.html#msg737784">Forum Topic </a> 26 June 2007
zOOm Media Gallery <= 2.5.1 RC4 <a href="http://www.zoomfactory.org/index.php?option=com_remository&Itemid=61&func=select&id=1">Upgrade to latest stable version. </a> <a href="http://www.frsirt.com/english/advisories/2007/1353" target="_blank">FrSIRT Advisory</a>
<a href="http://forum.joomla.org/index.php/topic,160119.0.html">Forum Topic</a>
2006