Actions

Archived

Difference between revisions of "Vulnerable Extensions List 0210"

From Joomla! Documentation

(Item1)
(15 intermediate revisions by 2 users not shown)
Line 1: Line 1:
{| cellspacing="0" cellpadding="0" style="margin:0em 0em 1em 0em; width:100%"
+
{{inuse}}  
| colspan="1" style="width:100%; vertical-align:top; text-align: center; border:1px solid red; background-color:#FFF8DC;" |
+
<div style="border-bottom:1px solid #red; background-color:#F5DEB3; padding:0.2em 0.5em 0.2em 0.5em; font-size:130%; font-weight:bold;">Note</div>
+
<div style="text-align: center; padding:1em 5em 1em 1em;"> <!--Note: Top, right, bottom, left -->
+
Please note that the {{{1|content}}} on this page is currently incomplete.  Please treat it as a work in progress.
+
</div>
+
|}
+
{{underconstruction|notready=message text|placedby=mandville}}
+
  
 
== February 2010 Reported Vulnerable Extensions ==
 
== February 2010 Reported Vulnerable Extensions ==
Line 12: Line 5:
  
 
'''Please check with the extension publisher in case of any questions over the security of their product.'''
 
'''Please check with the extension publisher in case of any questions over the security of their product.'''
Report Vulnerable extensions either in the [[jforum:432]] security topic or the [http://forum.joomla.org/viewforum.php?f=470 extensions] topic clearly marked with the first word in the title being ''Vulnerable'' where the security moderators or JSST team will respond.  
+
Report Vulnerable extensions either in the [[jforum:432]] security topic clearly marked with the first word in the title being ''Vulnerable Report'' where the security moderators or JSST team will respond. For a guide to the [http://docs.joomla.org/Vulnerable_Extensions_List_0210#Codes_used codes]
''This list is change protected, for updates or editing requests [http://forum.joomla.org/memberlist.php?mode=viewprofile&u=28000 Mandville] or [http://forum.joomla.org/memberlist.php?mode=viewprofile&u=87230 lafrance]
+
''
+
 
+
[http://docs.joomla.org/Vulnerable_Extensions_List Back To Top]
+
 
+
  
 +
[http://docs.joomla.org/Vulnerable_Extensions_List Previous Reports]
  
 
{| class="wikitable sortable" border="1"
 
{| class="wikitable sortable" border="1"
Line 24: Line 13:
 
!  '''Extension'''
 
!  '''Extension'''
 
! class="unsortable"| '''Details'''
 
! class="unsortable"| '''Details'''
!  '''Reference Link'''
+
!  '''Date Added'''
!  '''Extension Update Link'''
+
!  '''Extension Update Link & Date'''
 
|-
 
|-
|
+
|style="background:red; color:white"  |
== Item1 ==
+
 
|pure1
+
== [http://extensions.joomla.org/extensions/multimedia/video-players-a-gallery/9501 Jvideodirect] ==
|test2
+
| SQLi
 +
|Jan 29
 +
|style="background:red; color:white" | '''  Not Known'''
 
|-
 
|-
|
+
|style="#cef2e0; color:black" |
  
== Items 2 ==
+
==   [http://extensions.joomla.org/extensions/calendars-a-events/events/95 JEvent] ==
|
+
| SQLi
|
+
|reported Jan 29
|
+
|style="background:#cef2e0; color:black" | ''' fixes in version 1.5.3.b'''
 
|-
 
|-
|
+
|style="background:red; color:white" |
== Item3 ==
+
==   Item3 ==
|
+
|3a
|
+
|3b
|
+
|3c
 
|-
 
|-
|
+
|style="background:red; color:white" |
== Item4 ==
+
==   Item4 ==
 
|
 
|
 
|
 
|
Line 52: Line 43:
 
|}
 
|}
 
<endFeed />
 
<endFeed />
 +
 +
''This list is change protected, for updates or additions [http://forum.joomla.org/memberlist.php?mode=viewprofile&u=28000 Mandville] or [http://forum.joomla.org/memberlist.php?mode=viewprofile&u=87230 lafrance]
 +
''
 +
 +
 +
 +
== Codes used ==
 +
SQLi - SQL injection [http://en.wikipedia.org/wiki/Code_injection#SQL_injection wikipedia]
 +
 +
LFI - Local File Inclusion [http://www.scribd.com/doc/6498408/Remote-and-Local-File-Inclusion-Explained scribd]
 +
 +
RFI - Remote file inclusion [http://en.wikipedia.org/wiki/Remote_File_Inclusion wikipedia]
 +
 +
DT - Directory Traversal [http://en.wikipedia.org/wiki/Directory_traversal wikipedia]
 +
 +
== Developers - How to get yourself removed from the from the VEL ==
 +
 +
Resolved items will be removed after a suitable period and not on resolution
 +
 +
Please solve the issues and:
 +
 +
* If JED listed
 +
Attach the new zip file at your actual JED listing.
 +
 +
Change the extension version at JED listing.
 +
 +
Contact the JED by mail with a notice and ask them republish your listing.
 +
 +
 +
* If not JED listed.
 +
Inform us by PM of the link to your resolution notice on your website.
 +
 +
 +
NB '''We do not fix, we report'''
 +
 +
 +
== Notes ==
 +
We try and put the newest item to the top of the list but it is not always possible.
 +
List as discussed in  [[jtopic:455746]] by [http://forum.joomla.org/memberlist.php?mode=viewprofile&u=67439 PhilD] editing by [http://forum.joomla.org/memberlist.php?mode=viewprofile&u=28000 Mandville]
 +
For instructions on how to [http://forum.joomla.org/viewtopic.php?f=432&t=478030 receive the feed.]
 +
----
 +
 +
 +
----

Revision as of 17:06, 3 February 2010

Replacement filing cabinet.png
This page has been archived - Please Do Not Edit or Create Pages placed in this namespace. The pages in the Archived namespace exist only as a historical reference, it will not be improved and its content may be incomplete.
Quill icon.png
Page Actively Being Edited!

This archived page is actively undergoing a major edit for a short while.
As a courtesy, please do not edit this page while this message is displayed. The user who added this notice will be listed in the page history. This message is intended to help reduce edit conflicts; please remove it between editing sessions to allow others to edit the page. If this page has not been edited for several hours, please remove this template, or replace it with {{underconstruction}} or {{incomplete}}.

Contents

February 2010 Reported Vulnerable Extensions

Please check with the extension publisher in case of any questions over the security of their product. Report Vulnerable extensions either in the jforum:432 security topic clearly marked with the first word in the title being Vulnerable Report where the security moderators or JSST team will respond. For a guide to the codes

Previous Reports

Extension Details Date Added Extension Update Link & Date

Jvideodirect

SQLi Jan 29 Not Known

JEvent

SQLi reported Jan 29 fixes in version 1.5.3.b

Item3

3a 3b 3c

Item4

This list is change protected, for updates or additions Mandville or lafrance


Codes used

SQLi - SQL injection wikipedia

LFI - Local File Inclusion scribd

RFI - Remote file inclusion wikipedia

DT - Directory Traversal wikipedia

Developers - How to get yourself removed from the from the VEL

Resolved items will be removed after a suitable period and not on resolution

Please solve the issues and:

  • If JED listed

Attach the new zip file at your actual JED listing.

Change the extension version at JED listing.

Contact the JED by mail with a notice and ask them republish your listing.


  • If not JED listed.

Inform us by PM of the link to your resolution notice on your website.


NB We do not fix, we report


Notes

We try and put the newest item to the top of the list but it is not always possible. List as discussed in jtopic:455746 by PhilD editing by Mandville For instructions on how to receive the feed.