Vulnerable Extensions List 0210
 |
This article is actively undergoing a major edit for a short while. As a courtesy, please do not edit this page while this message is displayed. The user who added this notice will be listed in the page history. This message is intended to help reduce edit conflicts; please remove it between editing sessions to allow others to edit the page. If this page has not been edited for several hours, please remove this template, or replace it with {{underconstruction}}. |
Contents |
February 2010 Reported Vulnerable Extensions
Please check with the extension publisher in case of any questions over the security of their product. Report Vulnerable extensions either in the jforum:432 security topic clearly marked with the first word in the title being Vulnerable Report where the security moderators or JSST team will respond. For a guide to the codes
| Extension | Details | Date Added | Extension Update Link & Date |
|---|---|---|---|
Jvideodirect |
SQLi | Jan 29 | Not Known |
JEvent |
SQLi | reported Jan 29 | Not Known |
Item3 |
3a | 3b | 3c |
Item4 |
This list is change protected, for updates or editing requests Mandville or lafrance
Codes used
SQLi - SQL injection [[1]] LFI - Local File Inclusion [2] RFI - Remote file inclusion [3] DT - Directory Traversal [[4]]
A note to developers.
We only pass out information that is already out there, we will not remove anything from the list until a suitable period has passed, we will mark is as resolved or updated. If your entry is on this list and you "fixed" it ages ago, tell us please. Please solve the issues and: If JED listed Attach the new zip file at your actual JED listing. Change the extension version at JED listing. Contact the JED by mail back with a notice and ask them to republish your listing. If not JED listed.
Inform us by PM of the link to your resolution notice on your website. NB We do not fix, we report
