Difference between revisions of "Vulnerable Extensions List 0210"

Latest revision as of 14:17, 15 January 2014

This page has been archived. This page contains information for an unsupported Joomla! version or is no longer relevant. It exists only as a historical reference, it will not be improved and its content may be incomplete and/or contain broken links.

February 2010 Reported Vulnerable Extensions[edit]

Please check with the extension publisher in case of any questions over the security of their product. Report Vulnerable extensions either in the jforum:432 security topic clearly marked with the first word in the title being Vulnerable Report where the security moderators or JSST team will respond. For a guide to the codes

Previous Reports

Extension	Details	Date Added	Extension Update Link & Date
Jvideodirect[edit]	SQLi	Jan 29	Not Known
JEvent[edit]	SQLi	reported Jan 29	fixes in version 1.5.3.b
Item3[edit]	3a	3b	3c
Item4[edit]

This list is change protected, for updates or additions Mandville or lafrance

Codes used[edit]

SQLi - SQL injection wikipedia

LFI - Local File Inclusion scribd

RFI - Remote file inclusion wikipedia

DT - Directory Traversal wikipedia

Developers - How to get yourself removed from the from the VEL[edit]

Resolved items will be removed after a suitable period and not on resolution

Please solve the issues and:

If JED listed

Attach the new zip file at your actual JED listing.

Change the extension version at JED listing.

Contact the JED by mail with a notice and ask them republish your listing.

If not JED listed.

Inform us by PM of the link to your resolution notice on your website.

NB We do not fix, we report

Notes[edit]

We try and put the newest item to the top of the list but it is not always possible. List as discussed in jtopic:455746 by PhilD editing by Mandville For instructions on how to receive the feed.

@@ Line 1: / Line 1: @@
-{{inuse}}
 == February 2010 Reported Vulnerable Extensions ==
 <startFeed />
 '''Please check with the extension publisher in case of any questions over the security of their product.'''
-Report Vulnerable extensions either in the [[jforum:432]] security topic clearly marked with the first word in the title being ''Vulnerable Report'' where the security moderators or JSST team will respond.
+Report Vulnerable extensions either in the [[jforum:432]] security topic clearly marked with the first word in the title being ''Vulnerable Report'' where the security moderators or JSST team will respond. For a guide to the [http://docs.joomla.org/Vulnerable_Extensions_List_0210#Codes_used codes]
 [http://docs.joomla.org/Vulnerable_Extensions_List Previous Reports]
 {| class="wikitable sortable" border="1"
@@ Line 17: / Line 12: @@
 ! class="unsortable"| '''Details'''
 !  '''Date Added'''
-!  '''Extension Update Link'''
+!  '''Extension Update Link & Date'''
 |-
 |style="background:red; color:white"   |
 == [http://extensions.joomla.org/extensions/multimedia/video-players-a-gallery/9501 Jvideodirect] ==
 | SQLi
@@ Line 25: / Line 21: @@
 |style="background:red; color:white" | '''  Not Known'''
 |-
-|style="background:red; color:white" |
+|style="#cef2e0; color:black" |
 ==   [http://extensions.joomla.org/extensions/calendars-a-events/events/95 JEvent] ==
 | SQLi
 |reported Jan 29
-|style="background:red; color:white" | '''  Not Known'''
+|style="background:#cef2e0; color:black" | ''' fixes in version 1.5.3.b'''
 |-
 |style="background:red; color:white" |
@@ Line 46: / Line 42: @@
 <endFeed />
-''This list is change protected, for updates or editing requests [http://forum.joomla.org/memberlist.php?mode=viewprofile&u=28000 Mandville] or [http://forum.joomla.org/memberlist.php?mode=viewprofile&u=87230 lafrance]
+''This list is change protected, for updates or additions [http://forum.joomla.org/memberlist.php?mode=viewprofile&u=28000 Mandville] or [http://forum.joomla.org/memberlist.php?mode=viewprofile&u=87230 lafrance]
 ''
-== [[A note to developers.]] ==
-We only pass out information that is already out there, we will not
+== Codes used ==
-remove anything from the list until a suitable period has passed, we will mark is as resolved or updated.
+SQLi - SQL injection [http://en.wikipedia.org/wiki/Code_injection#SQL_injection wikipedia]
-If your entry is on their and you "fixed" it ages ago, tell us please.
+LFI - Local File Inclusion [http://www.scribd.com/doc/6498408/Remote-and-Local-File-Inclusion-Explained scribd]
+RFI - Remote file inclusion [http://en.wikipedia.org/wiki/Remote_File_Inclusion wikipedia]
+DT - Directory Traversal [http://en.wikipedia.org/wiki/Directory_traversal wikipedia]
+== Developers - How to get yourself removed from the from the VEL ==
+Resolved items will be removed after a suitable period and not on resolution
 Please solve the issues and:
-''  If JED listed''
+* If JED listed
 Attach the new zip file at your actual JED listing.
 Change the extension version at JED listing.
-Contact the JED by mail back with a notice and ask them to republish
-your listing.
-'' If not JED listed.''
+Contact the JED by mail with a notice and ask them republish your listing.
+* If not JED listed.
 Inform us by PM of the link to your resolution notice on your website.
+NB '''We do not fix, we report'''
+== Notes ==
+We try and put the newest item to the top of the list but it is not always possible.
+List as discussed in  [[jtopic:455746]] by [http://forum.joomla.org/memberlist.php?mode=viewprofile&u=67439 PhilD] editing by [http://forum.joomla.org/memberlist.php?mode=viewprofile&u=28000 Mandville]
+For instructions on how to [http://forum.joomla.org/viewtopic.php?f=432&t=478030 receive the feed.]
+----
+----
+[[Category:Archived pages]]

Archived

Difference between revisions of "Vulnerable Extensions List 0210"

From Joomla! Documentation

Latest revision as of 14:17, 15 January 2014

Contents

February 2010 Reported Vulnerable Extensions[edit]

Jvideodirect[edit]

JEvent[edit]

Item3[edit]

Item4[edit]

Codes used[edit]

Developers - How to get yourself removed from the from the VEL[edit]

Notes[edit]