Vulnerable Extensions List (Archived): Difference between revisions

From Joomla! Documentation

Latest revision as of 18:52, 15 January 2014

For a more recent list please see Vulnerable_Extensions_List_oct

Name	Versions	Solution	References	Updated
A6MamboCredits com_a6mambocredits	All	Abandoned. Remove completely or use at your own risk.	Secunia Advisory Forum Topic	2006
A6MamboHelpDesk com_a6mambohelpdesk	All	Abandoned. Remove completely or use at your own risk.	Forum Topic Secunia Advisory Secunia Advisory	2006
Advanced Poll com_advancedpoll (?)	<= 2.2.0	Abandoned. Remove completely or use at your own risk.	Forum Topic	2006
Adobe Acrobat Reader (Not a Joomla! extension, but worth noting.)	<= 7.0.8	Upgrade to latest stable version.	Adobe Advisory	2006
Akocomment	All	SQL Injection with PHP magic_quotes OFF. No upgrade path yet. Fix: Turn PHP magic_quotes ON	Forum Topic	June 30, 2006
Article	<= 1.1	Upgrade to latest stable version.	milwOrm Advisory FrSIRT Advisory Forum Topic	26 June 2007
ArtLinks com_artlinks	All	Abandoned. Remove completely or use at your own risk.	Forum Topic	2006
AutoStand	<= 1.1	No further information at this time.	milwOrm Advisory FrSIRT Advisory Forum Topic	26 June 2007
Bayesian Naive Filter com_bayesiannaivefilter	<= 1.1	No Fix Available. Disable or remove until a fix is available.	Forum Topic	2006
Bible Study com_biblestudy	<= 6.0.7b and below	Fix Available. SQL Insertion attack	http://joomlacode.org/gf/project/biblestudy/	2008
BigApe Backup com_babackup	All	A patch is available from the developer. See this post.	Secunia Advisory Forum Topic	2006
BSQ Site Stats com_bsqsitestats	<= 2.2.1	Upgrade to latest stable version.	Forum Topic Secunia Advisory	2006
Car Manager	<= 1.1	No further information at this time.	Forum Topic	26 June 2007
Classifieds com_classifieds	<= 1.3	Upgrade to latest stable version.	Forum Topic	2006
Colophon com_colophon	<= 1.2	Upgrade to latest stable version.	Secunia Advisory Forum Topic	2006
Community Builder com_profiler	<= 1.0.0	Upgrade to latest stable version. See here for a fix for register_globals = off	Jomopolis Topic Forum Topic Forum Topic	2006
DS-Syndicate com_ds-syndicate	All versions?	SQL injection vulnerability. Remove completely or use at your own risk. Component has been removed from JED. Abandoned?	http://www.frsirt.com/english/advisories/2008/2859	Nov. 27, 2008
Events com_events	<= 1.3 Beta	Upgrade to latest stable version.	Forum Topic	2006
Expose Flash Gallery	RC4	Download patch	Forum Topic	20 July 2007
ExtCalendar com_extcalendar	<= 0.9.1	Upgrade to version 0.9.2. Seethis post for details. Also check the new forked project, JCal.	Secunia Advisory Forum Topic Forum Topic Forum Topic	2006
Facile Forms com_facileforms	<= 1.4.6	Upgrade to latest stable version.	Forum Topic	2006
Galleria com_galleria	All	Abandoned. Remove completely or use at your own risk.	NVD Advisory Forum Topic	2006
Gmaps com_gmaps	<=1.01	Upgrade to the latest version, which can be downloaded here	Security Focus Advisory	6 August 2007
Hash Cash com_hashcash	All	Abandoned. Remove completely or use at your own risk.	Secunia Advisory	2006
Hot Property com_hotproperties (?)	<= 0.97	Upgrade to latest stable version.	No references available at this time.	2006
JCE com_jce	<= 1.0.4	Apply patch, download it here, or use latest stable version.	Secunia Advisory Cellardoor Secunia Advisory	2006
JoomlaPack com_jpack	1.0.4a2 RE	Upgrade to latest stable version.	MilwOrm Advisory FrSIRT Advisory	2006
JoomlaBoard com_joomlaboard	<= 1.1.1	Upgrade to latest stable version. RG_EMULATION Fix	Secunia Advisory Forum Topic Forum Topic	2006
JoomlaLib com_joomlalib	<= 1.2.1	Upgrade to latest stable version.	Forum Topic	2006
JD-WordPress com_jd-wp	<= 2.0-1.0 RC2	Patch Available. See this post.	Forum Topic	2006
JD-Wiki com_jd-wiki	All	Abandoned project. Upgrade to nuWiki	Forum Topic Forum Topic	6 July 2007
JIM 1.0.1. (PMS) com_jim	1.0.1	Upgrade to latest stable version. The developer fixed security issues but didn't create a higher version number.	Secunia Advisory	2006
joomSEF (ARTIO)	<=2.2.1	Upgrade to latest stable version.	Forum Topic	27 Oct 2007
jPack com_jpack	< 1.0.4-b1	Upgrade to latest stable version.	Forum Topic	26 June 2007
Link Directory com_linkdirectory	All	Remove. Abandoned project.	No references.	2006
Letterman mod_letterman	<= 1.2.4	Upgrade to latest stable version. [1]	Forum Topic	May 2007
LMO com_lmo	<= 1.0b2	Upgrade to latest stable version. [2]	FrSIRT Advisory Forum Topic	2006
LoudMouth com_loudmouth	<= 4.0j	Upgrade to version 4.1 then apply Security Patch 1. Download here.	Forum Topic MamboExchange Advisory	2006
MamCom (?) com_trade	All	Abandoned. Remove completely or use at your own risk.	Unconfirmed	2006
MambelFish 1.x com_mambelfish	<= 1.x	Upgrade to 1.5 (or to Joom!Fish) Download Mambelfish Download Joom!Fish	Secunia Advisory	2006
Mambo Gallery Manager com_mgm	All	Abandoned. Remove completely or use at your own risk.	Forum Topic FrSIRT Advisory	2006
MiniBB com_minibb	<= 1.5a	Abandoned. Remove completely or use at your own risk.	Security Reason Advisory Forum Topic Security Reason	2006
Mos Tree com_mtree	<= 1.5.8	Upgrade to latest stable version. [3]	Forum Topic	2006
MosMedia com_mosmedia	<= 1.0.8	Temporary Fix Available. See this thread for details.	Forum Topic	2006
MoSpray com_mospray	<= 1.8 RC1	Abandoned. Remove completely or use at your own risk.	Forum Topic	2006
Multibanners com_multibanners * Note: Not the same as the Multibanners Module.	All	Abandoned. Remove completely or use at your own risk.	Secunia Advisory Forum Topic	2006
OpenSEF com_sef	<= 2.0.0 RC5 Unpatched	Download patch	Forum Topic	2006
PC Cook Book com_pccookbook	<= 1.3.1	No Fix Available. Disable or remove.	FrSIRT Advisory Forum Topic	2006
Per Forms com_performs	<= v1_beta	Upgrade to latest stable version. [4]	Secunia Advisory Forum Topic Forum Topic	2006
Phil-A-Form	< 1.2	Upgrade to latest version.	Forum Topic	May 2007
People Book com_peoplebook	<= 1.1.5	Upgrade to latest stable version. [5]	Joomla Forge	2006
Prince Clan Chess com_pcchess	<= 0.8	Author suggest manually patching. [6]	See this site.	2006
PollXT com_pollxt	<= 1.22.07	Upgrade to latest stable version. [7]	Secunia Advisory Forum Topic Secunia Advisory	2006
RS Gallery2 com_rsgallery2	<= 1.11.3	Upgrade to latest stable version. [8]	Forum Topic	06
RWCards	< 2.4.4	Upgrade to latest stable version.	Forum Topic	26 June 2007
Security Images com_securityimages	<= 3.0.5	Upgrade to latest stable version.	Secunia Advisory Forum Topic	June 2007
SEF404x com_sef	All	No Fix Available. Remove completely or use at your own risk.	No references.	2006
sh404SEF	1.2.4 t, u, or w	Patch or update.	Forum Topic	23 Oct, 2007
Site Map com_sitemap	All	Abandoned. Remove completely or use at your own risk. [9]	Secunia Advisory Forum Topic Secunia Advisory	2006
SimpleBoard com_simpleboard	All	Upgrade to latest JoomlaBoard. JoomlaBoard is compatible with SimpleBoard. Download here.	Secunia Advisory Secunia Advisory Forum Topic Secunia Advisory	2006
SMF Bridge com_smf	<= 1.1.4	Versions other than 1.1RC2. Fix Available. See this thread. Version 1.1RC2 only. Upgrade available. See this thread.	Secunia Advisory Simple Machines Advisory Forum Topic Forum Topic Forum Topic Forum Topic Secunia Advisory	2006
TaskHopper com_thopper	<= 1.1	Upgrade to latest version.	Forum Topic	2006
User Home Pages 1 and 2 com_uhp and com_uhp2	<= 1.1.1 (?)	Upgrade to latest stable version. [10]	Forum Topic Secunia Advisory Forum Topic	June 2007
VirtueMart	<= 1.0.13a	Upgrade to version >= 1.0.14. Available here.	Security Bulletin	January 2008
WordPress (Not a Joomla! extension, but worth noting.)	2.1.1	Upgrade to latest stable version.	Forum Topic	26 June 2007
zOOm Media Gallery	<= 2.5.1 RC4	Upgrade to latest stable version.	FrSIRT Advisory Forum Topic	2006
BF Survey Pro BF Survey Basic BF Quiz	<=1.2.5 <=1.0 <=1.1.1	Upgrade to latest versions	Forum Post Developer's Forum Post	September, 2009
Photoblog (com_photoblog)	Unknown	Unknown	Security Focus Advisory	October 26, 2009

Retrieved from "https://docs.sandbox.joomla.org/index.php?title=Archived:Vulnerable_Extensions_List_(Archived)&oldid=106882"

Category:

Archived pages

@@ Line 1: / Line 1: @@
+For a more recent list please see [[Vulnerable_Extensions_List_oct]]
 <table border="1" cellpadding="3" cellspacing="3">
 		<tr style="background-color: #ff9900" valign="bottom">
@@ Line 127: / Line 130: @@
 			<td>
 			<p>[http://www.milw0rm.com/exploits/3734 milwOrm Advisory] <br />
+			 [http://www.frsirt.com/english/advisories/2007/1392 FrSIRT Advisory]<br />
-			 [http://www.frsirt.com/english/advisories/2007/1392 FrSIRT Advisory<br />
+			 [http://forum.joomla.org/index.php/topic,160876.msg775119.html#msg775119 Forum Topic]
-			<b></b>] <b> [http://forum.joomla.org/index.php/topic,160876.msg775119.html#msg775119 Forum Topic] </b>
 			</p>
 			<p>
@@ Line 157: / Line 159: @@
 			</td>
 			<td> 2006</td>
+		</tr>
+<tr>
+			<td>
+			<p>
+			<b>Bible Study</b>
+			</p>
+			<p>
+			com_biblestudy
+			</p>
+			</td>
+			<td> &lt;= 6.0.7b and below
+			</td>
+			<td> Fix Available. SQL Insertion attack
+			</td>
+			<td>http://joomlacode.org/gf/project/biblestudy/
+			</td>
+			<td> 2008</td>
 		</tr>
 		<tr>
@@ Line 235: / Line 256: @@
 			<td> &lt;= 1.2</td>
 			<td>Upgrade to latest stable version.</td>
-			<td>[http://secunia.com/advisories/21288/ target="_blank Secunia Advisory]<br />
+			<td>[http://secunia.com/advisories/21288/ Secunia Advisory]<br />
 			[http://forum.joomla.org/index.php/topic,81587.0.html Forum Topic]</td>
 			<td> 2006</td>
@@ Line 265: / Line 285: @@
 			[http://forum.joomla.org/index.php/topic,86525.msg441456.html#msg441456 Forum Topic]</td>
 			<td> 2006</td>
+		</tr>
+		<tr>
+			<td>
+			<p>
+			<b>DS-Syndicate</b>
+			</p>
+			<p>
+			com_ds-syndicate
+			</p>
+			</td>
+			<td>All versions?</td>
+			<td>
+			<p>SQL injection vulnerability.<br />
+			Remove completely or use at your own risk.<br />Component has been removed from JED. Abandoned?
+			</p>
+			</p>
+			</td>
+			<td>
+			[http://www.frsirt.com/english/advisories/2008/2859 http://www.frsirt.com/english/advisories/2008/2859]
+			<td>Nov. 27, 2008</td>
 		</tr>
 		<tr>
@@ Line 439: / Line 480: @@
 			<td>
 			<p>
-			 [http://www.milw0rm.com/exploits/3753">MilwOrm Advisory] <br />
+			 [http://www.milw0rm.com/exploits/3753 MilwOrm Advisory] <br />
 			 [http://www.frsirt.com/english/advisories/2007/1429 FrSIRT Advisory]
 			</p>
@@ Line 1,112: / Line 1,153: @@
 			<td><b>VirtueMart</b></td>
-			<td> &lt;= 1.0.11</td>
+			<td> &lt;= 1.0.13a</td>
-			<td>Upgrade to version 1.1.11 and apply patch. Available  [http://virtuemart.net/index.php?option=com_docman&amp;task=cat_view&amp;gid=101&amp;Itemid=66 here]. </td>
+			<td>Upgrade to version >= 1.0.14. Available  [http://virtuemart.net/index.php?option=com_content&task=view&id=54&Itemid=147 here]. </td>
-			<td> [http://forum.joomla.org/index.php/topic,183215.0.html  Forum Topic] </td>
+			<td> [http://virtuemart.net/index.php?option=com_content&task=view&id=275&Itemid=127 Security Bulletin] </td>
-			<td>June 2007</td>
+			<td>January 2008</td>
 		</tr>
 		<tr>
@@ Line 1,123: / Line 1,164: @@
 			<td> 2.1.1</td>
 			<td> Upgrade to latest stable version.</td>
-			<td> <b> [http://forum.joomla.org/index.php/topic,146478.msg737784.html#msg737784 Forum Topic] </b></td>
+			<td>[http://forum.joomla.org/index.php/topic,146478.msg737784.html#msg737784 Forum Topic]</td>
 			<td> 26 June 2007<br />
@@ Line 1,137: / Line 1,178: @@
 			<td> 2006</td>
 		</tr>
+                <tr>
+                        <td> <b>BF Survey Pro<br />BF Survey Basic<br />BF Quiz</b></td>
+                        <td>&lt;=1.2.5<br />&lt;=1.0<br />&lt;=1.1.1</td>
+                        <td>[http://www.tamlyncreative.com.au/software/index.php/downloads.html Upgrade to latest versions]</td>
+                        <td>[http://forum.joomla.org/viewtopic.php?f=431&t=336055&start=0 Forum Post]<br />[http://www.tamlyncreative.com.au/software/forum/index.php?topic=357.0 Developer's Forum Post]</td>
+                        <td>September, 2009</td>
+                </tr>
+                <tr>
+                        <td> <b>Photoblog (com_photoblog)</td>
+                        <td>Unknown</td>
+                        <td>Unknown</td>
+                        <td>[http://www.securityfocus.com/bid/36809/info Security Focus Advisory]</td>
+                        <td>October 26, 2009</td>
+                </tr>
 </table>
-[[Category:Security]]
+[[Category:Archived pages]]