Saturday, 10 September 2016 19:36

Money vs Morals

Written by



We are seeing an increasing number of forum posts stating that a site maintainer has had their or their clients sites hacked and they are unable to update from joomla 1.5 due to either custom designed components or not having a budget to do their upgrade.
Leaving aside the dangers of custom component design, not upgrading a site and leaving it open to security risks due to not having the budget is no excuse for a site maintainer with morals.

Tuesday, 07 June 2016 02:09

chronoengines extensions

Written by

chronoforms and other chronoengine extensions

developer's site was infected with malware, but is now reviewed as "safe" according to Google transparency report.

see https://www.google.com/transparencyreport/safebrowsing/diagnostic/?hl=en#url=chronoengine.com

The VEL do not know of any recent reports of vulnerabilities in the extensions themselves....

Stored XSS and SQL Injection in SecurityCheck and SecurityCheck Pro Vulnerable Versions: 2.8.9 (possibly below)

resolution: update to version 2.8.10

update notice: https://securitycheck.protegetuordenador.com/index.php/downloads/securitycheck-j3x

 

 ...

Wednesday, 05 December 2001 06:00

kunena,4.0.10,Information Disclosure

Written by

kunena,4.0.10,Information Disclosure

 

Developers update link

https://www.kunena.org/blog/166-kunena-4-0-11-released...

Wednesday, 05 December 2001 06:00

JoomDOC,4.0.3 information Disclosure

Written by

JoomDOC,4.0.3 ,Information Disclosure...

Friday, 29 April 2016 00:35

Komento 2.0.6 xss

Written by

We just released Komento 2.0.7 to address a security issue where a remote attacker may be able to launch an xss attack in prior versions of Komento.

 

download http://stackideas.com/dashboard

 ...

Saturday, 21 May 2016 17:27

mod fancy tag cloud,1.017,Other

Written by

mod fancy tag cloud (com_offlajn_installer),1.017,Other...

Saturday, 07 May 2016 02:46

Yeeditor, abandonware

Written by

Yeeditor from Yeedeen

development apparently abandoned, developer's site is infected with malware...

Monday, 25 April 2016 01:24

gmapfp,3.39f,XSS (Cross Site Scripting)

Written by

gmapfp,3.39f,XSS (Cross Site Scripting) Info disclosure, arbitrary fileupload...

Wednesday, 05 December 2001 06:00

Template Monster various themes

Written by

Template monster including komentoCom_ and MOD_Komento may not be uptodate to ix previous exploits and may be supplier modified....

Page 1 of 3