Thursday, 30 July 2015 15:10

What Does A Security Release Notice Look Like?

Written by

One of the requirements to get your vulnerable extension marked as resolved is that you publish a security release announcement on your website. However we have noticed that developers often seem to have trouble with understanding what this means.

So what does it mean? We do not have a standard format for this, however we do ask that any reasonably...

Wednesday, 22 July 2015 16:05

The Perils of the Default Settings

Written by

 

Recently an issue was reported to the Vulnerable Extensions List team, which affected the blogging platform for Joomla, Easy Blog. After some thought we decided that it did not fall within the normal definition of a security issue that would merit listing on the VEL. It was reported to us by a site owner whose site had been hit by an...

Sunday, 19 April 2015 15:42

Responsible disclosure

Written by
image

There has a been a lot of talk recently about responsible disclosure issues especially with new developers and glory seekers. The VEL team have its own responsible disclosure code, namely that we wont list any Proof of concept or samples. we will only give the bare minimum.. All we ask is...

Thursday, 12 March 2015 04:30

VEL API /JSON released

Written by

image Following a community member suggestion obtaining a VEL website API, Phil Taylor from Blue Flame IT donated his API/JSON script for the community use.

It is available at http://vel.myjoomla.io/ however the docs have yet to be written.

{jb_quote} This JSON is provided for free, dont abuse this by hammering it with massive of calls please. The...

Saturday, 21 February 2015 16:14

VEL API volunteers required

Written by

Right now there’s no machine-readable output format of the vulnerable extensions list. This causes a lot of issues when someone tries to find out, if a specific extension is listed on the VEL or not, because he or she wants to do for example one of the following things:

  • develop a plugin that automatically sends an email to the site...

Saturday, 20 December 2014 02:51

A Few Basic Security rules

Written by

image If a person follows these few simple rules the majority of site hacks will not happen.

1.) Use a decent hosting provider. Cheap is not necessarily bad, and expensive is not necessarily good. Do your research. Take a few minutes to search for and read comments and reviews left by other users.

2.) If you don't need it for your sites functionality...

Tuesday, 09 December 2014 00:24

VEL3 website

Written by

image Since May 2013 the VEL website has performed brilliantly as a much needed resource for the Joomla community at vel.joomla.org .

With Joomla 2.5 coming up to end of life in December and the vel team attempting to be the champions in keeping up to date, we are about to launch vel3.

After consultation, VEl3 will run the same RSformsPro script but will...

Tuesday, 01 March 2016 05:19

JSN Power Admin,2.3.0,XSS (Cross Site Scripting)

Written by

JSN Power Admin,2.3.0,XSS (Cross Site Scripting)

Resolution: update to 2.3.2

Update notice: http://www.joomlashine.com/knowledgeportal/articles/jsn-poweradmin-vulnerability-problem-solved.html

Note that previous security release 2.3.1 is still vulnerable, and should be updated...

Monday, 29 February 2016 19:36

Breezing Forms Full and Lite

Written by

Breezing Forms Full before build 884

Breezing Forms Lite before build 912

Information disclosure

Resolution: update to latest version

Update notice: https://crosstec.org/en/blog/859-breezingforms-medium-security-update.html...

Monday, 29 February 2016 19:28

Form Maker before 3.6.0

Written by

Form Maker versions before 3.6.0 XSS

Resolution: update to 3.6.0

Update notice: https://web-dorado.com/products/joomla-form.html...

Page 2 of 3