I dont go to conferences
Before the new conference season starts its time to get the rant out of the way. For years i have been asked if i am attending certain conferences. its nice to be invited to go to a conference, or even select the ones i am interested in and can actually afford to go to but here are the main reasons i dont go to conferences.
chronoforms and other chronoengine extensions
developer's site was infected with malware, but is now reviewed as "safe" according to Google transparency report.
see https://www.google.com/transparencyreport/safebrowsing/diagnostic/?hl=en#url=chronoengine.com
The VEL do not know of any recent reports of vulnerabilities in the extensions themselves....
SecurityCheck and SecurityCheck Pro Vulnerable Versions: 2.8.9
Written by mandvilleStored XSS and SQL Injection in SecurityCheck and SecurityCheck Pro Vulnerable Versions: 2.8.9 (possibly below)
resolution: update to version 2.8.10
update notice: https://securitycheck.protegetuordenador.com/index.php/downloads/securitycheck-j3x
...
kunena,4.0.10,Information Disclosure
Developers update link
JoomDOC,4.0.3 ,Information Disclosure...
Quickstart packages for joomla are a danger?
Using a quick start package may be the quickest way to get a fully set up , add your content site. but are you aware of the dangers.
we tested several quick starts from major providers ranging from Template developers and extension developers who include a ready to go version of Joomla.
We found that there were varying degrees of insecurities. None of these packages are plug/play/forget.