Text Size

Home

Tuesday, 11 August 2015 04:08

Users registering without a registration form being published

Written by mandville

This is not always due to a hack, mostly, it is a site administrators failure.I have had a spate of new Users appearing in my User Manager.I am the only authorised user on my sites (Super User) - so how do these idiot spammers get in; and how to block them in future? I've received email messages from my website, telling me that a...

Published in joomla

Tagged under

joomla

Be the first to comment!

Thursday, 30 July 2015 15:10

What Does A Security Release Notice Look Like?

Written by mandville

One of the requirements to get your vulnerable extension marked as resolved is that you publish a security release announcement on your website. However we have noticed that developers often seem to have trouble with understanding what this means.

So what does it mean? We do not have a standard format for this, however we do ask that any reasonably...

Published in joomla

Tagged under

joomla

Be the first to comment!

Wednesday, 22 July 2015 16:05

The Perils of the Default Settings

Written by mandville

Recently an issue was reported to the Vulnerable Extensions List team, which affected the blogging platform for Joomla, Easy Blog. After some thought we decided that it did not fall within the normal definition of a security issue that would merit listing on the VEL. It was reported to us by a site owner whose site had been hit by an...

Published in joomla

Tagged under

joomla

Be the first to comment!

Sunday, 19 April 2015 15:42

Responsible disclosure

Written by mandville

There has a been a lot of talk recently about responsible disclosure issues especially with new developers and glory seekers. The VEL team have its own responsible disclosure code, namely that we wont list any Proof of concept or samples. we will only give the bare minimum.. All we ask is...

Published in joomla

Tagged under

joomla

Be the first to comment!

Thursday, 12 March 2015 04:30

VEL API /JSON released

Written by mandville

Following a community member suggestion obtaining a VEL website API, Phil Taylor from Blue Flame IT donated his API/JSON script for the community use.

It is available at http://vel.myjoomla.io/ however the docs have yet to be written.

{jb_quote} This JSON is provided for free, dont abuse this by hammering it with massive of calls please. The...

Published in joomla

Tagged under

joomla

Be the first to comment!

Saturday, 21 February 2015 16:14

VEL API volunteers required

Written by mandville

Right now there’s no machine-readable output format of the vulnerable extensions list. This causes a lot of issues when someone tries to find out, if a specific extension is listed on the VEL or not, because he or she wants to do for example one of the following things:

develop a plugin that automatically sends an email to the site...

Published in joomla

Tagged under

joomla

Be the first to comment!

Start
Prev
4
5
6
7
8
9
10
11
12
13
Next
End

Page 9 of 16

Users registering without a registration form being published

What Does A Security Release Notice Look Like?

The Perils of the Default Settings

Responsible disclosure

There has a been a lot of talk recently about responsible disclosure issues especially with new developers and glory seekers. The VEL team have its own responsible disclosure code, namely that we wont list any Proof of concept or samples. we will only give the bare minimum.. All we ask is...

VEL API /JSON released

VEL API volunteers required

Legals

eprivacy cookies

EU e-Privacy Directive