[joomla] Re: Uh oh, two extensions slammed by milw0rm
Donna Marie Vincent
donnamarievincent at yahoo.com
Fri Oct 24 16:27:42 EDT 2008
Fortunately I've never heard of these extensions except for Nice Talk which is made by Azrul.
----- Original Message ----
From: Mitch Pirtle <mitch.pirtle at gmail.com>
To: NYPHP SIG: Joomla <joomla at lists.nyphp.org>
Sent: Friday, October 24, 2008 4:16:18 PM
Subject: [joomla] Re: Uh oh, two extensions slammed by milw0rm
While we're at it:
* FWCards 3.0.11 - local file inclusion vulnerability
* ionFiles 4.4.2 - file disclosure vulnerability
* Daily Message 1.0.3. - SQL injection vulnerability
* Nice Talk - SQL injection vulnerability
* ds-syndicate - SQL injection vulnerability
Sad, most likely all are making the same 2 or 3 mistakes, but some
punk wants to pad his totals for the month.
-- Mitch
On Fri, Oct 24, 2008 at 4:12 PM, Mitch Pirtle <mitch.pirtle at gmail.com> wrote:
> Heads up folks, the following Joomla extensions have been shamed at
> milw0rm (yes, they posted exploit code too):
>
> * Archaic Binary Gallery - directory traversal vulnerability
> * Kbase - SQL injection vulnerability
>
> So if you are using either, best disable them pronto, then ask
> questions later ;-)
>
> -- Mitch
>
_______________________________________________
New York PHP SIG: Joomla! Mailing List
http://lists.nyphp.org/mailman/listinfo/joomla
NYPHPCon 2006 Presentations Online
http://www.nyphpcon.com
Show Your Participation in New York PHP
http://www.nyphp.org/show_participation.php
More information about the Joomla
mailing list