Bug Sicurezza Joomla e dei suoi componenti 2008 - Aggiornato al 29-12-08

[bugSearch.Net]

29-12-08   Joomla Component com_na_content 1.0 Blind SQL Injection Vulnerability
29-12-08   Joomla Component PAX Gallery 0.1 Blind SQL Injection Vulnerability
29-12-08   Joomla Component com_liveticker 1.0 Blind SQL Injection Exploit
29-12-08   Joomla Component com_ice 0.5b2 Blind SQL Injection Exploit
29-12-08   Joomla Component mdigg 2.2.8 Blind SQL Injection Exploit
24-12-08   Joomla Component 5starhotels (id) SQL Injection Exploit
24-12-08   Joomla Component com_lowcosthotels (id) Blind SQL Injection Vuln
24-12-08   Joomla Component Ice Gallery 0.5b2 (catid) Blind SQL Injection Vuln
24-12-08   Joomla Component Live Ticker 1.0 (tid) Blind SQL Injection Vuln
24-12-08   Joomla Component mdigg 2.2.8 (category) SQL Injection Vuln
18-12-08   Joomla Component Tech Article 1.x (item) SQL Injection Vulnerability
13-12-08   Joomla Live Chat (SQL-Proxy) Multiple Remote Vulnerabilities
05-12-08   Joomla Component mydyngallery 1.4.2 (directory) SQL Injection Vuln
03-12-08   Joomla Component com_jmovies 1.1 (id) SQL Injection Exploit
21-11-08   Joomla Component Thyme (event) SQL Injection Vulnerability
12-11-08   Joomla Component com_marketplace 1.2.1 (catid) SQL Injection Vuln
11-11-08   Joomla Component com_marketplace 1.3.1 (catid) SQL Injection Vuln
11-11-08   Joomla Component Simple RSS Reader 1.0 RFI Vulnerability
11-11-08   Joomla- Mambo com_catalogproduction (id) SQL Injection Vulnerability
11-11-08   Joomla Component com_books (book_id) SQL Injection Vulnerability
11-11-08   Joomla Component Contact Info 1.0 SQL Injection Vulnerability
10-11-08   Joomla Component JooBlog 0.1.1 (PostID) SQL Injection Vulnerability
07-11-08   Joomla Component Recly!Competitions 1.0.0 Multiple RFI Vulnerabilities
07-11-08   Joomla Component Clickheat 1.0.1 Multiple RFI Vulnerabilities
07-11-08   Joomla Component Feederator 1.0.5 Multiple RFI Vulnerabilities
06-11-08   Joomla Component Dada Mail Manager 2.6 RFI Vulnerability
04-11-08   Joomla Component ProDesk 1.0-1.2 Local File Inclusion Vulnerability
04-11-08   Joomla Component ongumatimesheet20 4b RFI Vulnerability
04-11-08   Joomla Component VirtueMart Google Base 1.1 RFI Vulnerability
01-11-08   Joomla Component Flash Tree Gallery 1.0 RFI Vulnerability
25-10-08   Joomla Component Archaic Binary Gallery 0.2 Directory Traversal Vuln
24-10-08   Joomla Component Archaic Binary Gallery Directory Traversal Vuln
24-10-08   Joomla Component Kbase 1.0 Remote SQL Injection Vulnerability
23-10-08   Joomla Component RWCards 3.0.11 Local File Inclusion Vulnerability
23-10-08   Joomla Component ionFiles 4.4.2 File Disclosure Vulnerability
23-10-08   Joomla Component Daily Message 1.0.3 (id) SQL Injection Vuln
20-10-08   Joomla Component ds-syndicate (feed_id) SQL Injection Vulnerability
20-10-08   Joomla Component Nice Talk (tagid) SQL Injection Vulnerability
11-10-08   Joomla Component ownbiblio 1.5.3 (catid) SQL Injection Vulnerability
10-10-08   Joomla Component Ignite Gallery 0.8.3 SQL Injection Vulnerability
10-10-08   Joomla Component mad4joomla SQL Injection Vulnerability
09-10-08   Joomla Component Joomtracker 1.01 Remote SQL injection Vulnerability
07-10-08   Joomla Component com_hotspots (w) Remote SQL Injection Vulnerability
28-09-08   Joomla Component imagebrowser <= 0.1.5 RC2 Directory Traversal Vuln
12-08-08   Joomla 1.5.x (Token) Remote Admin Change Password Vulnerability
03-08-08   Joomla Component EZ Store Remote Blind SQL Injection Exploit
16-07-08   Joomla Component DT Register Remote SQL injection Vulnerability
12-07-08   Joomla Component n-forms 1.01 Blind SQL Injection Exploit
08-07-08   Joomla Component com_content 1.0.0 (ItemID) SQL Injection Vuln
04-07-08   Joomla Component altas 1.0 Multiple Remote SQL Injection Exploit
04-07-08   Joomla Component DBQuery <= 1.4.1.1 RFI Vulnerability
02-07-08   Joomla Component is 1.0.1 Multiple Remote SQL Injection Exploit
02-07-08   Joomla Component QuickTime VR 0.1 Remote SQL Injection Exploit
02-07-08   Joomla Component com_brightweblinks (catid) SQL Injection Vulnerability
01-07-08   Joomla Component versioning 1.0.2 (id) SQL Injection Vulnerability
01-07-08   Joomla Component mygallery (cid) Remote SQL Injection Vulnerability
28-06-08   Joomla Component Xe webtv (id) Blind SQL Injection Exploit
28-06-08   Joomla Component beamospetition Remote SQL Injection Vulnerability
28-06-08   Joomla Component jabode (id) Remote SQL Injection Vulnerability
26-06-08   Joomla Component YaNC (listid) SQL Injection Vulnerability
25-06-08   Joomla Component netinvoice 1.2.0 SP1 SQL Injection Vulnerability
23-06-08   Joomla Component com_facileforms 1.4.4 RFI Vulnerability
22-06-08   Joomla Component EXP Shop (catid) SQL Injection Vulnerability
16-06-08   Joomla Simple Shop Galore Component 3.x (catid) SQL Injection
09-06-08   iJoomla News Portal (Itemid) Remote SQL Injection Exploit
08-06-08   Joomla Component yvcomment <= 1.16 Blind SQL Injection Exploit
08-06-08   Joomla Component rapidrecipe Remote SQL injection Vulnerability
07-06-08   Joomla Component GameQ <= 4.0 Remote SQL injection Vulnerability
05-06-08   Joomla Component JoomlaDate (user) SQL injection Vulnerability
05-06-08   Joomla Component simpleshop <= 3.4 SQL injection Vulnerability
04-06-08   Joomla Component jotloader <= 1.2.1.a Blind SQL injection Exploit
04-06-08   Joomla Component EasyBook 1.1 (gbid) SQL Injection Exploit
03-06-08   Joomla Component JooBlog 0.1.1 Blind SQL Injection Exploit
03-06-08   Joomla Component iDoBlog <= b24 Remote SQL Injection Vulnerability
03-06-08   Joomla Component joomradio 1.0 (id) SQL Injection Vulnerability
02-06-08   Joomla Component acctexp <= 0.12.x Blind SQL Injection Exploit
02-06-08   Joomla Component equotes 0.9.4 Remote SQL injection Vulnerability
01-06-08   Joomla Component JooBB 0.5.9 Blind SQL Injection Exploit
01-06-08   Joomla Component com_mycontent 1.1.13 Blind SQL Injection Exploit
31-05-08   Joomla Component com_biblestudy 1.5.0 (id) SQL Injection Exploit
31-05-08   Joomla Component prayercenter <= 1.4.9 (id) SQL Injection Vulnerability
28-05-08   Joomla Component Artist (idgalery) SQL Injection Vulnerability
11-05-08   Joomla Component xsstream-dm 0.01b Remote SQL Injection Exploit
10-05-08   Joomla Component com_datsogallery 1.6 Blind SQL Injection Exploit
01-05-08   Joomla Component Webhosting (catid) Blind SQL Injection Exploit
27-04-08   Joomla Component paxxgallery 0.2 (gid) Blind SQL Injection Exploit
27-04-08   Joomla Component com_alphacontent Blind SQL Injection Exploit
25-04-08   Joomla Component Joomla-Visites 1.1 RC2 RFI Vulnerability
24-04-08   Joomla Component JPad 1.0 SQL Injection Vulnerability (postauth)
23-04-08   Joomla Community Builder <= 1.0.1 Blind SQL Injection Vulnerability
23-04-08   Joomla Component Filiale 1.0.4 (idFiliale) SQL Injection Vulnerability
22-04-08   Joomla Component FlippingBook 1.0.4 SQL Injection Vulnerability
13-04-08   Joomla Component com_extplorer <= 2.0.0 RC2 Local Directory Traversal
11-04-08   Joomla Component joomlaXplorer <= 1.6.2 Remote Vulnerabilities
02-04-08   Joomla Component OnlineFlashQuiz <= 1.0.2 RFI Vulnerability
01-04-08   Joomla Component actualite 1.0 (id) SQL Injection Vulnerability
28-03-08   Joomla Component MyAlbum 1.0 (album) SQL Injection Vulnerability
25-03-08   Joomla Component alphacontent <= 2.5.8 (id) SQL Injection Vulnerability
23-03-08   Joomla Component rekry 1.0.0 (op_id) SQL Injection Vulnerability
23-03-08   Joomla Component d3000 1.0.0 Remote SQL Injection Vulnerability
23-03-08   Joomla Component Cinema 1.0 Remote SQL Injection Vulnerability
22-03-08   Joomla Components custompages 1.1 Remote File Inclusion Vulnerability
20-03-08   Joomla Component Datsogallery 1.3.1 Remote SQL Injection Vulnerability
19-03-08   Joomla Component Restaurante 1.0 (id) SQL Injection Vulnerability
19-03-08   Joomla Component Alberghi <= 2.1.3 (id) SQL Injection Vulnerability
19-03-08   Joomla Component joovideo 1.2.2 (id) SQL Injection Vulnerability
18-03-08   Joomla Component Acajoom (com_acajoom) SQL Injection Vulnerability
11-03-08   Joomla Component ProductShowcase <= 1.5 SQL Injection Vulnerability
08-03-08   Joomla Component Candle 1.0 (cID) SQL Injection Vulnerability
23-02-08   Joomla Component simple shop 2.0 SQL Injection Vulnerability
20-02-08   Joomla Component com_hwdvideoshare SQL Injection Vulnerability
18-02-08   Joomla Component com_clasifier (cat_id) SQL Injection Vulnerability
18-02-08   Joomla Component com_pccookbook (user_id) SQL Injection Vulnerability
18-02-08   Joomla Component astatsPRO 1.0 refer.php SQL Injection Vulnerability
16-02-08   Joomla Component com_galeria Remote SQL Injection Vulnerability
16-02-08   Joomla Component jooget <= 2.6.8 Remote SQL Injection Vulnerability
14-02-08   Joomla Component paxxgallery 0.2 (iid) SQL Injection Vulnerability
14-02-08   Joomla Component MCQuiz 0.9 Final (tid) SQL Injection Vulnerability
14-02-08   Joomla Component Quiz <= 0.81 (tid) SQL Injection Vulnerability
14-02-08   Joomla Component mediaslide (albumnum) Blind SQL Injection Exploit
13-02-08   Joomla Component xfaq 1.2 (aid) Remote SQL Injection Vulnerability
12-02-08   Joomla Component pcchess <= 0.8 Remote SQL Injection Vulnerability
12-02-08   Joomla Component rapidrecipe <= 1.6.5 SQL Injection Vulnerability
08-02-08   Joomla Component NeoGallery 1.1 SQL Injection Vulnerability
07-02-08   Joomla Component com_noticias 1.0 SQL Injection Vulnerability
07-02-08   Joomla Component com_doc Remote SQL Injection Vulnerability
06-02-08   Joomla Component Ynews 1.0.0 (id) Remote SQL Injection Vulnerability
03-02-08   Joomla Component Marketplace 1.1.1 SQL Injection Vulnerability
03-02-08   Joomla Component mosDirectory 2.3.2 (catid) SQL Injection Vulnerability
01-02-08   Joomla Component NeoReferences 1.3.1 (catid) SQL Injection Vuln
30-01-08   Joomla Component ChronoForms 2.3.5 RFI Vulnerabilities

[alexred]

La lista è impressionante ma molto preziosa e dettagliatissima.

[sali40]

fa venir la voglia di disinstallare tutto e lasciare solo il core, che almeno quello pare sicuro
A parte ogni scherzo, è fondamentale questo tipo di aggiornamenti. Troppo spesso ci si ritrova di fronte a siti hackerati per via di estenzioni bucate