Joomla
Searching for information about vulnerable/insecure extensions.
I inherited a legacy site to deal with that was originally running joomla 1.7, and it suffered from a sleeping XSS vulnerability. A compromised file lay dormant on the server for a couple years until yesterday when a slew of other vulnerable files were created and the site was used to spam thousands of email addresses. I tracked the original hole to a file created in 2012, but I neglected to note where it was located,. There were only a handful of files created on that same day, so I’m trying to determine if it is a buggy extension, the template that was installed, or just joomla. The extensions don’t appear on the VEL, but i didn’t know if that included only currently vulnerable extensions or there is list of previously vulnerable extensions somewhere else. Anyway, any information would be helpful. Here are the extensions in question:
- Very Simple Image Gallery v1.6.5
- Sigplus v.1.4.2.10
- Slick RSS v1.5.0
- Quickicon v2.5.0
And then finally, I’ve run some tests on the server and holes were automatically closed, and these files were left untouched, but i figured I’d include them just in case someone knows something about them
- administrator/components/com_content/models/fields/filters.php
- administrator/components/com_languages/views/installed/tmpl/default_ftp.php
- administrator/language/de-DE/de-DE.localise.php
- administrator/templates/hathor/html/com_languages/installed/default_ftp.php
- language/de-DE/de-DE.localise.php
- libraries/joomla/database/databaseexception.php
- libraries/joomla/database/databasequery.php
- libraries/joomla/log/logentry.php
How can I stop article contributors being able to insert externally hosted images into articles?
I want all imagery to be hosted locally. Not links to images on other sites that may disappear at any time. This is Joomla 3. Thx.
Joomla Upgrade+Transfer HELP
Hey There – I will try to explain this as best as I can…
I am a network administrator, we are shutting down our server currently running our Joomla website (2.5.8) due to its age and transitioning to a new server.
I have the new server up and running with Ubuntu 12.04 and Joomla 3.3. I know very little about Joomla besides what it needs to work and a general idea of how it operates, it is online and can be logged into etc. so it is up and running properly.
We have a webmin who does all the Joomla management/web/content stuff and she has given me SP Transfer to bring the old databases and whatever else is required over, so I have installed SP Transfer on the new server and put in all the details as per their instructions HOWEVER I get an error saying it can not connect to the database but the FTP Function works fine. I have checked and double checked the database details and login credentials and all is fine.
As the servers are physically in the same rack I am using our internal IP Address to the old server in SP Transfer (as I am for the FTP) but it just won’t connect…
I am desperate for help and want to finish up this project ASAP and decommission the old server – is anyone able to offer some assistance on this one?
Cheers
Sync’ing a public Google Calendar with any Joomla calendar component
I know I can embed a Google Calendar in Joomla, but it then looks the same as Google’s styling and its not the prettiest. I would like to install a component that can access the events from a public Google Calendar and display them within the calendar components interface, so they look nicer. So far I haven’t found this functionality in any of these: DPCalendar Lite, JEvents, Scheduler, or Jcal Pro. If you’ve achieved this before I’d love to hear from you!
Module issue News Show SP2
Hi guys, I need some help. When I activate the News Show SP2 module my homepage disappear.
What can be?
Here’s a screenshot http://ift.tt/1qGcKt6
Thanks!
Webprogramming basket 