Fortunately I've never heard of these extensions except for Nice Talk which is made by Azrul.
----- Original Message ---- From: Mitch Pirtle <[EMAIL PROTECTED]> To: NYPHP SIG: Joomla <[email protected]> Sent: Friday, October 24, 2008 4:16:18 PM Subject: [joomla] Re: Uh oh, two extensions slammed by milw0rm While we're at it: * FWCards 3.0.11 - local file inclusion vulnerability * ionFiles 4.4.2 - file disclosure vulnerability * Daily Message 1.0.3. - SQL injection vulnerability * Nice Talk - SQL injection vulnerability * ds-syndicate - SQL injection vulnerability Sad, most likely all are making the same 2 or 3 mistakes, but some punk wants to pad his totals for the month. -- Mitch On Fri, Oct 24, 2008 at 4:12 PM, Mitch Pirtle <[EMAIL PROTECTED]> wrote: > Heads up folks, the following Joomla extensions have been shamed at > milw0rm (yes, they posted exploit code too): > > * Archaic Binary Gallery - directory traversal vulnerability > * Kbase - SQL injection vulnerability > > So if you are using either, best disable them pronto, then ask > questions later ;-) > > -- Mitch > _______________________________________________ New York PHP SIG: Joomla! Mailing List http://lists.nyphp.org/mailman/listinfo/joomla NYPHPCon 2006 Presentations Online http://www.nyphpcon.com Show Your Participation in New York PHP http://www.nyphp.org/show_participation.php _______________________________________________ New York PHP SIG: Joomla! Mailing List http://lists.nyphp.org/mailman/listinfo/joomla NYPHPCon 2006 Presentations Online http://www.nyphpcon.com Show Your Participation in New York PHP http://www.nyphp.org/show_participation.php
