This is a list of 3rd party Joomla components with known vulnerabilities that will allow hackers access to your site. If you are using any of the following compnents please upgrade or remove the component as listed under fix. It is also very important to make sure you are using the latest version of Joomla, currently 1.0.11, as earlier versions have several High Level vulnerabilities. These vulnerabilities dont just effects your website it effects other clients and the entire server as a whole.http://forum.joomla.org/index.php/topic,79477.0.html
Full Name: A6MamboCredits
Short Name: com_a6mambocredits
Version: All Versions
Fix: Abandoned. Remove completely.
References: http://secunia.com/advisories/21540/
http://forum.joomla.org/index.php/topic,86978.0.html
Short Name: com_a6mambocredits
Version: All Versions
Fix: Abandoned. Remove completely.
References: http://secunia.com/advisories/21540/
http://forum.joomla.org/index.php/topic,86978.0.html
Full Name: A6MamboHelpDesk
Short Name: com_a6mambohelpdesk
Version: All Versions
Fix: Abandoned. Remove completely.
References: http://forum.joomla.org/index.php/topic,80890.0.html
http://secunia.com/advisories/21227/
Full Name: Advanced Poll
Short Name: com_advancedpoll (?)
Version: <= 2.2.0.
Fix: Abandoned. Remove completely.
References: http://forum.joomla.org/index.php/topic,76621.0.html
Full Name: ArtLinks
Short Name: com_artlinks
Version: All Versions.
Fix: Abandoned. Remove completely.
References: http://forum.joomla.org/index.php/topic,76328.0.html
Full Name: Bayesian Naive Filter
Short Name: com_bayesiannaivefilter
Version: <= 1.1
Fix: No Fix Available. Please disable or remove this component until a fix can be made available.
References: http://forum.joomla.org/index.php/topic,81594.0.html
Full Name: BigApe Backup
Short Name: com_babackup
Version: All Versions.
Fix: No Fix Available. Please disable or remove this component until a fix can be made available.
References: http://secunia.com/advisories/21574/
http://forum.joomla.org/index.php/topic,87736.0.html
Full Name: BSQ Site Stats
Short Name: com_bsqsitestats
Version: <= 2.1.0
Fix: Upgrade to version 2.1.1. Download it here.
References: http://forum.joomla.org/index.php/topic,77899.0.html
Full Name: Classifieds
Short Name: com_classifieds
Version: <= 1.3
Fix: Upgrade to version 1.4. Download it here.
References: http://forum.joomla.org/index.php/topic,82457.0.html
Full Name: Colophon
Short Name: com_colophon
Version: <= 1.2
Fix: Upgrade to 1.3.1. Download it here.
References: http://secunia.com/advisories/21288/
http://forum.joomla.org/index.php/topic,81587.0.html
Full Name: Community Builder (comprofiler)
Short Name: com_profiler
Version: <= 1.0.0
Fix: Upgrade to version 1.0.1. Download it here.
References: http://www.joomlapolis.com/content/view/1538/37/
http://forum.joomla.org/index.php/topic,84436.0.html
See here for a fix for register_globals = off
Full Name: Events
Short Name: com_events
Version: <= 1.3 Beta
Fix: Upgrade to version 1.3 Beta2. Download it here.
References: http://forum.joomla.org/index.php/topic,80411.0.html
Full Name: ExtCalendar
Short Name: com_extcalendar
Version: <= 0.9.1
Fix: Upgrade to version 0.9.2. See this post for details.
References: http://secunia.com/advisories/19321/
http://forum.joomla.org/index.php/topic,75390.0.html
http://forum.joomla.org/index.php/topic,79050.0.html
http://forum.joomla.org/index.php/topic,78268.0.html
Full Name: SEF404x
Short Name: com_sef
Version: All Versions.
Fix: No Fix Available. Remove completely.
Full Name: Galleria
Short Name: com_galleria
Version: All Versions.
Fix: Abandoned. Remove completely.
References: http://nvd.nist.gov/nvd.cfm?cvename=CVE-2006-3396
http://forum.joomla.org/index.php/topic,77706.0.html
Full Name: Hash Cash
Short Name: com_hashcash
Version: All Versions.
Fix: Abandoned. Remove completely.
References: http://secunia.com/product/11046/
http://forum.joomla.org/index.php/topic,76322.0.html
Full Name: Hot Properties
Short Name: com_hotproperties (?)
Version: <= 0.97
Fix: Upgrade to 0.98 Download it here.
References: No references available at this time.
Full Name: JD-Wiki
Short Name: com_jd-wiki
Version: <= 1.0.2
Fix: Upgrade to version 1.0.3. Download it here.
References: http://forum.joomla.org/index.php/topic,80188.msg427986.html#msg427986
Full Name: JD-WordPress
Short Name: com_jd-wp
Version: <= 2.0-1.0 RC2
Fix: Patch Available. See this post.
References: http://forum.joomla.org/index.php/topic,81064.0.html
Full Name: JIM 1.0.1. (PMS)
Short Name: com_jim
Version: 1.0.1. (possibly lower versions as well)
Fix: Not available Remove completely.
References: http://secunia.com/advisories/21545/
Full Name: JoomlaBoard
Short Name: com_joomlaboard
Version: <= 1.1.1
Fix: Upgrade to version 1.1.2. Download it here.
References: http://secunia.com/advisories/21059/
http://forum.joomla.org/index.php/topic,76852.0.html
Fix, compatible with register globals off as set in globals.php
Full Name: JoomlaLib
Short Name: com_joomlalib
Version: <= 1.2.1
Fix: Upgrade to version 1.2.2. Download it here.
References: http://forum.joomla.org/index.php/topic,77899.0.html
Full Name: LoudMouth
Short Name: com_loudmouth
Version: <= 4.0j
Fix: Upgrade to version 4.1 then apply Security Patch 1. Download upgrade and security patch here.
References: http://forum.joomla.org/index.php/topic,76337.0.html
http://mamboxchange.com/forum/forum.php?forum_id=7638
Full Name: LMO
Short Name: com_lmo
Version: <= 1.0b2
Fix: Upgrade to version 1.0b3. Download it here.
References: http://www.frsirt.com/english/advisories/2006/3063
http://forum.joomla.org/index.php/topic,81590.0.html
Full Name: MambelFish 1.x
Short Name: com_mambelfish
Version: <= 1.x
Fix: Upgrade to 1.5 (or to Joom!Fish) Mambelfish 1.5 Joom!Fish 1.7
References: http://secunia.com/advisories/21544/
Full Name: Mambo Gallery Manager
Short Name: com_mgm
Version: All Versions.
Fix: Abandoned. Remove completely.
References: http://forum.joomla.org/index.php/topic,81616.0.html
http://www.frsirt.com/english/advisories/2006/3054
Full Name: MiniBB
Short Name: com_minibb
Version: <= 1.5a
Fix: Abandoned. Remove completely.
References: http://securityreason.com/exploitalert/846
http://forum.joomla.org/index.php/topic,76898.0.html
Full Name: MamCom (?)
Short Name: com_trade
Version: All Versions.
Fix: Abandoned. Remove completely.
References: http://forum.joomla.org/index.php/topic,79062.0.html
Full Name: MosMedia
Short Name: com_mosmedia
Version: <= 1.0.8
Fix: Temporary Fix Available. See this thread for details.
References: http://forum.joomla.org/index.php/topic,78533.0.html
Full Name: MoSpray
Short Name: com_mospray
Version: <= 1.8 RC1
Fix: Abandoned. Remove completely.
References: http://forum.joomla.org/index.php/topic,76331.0.html
Full Name: Mos Tree
Short Name: com_mtree
Version: <= 1.5.8
Fix: Upgrade to version 1.5.9. Download it here.
References: http://forum.joomla.org/index.php/topic,78298.0.html
Full Name: Multibanners
Short Name: com_multibanners *Note: Not the same as the Multibanners Module.*
Version: All Versions.
Fix: Abandoned. Remove completely.
References: http://secunia.com/advisories/21168/
http://forum.joomla.org/index.php/topic,77977.0.html
Full Name: OpenSEF
Short Name: com_sef
Version: <= 2.0.0 RC5 Unpatched
Fix: Patch Available. Download it here.
References: http://forum.joomla.org/index.php/topic,77301.0.html
Full Name: PC Cook Book
Short Name: com_pccookbook
Version: <= 1.3.1
Fix: No Fix Available. Please disable or remove this component until a fix can be made available.
References: http://www.frsirt.com/english/advisories/2006/2739
http://forum.joomla.org/index.php/topic,76009.0.html
Full Name: People Book
Short Name: com_peoplebook
Version: <= 1.1.5
Fix: Upgrade to version 1.1.6. Download it here.
References: http://forge.joomla.org/sf/go/artf5410?nav=1
Full Name: Prince Clan Chess
Short Name: com_pcchess
Version: <= 0.8
Fix: Abandoned. Remove completely.
Full Name: Per Forms
Short Name: com_performs
Version: <= v1_beta
Fix: Upgrade to version v2_beta. Download it here.
References: http://secunia.com/advisories/21044/
http://forum.joomla.org/index.php/topic,76654.0.html
http://forum.joomla.org/index.php/topic,76862.0.html
Full Name: PollXT
Short Name: com_pollxt
Version: <= 1.22.07
Fix: Upgrade to version 1.22.08. Download it here.
References: http://secunia.com/advisories/21068/
http://forum.joomla.org/index.php/topic,77975.0.html
Full Name: RS Gallery2
Short Name: com_rsgallery2
Version: <= 1.11.3
Fix: Upgrade to version 1.11.4. Download it here.
References: http://forum.joomla.org/index.php/topic,73453.0.html
Full Name: Security Images
Short Name: com_securityimages
Version: <= 3.0.5
Fix: Upgrade to version 3.0.6. Download it here.
References: http://secunia.com/advisories/21260/
http://forum.joomla.org/index.php/topic,81589.0.html
Full Name: SimpleBoard
Short Name: com_simpleboard
Version: All Versions.
Fix: Upgrade to JoomlaBoard 1.1.2. JoomlaBoard is compatible with SimpleBoard. Download it here.
References: http://secunia.com/advisories/20981/
http://secunia.com/advisories/20409/
http://forum.joomla.org/index.php/topic,75668.0.html
Full Name: Site Map
Short Name: com_sitemap
Version: All Versions.
Fix: Abandoned. Remove completely.
References: http://secunia.com/advisories/21055/
http://forum.joomla.org/index.php/topic,76326.0.html
Full Name: SMF Bridge
Short Name: com_smf
Version: <= 1.1.4
Fix: For SMF version 1.1RC2 only. Upgrade available. See this thread.
References: http://secunia.com/advisories/21079/
http://www.simplemachines.org/community/index.php?topic=100140.0
http://forum.joomla.org/index.php/topic,78313.0.html
http://forum.joomla.org/index.php/topic,77716.0.html
http://forum.joomla.org/index.php/topic,78359.0.html
http://forum.joomla.org/index.php/topic,76609.0.html
Full Name: User Home Pages 1 and 2
Short Name: com_uhp and com_uhp2
Version: <= 1.1.1 (?)
Fix: Upgrade to 1.1.2. Download it here.
References: http://forum.joomla.org/index.php/topic,81308.msg416865.html#msg416865
http://secunia.com/advisories/21305/
