Richeyweb.com site infected with fake jquery

Published: Wednesday, 06 July 2016

cross site scripting

richeyweb.com extension developer site infected with fake jquery script, malware displays intermittently. Site currently scans as clean.

the vel are not aware of any current reports of vulnerabilities in the extensions themselves...

Read more: Richeyweb.com site infected with fake jquery

Universal AJAX Live Search, 5.4.0, Other

Published: Friday, 24 June 2016

 

Universal AJAX Live Search 5.4.0, Other.Inadequate permissionsDeveloper states

Extension Update Details
Folders permissions vulnerability fixed.

UpdateNoticeURLhttp://universalajaxlivesearch.demo.offlajn.com/index.php/simple-theme/security-update...

Read more: Universal AJAX Live Search, 5.4.0, Other

SecurityCheck and SecurityCheck Pro Vulnerable Versions: 2.8.9

Published: Friday, 03 June 2016

Stored XSS and SQL Injection in SecurityCheck and SecurityCheck Pro Vulnerable Versions: 2.8.9 (possibly below)

resolution: update to version 2.8.10

update notice: https://securitycheck.protegetuordenador.com/index.php/downloads/securitycheck-j3x

 

 ...

Read more: SecurityCheck and SecurityCheck Pro Vulnerable Versions: 2.8.9

chronoengines extensions

Published: Tuesday, 07 June 2016

chronoforms and other chronoengine extensions

developer's site was infected with malware, but is now reviewed as "safe" according to Google transparency report.

see https://www.google.com/transparencyreport/safebrowsing/diagnostic/?hl=en#url=chronoengine.com

The VEL do not know of any recent reports of vulnerabilities in the extensions themselves....

Read more: chronoengines extensions

mod fancy tag cloud,1.017,Other

Published: Saturday, 21 May 2016

mod fancy tag cloud (com_offlajn_installer),1.017,Other...

Read more: mod fancy tag cloud,1.017,Other