Joomla! Multiple Vulnerabilities

If you are using Joomla version 1.0.10 or less, it’s time to update again. According to many security advisories, it’s got high known and unknown impacts.

Description:

Some vulnerabilities have been reported in Joomla!, where some have unknown impacts, and others can be exploited by malicious people to conduct cross-site scripting attacks and bypass certain security restrictions.

1) Some input validation errors exists in the “mosMail()” and “JosIsValidEmail()” functions.

2) An unspecified error exists in PEAR.php.

3) An unspecified error exists due to globals.php not being included in administrator/index.php.

4) Insufficient access control checks exists due to missing defined( ‘_VALID_MOS’ ) checks and certain errors in the Admin “Upload Image”, Admin “Popups”, and “com_content” functionalities.

5) Certain unspecified errors in the “do_pdf” functionality and in the handling of the emailform com_content task can be exploited to bypass the user authentication process.

6) Some unspecified input passed via the Admin “Module Manager”, Admin “Help”, and Search functionalities isn’t properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user’s browser session in context of an affected site.

Some other security related issues have also been reported.

The vulnerabilities have been reported in versions prior to 1.0.11.

The solution is to update it ASAP.

New Version, New Server

I have moved my blog to a new server, and upgraded it to 2.0.4. I mistakenly moved the blog to windows server first, and had a problem with mod_rewrite, which is not available on Windows server. I had to move it again to a Linux server. Upgrading WordPress is pretty painless.

Right now, it’s hard to add new contents to my blog, as my 35-USD-a-month-and-so-called-128 kbps Internet connection at home, is disconnected due to a late bill. Although the bill’s been paid yesterday, I’m still disconnected. It’s hard to compete their services.

Perl Modules

Though I am not a big fan of Perl, I sometimes need to execute perl scripts. Occasionally my perl repository misses some libraries like LWP::UserAgent. To install new perl modules, I had to execute

perl -MCPAN -e shell

At the first time, I had to answer 10 to 20 of configuration questions. And finally, I reached to cpan prompt, where I was able to enter:

cpan>install LWP::UserAgent

It’s as easy as installing PEAR modules for PHP.

Death of the Blog and Random Thoughts

I haven’t looked at this site for a long time. I also noticed there were no visitors, and I was starting to think my posts were not useful or of any assistance. And I’m smelling the death of the blog.

So what have I been doing lately? I did my jobs as usual. I did not touch my Gentoo box for two months. I played with CentOS, Fedora Core 5, but I don’t like them as much as I like Gentoo. I ordered my Athlon 64 CPU and motherboard bundle, and it’s not arrived yet. It’s hard to decide what I should install for my new Athlon 64 box. Gentoo and Ubuntu have different tastes. I became a CIW Associate, and I’m going for CIW Security Analyst. The exams were not hard as I first thought it would be. I can be a CIW Security Professional in next 10 days.

I have to update this WordPress, as 2.0.6 was out 6 days ago. I’m going to move the blog to another server as well. There will be at least 24 hours for the transit to become stable. This time, my server’s control panel will be H-Sphere. H-Sphere CP is more complicated than the usual suspects, cPanel and Plesk. I still don’t know what DirectAdmin looks like.

During last two months, I’ve learned the very easy to lose money online. And you know what, all HYIPs and Auto-Surfs are ponzi’s. I prefer Randomizers, MLMs and Cyclers. We can make fair amount of money if we can control our greed when playing with those ponzis.

Nowadays, it seems like Myanmar vocalists and bands are worried about music piracy. I wonder what they are thinking when they are trying to steal foreign music and software.

One last thing is I just went swimming today. It was my first swim in a pool in last three years.