{"id":2349,"date":"2015-03-05T15:36:20","date_gmt":"2015-03-05T22:36:20","guid":{"rendered":"http:\/\/www.whitefirdesign.com\/blog\/?p=2349"},"modified":"2015-03-11T11:52:51","modified_gmt":"2015-03-11T17:52:51","slug":"mojo-marketplace-distributing-software-with-known-security-vulnerabilities","status":"publish","type":"post","link":"https:\/\/www.whitefirdesign.com\/blog\/2015\/03\/05\/mojo-marketplace-distributing-software-with-known-security-vulnerabilities\/","title":{"rendered":"MOJO Marketplace Distributing Software With Known Security Vulnerabilities"},"content":{"rendered":"<p>Last week we noted that web hosts\u00a0should stop providing the <a title=\"Note to Web Hosts: SimpleScripts is No Longer Being Updated\" href=\"http:\/\/www.whitefirdesign.com\/blog\/2015\/02\/27\/note-to-web-hosts-simplescripts-is-no-longer-being-updated\/\">SimpleScripts software installation service to their users since it hasn&#8217;t been supported for some time<\/a>, leaving people with outdated and insecure software on their websites. As part of that we noted that it looks like their service was replaced with the MOJO Marketplace. We decided to take a quick look at that service to see if they were keeping the software provided though it\u00a0up to date and the results show that they have some problems, though nowhere near as bad as\u00a0we\u00a0<a title=\"GoDaddy Distributing Software With Known Security Vulnerabilities\" href=\"http:\/\/www.whitefirdesign.com\/blog\/2014\/11\/13\/godaddy-distributing-software-with-known-security-vulnerabilities\/\">found with GoDaddy last November<\/a>.<\/p>\n<p>To start with, they are still offering Joomla 2.5, despite <a href=\"http:\/\/www.joomla.org\/announcements\/release-news\/5574-joomla-2-5-28-released.html\">support for that version\u00a0having ended in December<\/a>:<\/p>\n<p><img loading=\"lazy\" decoding=\"async\" class=\"alignnone size-full wp-image-2353\" src=\"https:\/\/www.whitefirdesign.com\/blog\/wp-content\/uploads\/2015\/03\/mojo-marketplace-joomla-version.png\" alt=\"MOJO Marketplace is providing Joomla 2.5.28\" width=\"500\" height=\"150\" srcset=\"https:\/\/www.whitefirdesign.com\/blog\/wp-content\/uploads\/2015\/03\/mojo-marketplace-joomla-version.png 500w, https:\/\/www.whitefirdesign.com\/blog\/wp-content\/uploads\/2015\/03\/mojo-marketplace-joomla-version-300x90.png 300w\" sizes=\"auto, (max-width: 500px) 85vw, 500px\" \/><\/p>\n<p>Somewhat oddly they provide the latest version of Drupal 7, but they don&#8217;t provide\u00a0the latest version Drupal 6, despite those being <a href=\"https:\/\/www.drupal.org\/drupal-7.34\">released together in November<\/a>. That version of Drupal 6, 6.34, <a href=\"https:\/\/www.drupal.org\/drupal-7.34\">fixed a session hijacking vulnerability<\/a>.<\/p>\n<p><img loading=\"lazy\" decoding=\"async\" class=\"alignnone size-full wp-image-2352\" src=\"https:\/\/www.whitefirdesign.com\/blog\/wp-content\/uploads\/2015\/03\/mojo-marketplace-drupal-version.png\" alt=\"MOJO Marketplace is providing Drupal 6.33\" width=\"500\" height=\"150\" srcset=\"https:\/\/www.whitefirdesign.com\/blog\/wp-content\/uploads\/2015\/03\/mojo-marketplace-drupal-version.png 500w, https:\/\/www.whitefirdesign.com\/blog\/wp-content\/uploads\/2015\/03\/mojo-marketplace-drupal-version-300x90.png 300w\" sizes=\"auto, (max-width: 500px) 85vw, 500px\" \/><\/p>\n<p>For MediaWiki they have missed the last two updates to MediaWiki 1.23, both of which included multiple security updates. <a href=\"https:\/\/lists.wikimedia.org\/pipermail\/mediawiki-announce\/2014-November\/000170.html\">Version 1.23.7 was released in November<\/a> and <a href=\"https:\/\/lists.wikimedia.org\/pipermail\/mediawiki-announce\/2014-December\/000173.html\">1.23.8 was released in December<\/a>.<\/p>\n<p><img loading=\"lazy\" decoding=\"async\" class=\"alignnone size-full wp-image-2354\" src=\"https:\/\/www.whitefirdesign.com\/blog\/wp-content\/uploads\/2015\/03\/mojo-marketplace-mediawiki-version.png\" alt=\"MOJO Marketplace is providing MediaWiki 1.23.6\" width=\"500\" height=\"150\" srcset=\"https:\/\/www.whitefirdesign.com\/blog\/wp-content\/uploads\/2015\/03\/mojo-marketplace-mediawiki-version.png 500w, https:\/\/www.whitefirdesign.com\/blog\/wp-content\/uploads\/2015\/03\/mojo-marketplace-mediawiki-version-300x90.png 300w\" sizes=\"auto, (max-width: 500px) 85vw, 500px\" \/><\/p>\n<p>For Zen Cart they have missed version 1.5.3, which<a href=\"http:\/\/www.zen-cart.com\/showthread.php?213846-Zen-Cart-v1-5-3-Released!\"> includes security improvements and was released last July<\/a>, and 1.5.4, which <a href=\"http:\/\/www.zen-cart.com\/showthread.php?215684-Zen-Cart-v1-5-4-Released!\">was released at the end of last year<\/a>.<\/p>\n<p><img loading=\"lazy\" decoding=\"async\" class=\"alignnone size-full wp-image-2355\" src=\"https:\/\/www.whitefirdesign.com\/blog\/wp-content\/uploads\/2015\/03\/mojo-marketplace-zen-cart-version.png\" alt=\"MOJO Marketplace is providing Zen Cart 1.5.1\" width=\"500\" height=\"150\" srcset=\"https:\/\/www.whitefirdesign.com\/blog\/wp-content\/uploads\/2015\/03\/mojo-marketplace-zen-cart-version.png 500w, https:\/\/www.whitefirdesign.com\/blog\/wp-content\/uploads\/2015\/03\/mojo-marketplace-zen-cart-version-300x90.png 300w\" sizes=\"auto, (max-width: 500px) 85vw, 500px\" \/><\/p>\n<p>For concrete5\u00a0they have missed the last two updates to MediaWiki\u00a05.6,\u00a0both of which included multiple security updates.\u00a0<a href=\"http:\/\/www.concrete5.org\/about\/blog\/core-releases\/concrete5-5-7-0-1-and-5-6-3-2-now-available\/\">Version 5.6.3.2\u00a0was released in September<\/a>\u00a0and <a href=\"http:\/\/www.concrete5.org\/about\/blog\/core-releases\/concrete5-5-6-3-3-now-available\/\">5.6.3.3\u00a0was released in February<\/a>.<\/p>\n<p><img loading=\"lazy\" decoding=\"async\" class=\"alignnone size-full wp-image-2356\" src=\"https:\/\/www.whitefirdesign.com\/blog\/wp-content\/uploads\/2015\/03\/mojo-marketplace-concrete5-version.png\" alt=\"MOJO Marketplace is providing concrete 5.6.3.1\" width=\"500\" height=\"150\" srcset=\"https:\/\/www.whitefirdesign.com\/blog\/wp-content\/uploads\/2015\/03\/mojo-marketplace-concrete5-version.png 500w, https:\/\/www.whitefirdesign.com\/blog\/wp-content\/uploads\/2015\/03\/mojo-marketplace-concrete5-version-300x90.png 300w\" sizes=\"auto, (max-width: 500px) 85vw, 500px\" \/><\/p>\n","protected":false},"excerpt":{"rendered":"<p>Last week we noted that web hosts\u00a0should stop providing the SimpleScripts software installation service to their users since it hasn&#8217;t been supported for some time, leaving people with outdated and insecure software on their websites. As part of that we noted that it looks like their service was replaced with the MOJO Marketplace. We decided &hellip; <a href=\"https:\/\/www.whitefirdesign.com\/blog\/2015\/03\/05\/mojo-marketplace-distributing-software-with-known-security-vulnerabilities\/\" class=\"more-link\">Continue reading<span class=\"screen-reader-text\"> &#8220;MOJO Marketplace Distributing Software With Known Security Vulnerabilities&#8221;<\/span><\/a><\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[25,35],"tags":[41],"class_list":["post-2349","post","type-post","status-publish","format-standard","hentry","category-bad-security","category-outdated-web-software","tag-mojo-marketplace"],"_links":{"self":[{"href":"https:\/\/www.whitefirdesign.com\/blog\/wp-json\/wp\/v2\/posts\/2349","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.whitefirdesign.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.whitefirdesign.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.whitefirdesign.com\/blog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.whitefirdesign.com\/blog\/wp-json\/wp\/v2\/comments?post=2349"}],"version-history":[{"count":2,"href":"https:\/\/www.whitefirdesign.com\/blog\/wp-json\/wp\/v2\/posts\/2349\/revisions"}],"predecessor-version":[{"id":2360,"href":"https:\/\/www.whitefirdesign.com\/blog\/wp-json\/wp\/v2\/posts\/2349\/revisions\/2360"}],"wp:attachment":[{"href":"https:\/\/www.whitefirdesign.com\/blog\/wp-json\/wp\/v2\/media?parent=2349"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.whitefirdesign.com\/blog\/wp-json\/wp\/v2\/categories?post=2349"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.whitefirdesign.com\/blog\/wp-json\/wp\/v2\/tags?post=2349"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}