Welcome Guest ( Log In | Register )


 
Reply to this topicStart new topic
> Joomla! Security News
NickTheGreek
post 26 Apr 2015, 06:13 PM
Post #1


Administrator
Group Icon

Group: Admin
Posts: 110735
Joined: 3-June 05
From: Athens, Greece
Member No.: 1
Zodiac Sign: I'm a leo!
Gender: I'm a m!



Joomla! Security News






[20140904] - Core - Denial of Service



Posted: 30 Sep 2014 12:00 PM PDT
  • Project: Joomla!
  • SubProject: CMS
  • Severity: Low
  • Versions: 2.5.4 through 2.5.25, 3.2.5 and earlier 3.x versions, 3.3.0 through 3.3.4
  • Exploit type: Denial of Service
  • Reported Date: 2014-September-24
  • Fixed Date: 2014-September-30
  • CVE Number: CVE-2014-7229
Description


Inadequate checking allowed the potential for a denial of service attack.


Affected Installs


Joomla! CMS versions 2.5.4 through 2.5.25, 3.2.5 and earlier 3.x versions, 3.3.0 through 3.3.4


Solution


Upgrade to version 2.5.26, 3.2.6, or 3.3.5


Contact


The JSST at the Joomla! Security Center.
Reported By: Johannes Dahse







[20140903] - Core - Remote File Inclusion



Posted: 30 Sep 2014 12:00 PM PDT
  • Project: Joomla!
  • SubProject: CMS
  • Severity: Moderate
  • Versions: 2.5.4 through 2.5.25, 3.2.5 and earlier 3.x versions, 3.3.0 through 3.3.4
  • Exploit type: Remote File Inclusion
  • Reported Date: 2014-September-24
  • Fixed Date: 2014-September-30
  • CVE Number: CVE-2014-7228
Description


Inadequate checking allowed the potential for remote files to be executed.


Affected Installs


Joomla! CMS versions 2.5.4 through 2.5.25, 3.2.5 and earlier 3.x versions, 3.3.0 through 3.3.4


Solution


Upgrade to version 2.5.26, 3.2.6, or 3.3.5


Additional Details


Please refer to AkeebaBackup.com for additional details.


Contact


The JSST at the Joomla! Security Center.
Reported By: Johannes Dahse







[20140902] - Core - Unauthorised Logins



Posted: 23 Sep 2014 12:00 PM PDT
  • Project: Joomla!
  • SubProject: CMS
  • Severity: Moderate
  • Versions: 2.5.24 and earlier 2.5.x versions, 3.2.4 and earlier 3.x versions, 3.3.0 through 3.3.3
  • Exploit type: Unauthorised Logins
  • Reported Date: 2014-September-09
  • Fixed Date: 2014-September-23
  • CVE Number: CVE-2014-6632
Description


Inadequate checking allowed unauthorised logins via LDAP authentication.


Affected Installs


Joomla! CMS versions 2.5.24 and earlier 2.5.x versions, 3.2.4 and earlier 3.x versions, 3.3.0 through 3.3.3


Solution


Upgrade to version 2.5.25, 3.2.5, or 3.3.4


Contact


The JSST at the Joomla! Security Center.
Reported By: Matthew Daley







[20140901] - Core - XSS Vulnerability



Posted: 23 Sep 2014 12:00 PM PDT
  • Project: Joomla!
  • SubProject: CMS
  • Severity: Moderate
  • Versions: 3.2.0 through 3.2.4, 3.3.0 through 3.3.3
  • Exploit type: XSS Vulnerability
  • Reported Date: 2014-August-27
  • Fixed Date: 2014-September-23
  • CVE Number: CVE-2014-6631
Description


Inadequate escaping leads to XSS vulnerability in com_media.


Affected Installs


Joomla! CMS versions 3.2.0 through 3.2.4 and 3.3.0 through 3.3.3


Solution


Upgrade to version 3.2.5 or 3.3.4


Contact


The JSST at the Joomla! Security Center.
Reported By: Dingjie (Daniel) Yang







[20140301] - Core - SQL Injection



Posted: 06 Mar 2014 12:30 PM PST
  • Project: Joomla!
  • SubProject: CMS
  • Severity: High
  • Versions: 3.1.0 through 3.2.2
  • Exploit type: SQL Injection
  • Reported Date: 2014-February-06
  • Fixed Date: 2014-March-06
  • CVE Number: Pending
Description


Inadequate escaping leads to SQL injection vulnerability.


Affected Installs


Joomla! CMS versions 3.1.0 through 3.2.2


Solution


Upgrade to version 3.2.3


Contact


The JSST at the Joomla! Security Center.
Reported By: ??








[20140302] - Core - XSS Vulnerability



Posted: 06 Mar 2014 12:30 PM PST
  • Project: Joomla!
  • SubProject: CMS
  • Severity: Moderate
  • Versions: 3.1.2 through 3.2.2
  • Exploit type: XSS Vulnerability
  • Reported Date: 2014-March-04
  • Fixed Date: 2014-March-06
  • CVE Number: Pending
Description


Inadequate escaping leads to XSS vulnerability in com_contact.


Affected Installs


Joomla! CMS versions 3.1.2 through 3.2.2


Solution


Upgrade to version 3.2.3


Contact


The JSST at the Joomla! Security Center.
Reported By: ??








[20140303] - Core - XSS Vulnerability



Posted: 06 Mar 2014 12:30 PM PST
  • Project: Joomla!
  • SubProject: CMS
  • Severity: Moderate
  • Versions: 2.5.18 and earlier 2.5.x versions, 3.2.2 and earlier 3.x versions
  • Exploit type: XSS Vulnerability
  • Reported Date: 2014-March-05
  • Fixed Date: 2014-March-06
  • CVE Number: Pending
Description


Inadequate escaping leads to XSS vulnerability.


Affected Installs


Joomla! CMS versions 2.5.18 and earlier 2.5.x versions, 3.2.2 and earlier 3.x versions


Solution


Upgrade to version 2.5.19 or 3.2.3


Contact


The JSST at the Joomla! Security Center.
Reported By: JSST








[20140304] - Core - Unauthorised Logins



Posted: 06 Mar 2014 12:30 PM PST
  • Project: Joomla!
  • SubProject: CMS
  • Severity: Moderate
  • Versions: 2.5.18 and earlier 2.5.x versions, 3.2.2 and earlier 3.x versions
  • Exploit type: Unauthorised Logins
  • Reported Date: 2014-February-21
  • Fixed Date: 2014-March-06
  • CVE Number: Pending
Description


Inadequate checking allowed unauthorised logins via GMail authentication.


Affected Installs


Joomla! CMS versions 2.5.18 and earlier 2.5.x versions, 3.2.2 and earlier 3.x versions


Solution


Upgrade to version 2.5.19 or 3.2.3


Contact


The JSST at the Joomla! Security Center.
Reported By: Stefania Gaianigo







[20131103] Core XSS Vulnerability



Posted: 06 Nov 2013 10:47 AM PST
  • Project: Joomla!
  • SubProject: All
  • Severity: Moderate
  • Versions: 2.5.14 and earlier 2.5.x versions. 3.1.5 and earlier 3.x versions.
  • Exploit type: XSS Vulnerability
  • Reported Date: 2013-October-26
  • Fixed Date: 2013-November-06
  • CVE Number:
Description


Inadequate filtering leads to XSS vulnerability in com_contact.


Affected Installs


Joomla! version 2.5.14 and earlier 2.5.x versions; and version 3.1.5 and earlier 3.0.x versions.


Solution


Upgrade to version 2.5.16, 3.1.6 or 3.2.


Contact


The JSST at the Joomla! Security Center.
Reported By: Osanda Malith Jayathissa







[20131102] Core XSS Vulnerability



Posted: 06 Nov 2013 10:47 AM PST
  • Project: Joomla!
  • SubProject: All
  • Severity: Moderate
  • Versions: 2.5.14 and earlier 2.5.x versions. 3.1.5 and earlier 3.x versions.
  • Exploit type: XSS Vulnerability
  • Reported Date: 2013-October-06
  • Fixed Date: 2013-November-06
  • CVE Number:
Description


Inadequate filtering leads to XSS vulnerability in com_contact, com_weblinks, com_newsfeeds.


Affected Installs


Joomla! version 2.5.14 and earlier 2.5.x versions; and version 3.1.5 and earlier 3.0.x versions.


Solution


Upgrade to version 2.5.16, 3.1.6 or 3.2.


Contact


The JSST at the Joomla! Security Center.
Reported By: Osanda Malith Jayathissa








[20131101] Core XSS Vulnerability



Posted: 06 Nov 2013 10:47 AM PST
  • Project: Joomla!
  • SubProject: All
  • Severity: High
  • Versions: 2.5.14 and earlier 2.5.x versions. 3.1.5 and earlier 3.x versions.
  • Exploit type: XSS Vulnerability
  • Reported Date: 2013-October-25
  • Fixed Date: 2013-November-06
  • CVE Number:
Description


Inadequate filtering leads to XSS vulnerability in com_contact.


Affected Installs


Joomla! version 2.5.14 and earlier 2.5.x versions; and version 3.1.5 and earlier 3.0.x versions.


Solution


Upgrade to version 2.5.16, 3.1.6 or 3.2.


Contact


The JSST at the Joomla! Security Center.
Reported By: Osanda Malith Jayathissa


--------------------

c:\ When the going gets tough, the tough get going ...
Go to the top of the page
 
Bookmark this: Post to Del.icio.usPost to DiggPost to FacebookPost to GooglePost to SlashdotPost to StumbleUponPost to TechnoratiPost to YahooMyWeb
+Quote Post

Reply to this topicStart new topic
2 User(s) are reading this topic (2 Guests and 0 Anonymous Users)
0 Members:

 



RSS Lo-Fi Version Time is now: 19th March 2024 - 08:56 AM
Skin and Graphics by Dan Ellis and Anubis. Hosting by Forums & More © 2005-2011.
InvisionGames - Your #1 Arcade Games Repository | AllSigs - Signatures for all | Rock Band + Guitar Hero = RockHero ! | The Remoters - Remote Assistance | FileMiners - You ask, We find