News Feed Category

Vietnamese English

Joomla! Security News

    • Project: Joomla!
    • SubProject: CMS
    • Severity: Low
    • Versions: 3.7.0 through 3.7.5
    • Exploit type: Information Disclosure
    • Reported Date: 2017-August-4
    • Fixed Date: 2017-September-19
    • CVE Number: CVE-2017-14595

    Description

    A logic bug in a SQL query could lead to the disclosure of article intro texts when these articles are in the archived state.

    Affected Installs

    Joomla! CMS versions 3.7.0 through 3.7.5

    Solution

    Upgrade to version 3.8.0

    Contact

    The JSST at the Joomla! Security Centre.

    Reported By:Michal Prochaczek
    • Project: Joomla!
    • SubProject: CMS
    • Severity: Medium
    • Versions: 1.5.0 through 3.7.5
    • Exploit type: Information Disclosure
    • Reported Date: 2017-July-27
    • Fixed Date: 2017-September-19
    • CVE Number: CVE-2017-14596

    Description

    Inadequate escaping in the LDAP authentication plugin can result into a disclosure of username and password.

    Affected Installs

    Joomla! CMS versions 1.5.0 through 3.7.5

    Solution

    Upgrade to version 3.8.0

    Contact

    The JSST at the Joomla! Security Centre.

    Reported By:Dr. Johannes Dahse, RIPS Technologies GmbH
    • Project: Joomla!
    • SubProject: CMS Installer
    • Severity: High
    • Versions: 1.0.0 through 3.7.3
    • Exploit type: Lack of Ownership Verification
    • Reported Date: 2017-Apr-06
    • Fixed Date: 2017-July-25
    • CVE Number: CVE-2017-11364

    Description

    The CMS installer application lacked a process to verify the users ownership of a webspace, potentially allowing users to gain control.

    Please note: Already installed sites are not affected, as this issue is limited to the installer application!

    Affected Installs

    Joomla! CMS versions 1.0.0 through 3.7.3

    Solution

    Upgrade to version 3.7.4

    Contact

    The JSST at the Joomla! Security Centre.

    Reported By: Hanno Böck
    • Project: Joomla!
    • SubProject: CMS
    • Severity: Low
    • Versions: 1.5.0 through 3.7.3
    • Exploit type: XSS
    • Reported Date: 2017-April-26
    • Fixed Date: 2017-July-25
    • CVE Number: CVE-2017-11612

    Description

    Inadequate filtering of potentially malicious HTML tags leads to XSS vulnerabilities in various components.

    Affected Installs

    Joomla! CMS versions 1.5.0 through 3.7.3

    Solution

    Upgrade to version 3.7.4

    Contact

    The JSST at the Joomla! Security Centre.

    Reported By: Beat B, JSST
    • Project: Joomla!
    • SubProject: CMS
    • Severity: High
    • Versions: 1.7.3 - 3.7.2
    • Exploit type: Information Disclosure
    • Reported Date: 2016-Feb-05
    • Fixed Date: 2017-July-04
    • CVE Number: CVE-2017-9933

    Description

    Improper cache invalidation leads to disclosure of form contents.

    Affected Installs

    Joomla! CMS versions 1.7.3-3.7.2

    Solution

    Upgrade to version 3.7.3

    Contact

    The JSST at the Joomla! Security Centre.

    Reported By: Jeff Channell

GIỚI THIỆU

20160804 125944Chúng tôi tạo ra các sản phẩm đồng bộ, đảm bảo về mặt chất lượng, giá thành hợp lý ...

  Đọc Thêm  

DỊCH VỤ

20160804 130026ECO chuyên cung cấp vật tư, thiết bị cho Tổng điện lực và các điện lực trực thuộc và các nhà máy xí nghiệp công nghiệp...

Đọc Thêm  

TUYỂN DỤNG

20160804 130121Khám phá cơ hội hợp tác với các tập đoàn xuyên quốc gia ,

các đối tác nước ngoài lớn có uy tín...

 Đọc Thêm 

ke1

Partners

doitac


213
          SIGN UP FOR EMAIL                       

 

Please publish modules in offcanvas position.