joi, 13 ianuarie 2011

Ultimele vulnerabilități Joomla

O listă cu ultimele vulnerabilități descoperite în Joomla. Administrația sitewebgratis.com recomandă actualizarea motorului Joomla până la ultima versiune stabilă (1.5.22 în momentul de față).
Pentru a vedea versiunea instalării de Joomla, accesați fișierul CHANGELOG.php din directoriul site-ului, sau căutați în partea dreaptă sus în panoul de administrare.
Mai devreme am publicat un ghid despre instalare Joomla.

====

Joomla! Security News


Posted: 04 Nov 2010 09:04 AM PDT
  • Project: Joomla!
  • SubProject: All
  • Severity: Low
  • Versions: 1.5.21 and all previous 1.5 releases
  • Exploit type: SQL Injection - Information Disclosure
  • Reported Date: 2010-October-05
  • Fixed Date: 2010-November-04

Description

Inadequate filtering of request variables causes database errors.

Affected Installs

All 1.5.x installs prior to and including 1.5.21 are affected.

Solution

Upgrade to the latest Joomla! version (1.5.22 or later)
Reported by YGN Ethical Hacker Group

Contact

The JSST at the Joomla! Security Center.
Posted: 08 Oct 2010 09:04 AM PDT
  • Project: Joomla!
  • SubProject: All
  • Severity: Medium
  • Versions: 1.5.20 and all previous 1.5 releases
  • Exploit type: XSS Injection
  • Reported Date: 2010-October-05
  • Fixed Date: 2010-October-08

Description

Inadequate filtering of multiple encoded entities permits XSS attacks in some circumstances.

Affected Installs

All 1.5.x installs prior to and including 1.5.20 are affected.

Solution

Upgrade to the latest Joomla! version (1.5.21 or later)
Reported by YGN Ethical Hacker Group

Contact

The JSST at the Joomla! Security Center.
Posted: 15 Jul 2010 09:04 AM PDT
  • Project: Joomla!
  • SubProject: All
  • Severity: Low
  • Versions: 1.5.19 and all previous 1.5 releases
  • Exploit type: Internal Path Exposure
  • Reported Date: 2010-June-10
  • Fixed Date: 2010-July-15

Description

Back-end user can create MySQL error which shows internal path information in the error message.

Affected Installs

All 1.5.x installs prior to and including 1.5.19 are affected.

Solution

Upgrade to the latest Joomla! version (1.5.20 or later)
Reported by Andy Gorges

Contact

The JSST at the Joomla! Security Center.
Posted: 15 Jul 2010 09:04 AM PDT
  • Project: Joomla!
  • SubProject: All
  • Severity: Medium
  • Versions: 1.5.19 and all previous 1.5 releases
  • Exploit type: XSS Injection
  • Reported Date: 2010-June-8
  • Fixed Date: 2010-July-15

Description

Back-end user can inject Javascript in various administrator screens.

Affected Installs

All 1.5.x installs prior to and including 1.5.19 are affected.

Solution

Upgrade to the latest Joomla! version (1.5.20 or later)
Reported by José Antonio Vázquez González

Contact

The JSST at the Joomla! Security Center.
Posted: 15 Jul 2010 09:04 AM PDT
  • Project: Joomla!
  • SubProject: All
  • Severity: Medium
  • Versions: 1.5.19 and all previous 1.5 releases
  • Exploit type: XSS Injection
  • Reported Date: 2010-June-8
  • Fixed Date: 2010-July-15

Description

Back-end user can inject Javascript in various administrator screens.

Affected Installs

All 1.5.x installs prior to and including 1.5.19 are affected.

Solution

Upgrade to the latest Joomla! version (1.5.20 or later)
Reported by José Antonio Vázquez González

Contact

The JSST at the Joomla! Security Center.
Posted: 15 Jul 2010 09:04 AM PDT
  • Project: Joomla!
  • SubProject: All
  • Severity: Medium
  • Versions: 1.5.19 and all previous 1.5 releases
  • Exploit type: XSS Injection
  • Reported Date: 2010-June-1
  • Fixed Date: 2010-July-15

Description

Back-end user can inject Javascript in various administrator screens.

Affected Installs

All 1.5.x installs prior to and including 1.5.19 are affected.

Solution

Upgrade to the latest Joomla! version (1.5.20 or later)
Reported by Mesut Timur.

Contact

The JSST at the Joomla! Security Center.
Posted: 27 May 2010 05:00 PM PDT
  • Project: Joomla!
  • SubProject: All
  • Severity: High
  • Versions: 1.5.17 and all previous 1.5 releases
  • Exploit type: XSS Injection
  • Reported Date: 2010-May-13
  • Fixed Date: 2010-May-28

Description

Back-end user can inject javascript in various administrator screens.

Affected Installs

All 1.5.x installs prior to and including 1.5.17 are affected.

Solution

Upgrade to the latest Joomla! version (1.5.18 or later)
Reported by Riyaz Ahemed

Contact

The JSST at the Joomla! Security Center.
Posted: 23 Apr 2010 10:31 AM PDT
  • Project: Joomla!
  • SubProject: All
  • Severity: Moderate
  • Versions: 1.5.15 and all previous 1.5 releases
  • Exploit type: information Disclosure
  • Reported Date: 2010-Feb-21
  • Fixed Date: 2010-Apr-23

Description

If a user entered a URL with a negative query limit or offset, a PHP notice would display revealing information about the system.

Affected Installs

All 1.5.x installs prior to and including 1.5.15 are affected.

Solution

Upgrade to the latest Joomla! version (1.5.16 or later)
Reported by Security List

Contact

The JSST at the Joomla! Security Center.
Posted: 23 Apr 2010 10:27 AM PDT
  • Project: Joomla!
  • SubProject: All
  • Severity: Low
  • Versions: 1.5.15 and all previous 1.5 releases
  • Exploit type: Code upload
  • Reported Date: 2009-Dec-30
  • Fixed Date: 2010-Apr-23

Description

The migration script in the Joomla! installer does not check the file type being uploaded. If the installation application is present, an attacker could use it to upload malicious files to a server.

Affected Installs

All 1.5.x installs prior to and including 1.5.15 are affected.

Solution

Upgrade to the latest Joomla! version (1.5.16 or later)
Reported by Nicola Bettini

Contact

The JSST at the Joomla! Security Center.
Publicat de Sergiu la 13:25
Etichete: ,

Niciun comentariu:

Trimiteți un comentariu

Abonați-vă la: Postare comentarii (Atom)