Home News Feeds Joomla! Security News
Newsfeeds
Security


  • [20140901] - Core - XSS Vulnerability
    • Project: Joomla!
    • SubProject: CMS
    • Severity: Moderate
    • Versions: 3.2.0 through 3.2.4, 3.3.0 through 3.3.3
    • Exploit type: XSS Vulnerability
    • Reported Date: 2014-August-27
    • Fixed Date: 2014-September-23
    • CVE Number: CVE-2014-6631

    Description

    Inadequate escaping leads to XSS vulnerability in com_media.

    Affected Installs

    Joomla! CMS versions 3.2.0 through 3.2.4 and 3.3.0 through 3.3.3

    Solution

    Upgrade to version 3.2.5 or 3.3.4

    Contact

    The JSST at the Joomla! Security Center.

    Reported By: Dingjie (Daniel) Yang


  • [20140902] - Core - Unauthorised Logins
    • Project: Joomla!
    • SubProject: CMS
    • Severity: Moderate
    • Versions: 2.5.24 and earlier 2.5.x versions, 3.2.4 and earlier 3.x versions, 3.3.0 through 3.3.3
    • Exploit type: Unauthorised Logins
    • Reported Date: 2014-September-09
    • Fixed Date: 2014-September-23
    • CVE Number: CVE-2014-6632

    Description

    Inadequate checking allowed unauthorised logins via LDAP authentication.

    Affected Installs

    Joomla! CMS versions 2.5.24 and earlier 2.5.x versions, 3.2.4 and earlier 3.x versions, 3.3.0 through 3.3.3

    Solution

    Upgrade to version 2.5.25, 3.2.5, or 3.3.4

    Contact

    The JSST at the Joomla! Security Center.

    Reported By: Matthew Daley


  • [20140304] - Core - Unauthorised Logins
    • Project: Joomla!
    • SubProject: CMS
    • Severity: Moderate
    • Versions: 2.5.18 and earlier 2.5.x versions, 3.2.2 and earlier 3.x versions
    • Exploit type: Unauthorised Logins
    • Reported Date: 2014-February-21
    • Fixed Date: 2014-March-06
    • CVE Number: Pending

    Description

    Inadequate checking allowed unauthorised logins via GMail authentication.

    Affected Installs

    Joomla! CMS versions 2.5.18 and earlier 2.5.x versions, 3.2.2 and earlier 3.x versions

    Solution

    Upgrade to version 2.5.19 or 3.2.3

    Contact

    The JSST at the Joomla! Security Center.

    Reported By: Stefania Gaianigo


  • [20140302] - Core - XSS Vulnerability
    • Project: Joomla!
    • SubProject: CMS
    • Severity: Moderate
    • Versions: 3.1.2 through 3.2.2
    • Exploit type: XSS Vulnerability
    • Reported Date: 2014-March-04
    • Fixed Date: 2014-March-06
    • CVE Number: Pending

    Description

    Inadequate escaping leads to XSS vulnerability in com_contact.

    Affected Installs

    Joomla! CMS versions 3.1.2 through 3.2.2

    Solution

    Upgrade to version 3.2.3

    Contact

    The JSST at the Joomla! Security Center.

    Reported By: ??


  • [20140301] - Core - SQL Injection
    • Project: Joomla!
    • SubProject: CMS
    • Severity: High
    • Versions: 3.1.0 through 3.2.2
    • Exploit type: SQL Injection
    • Reported Date: 2014-February-06
    • Fixed Date: 2014-March-06
    • CVE Number: Pending

    Description

    Inadequate escaping leads to SQL injection vulnerability.

    Affected Installs

    Joomla! CMS versions 3.1.0 through 3.2.2

    Solution

    Upgrade to version 3.2.3

    Contact

    The JSST at the Joomla! Security Center.

    Reported By: ??
Banner
Copyright © 2024 mypage. All Rights Reserved.
Joomla! is Free Software released under the GNU/GPL License.