- Detalji os-a: MAC, LDE, FED, FBS, LGE, LMV, LRH, LSU, LUB, W03, W08, WN7, VIS, WXP
- Važnost: IMP
- Operativni sustavi: O
- Kategorije: APL, LDE, LFE, FBS, LGE, HPQ, LMV, LRH, LSU, ALL, LUB, W03, W08, W12, WN7, WN8, VIS, WXP
Security
///////////////////////////////////////////
[20140301] – Core – SQL Injection
Posted: 06 Mar 2014 12:30 PM PST
http://feedproxy.google.com/~r/JoomlaSecurityNews/~3/xcttKR2_t_4/578-20140301-core-sql-injection.html?utm_source=feedburner&utm_medium=email
Project: Joomla!
SubProject: CMS
Severity: High
Versions: 3.1.0 through 3.2.2
Exploit type: SQL Injection
Reported Date: 2014-February-06
Fixed Date: 2014-March-06
CVE Number: Pending
Description
Inadequate escaping leads to SQL injection vulnerability.
Affected Installs
Joomla! CMS versions 3.1.0 through 3.2.2
Solution
Upgrade to version 3.2.3
Contact
The JSST at the Joomla! Security Center.
Reported By: ??
///////////////////////////////////////////
[20140302] – Core – XSS Vulnerability
Posted: 06 Mar 2014 12:30 PM PST
http://feedproxy.google.com/~r/JoomlaSecurityNews/~3/-FMP5B4UydI/579-20140302-core-xss-vulnerability.html?utm_source=feedburner&utm_medium=email
Project: Joomla!
SubProject: CMS
Severity: Moderate
Versions: 3.1.2 through 3.2.2
Exploit type: XSS Vulnerability
Reported Date: 2014-March-04
Fixed Date: 2014-March-06
CVE Number: Pending
Description
Inadequate escaping leads to XSS vulnerability in com_contact.
Affected Installs
Joomla! CMS versions 3.1.2 through 3.2.2
Solution
Upgrade to version 3.2.3
Contact
The JSST at the Joomla! Security Center.
Reported By: ??
///////////////////////////////////////////
[20140303] – Core – XSS Vulnerability
Posted: 06 Mar 2014 12:30 PM PST
http://feedproxy.google.com/~r/JoomlaSecurityNews/~3/3SC6NBuk13g/580-20140303-core-xss-vulnerability.html?utm_source=feedburner&utm_medium=email
Project: Joomla!
SubProject: CMS
Severity: Moderate
Versions: 2.5.18 and earlier 2.5.x versions, 3.2.2 and earlier 3.x versions
Exploit type: XSS Vulnerability
Reported Date: 2014-March-05
Fixed Date: 2014-March-06
CVE Number: Pending
Description
Inadequate escaping leads to XSS vulnerability.
Affected Installs
Joomla! CMS versions 2.5.18 and earlier 2.5.x versions, 3.2.2 and earlier
3.x versions
Solution
Upgrade to version 2.5.19 or 3.2.3
Contact
The JSST at the Joomla! Security Center.
Reported By: JSST
///////////////////////////////////////////
[20140304] – Core – Unauthorised Logins
Posted: 06 Mar 2014 12:30 PM PST
http://feedproxy.google.com/~r/JoomlaSecurityNews/~3/oiSyKvvYgXA/581-20140304-core-unauthorised-logins.html?utm_source=feedburner&utm_medium=email
Project: Joomla!
SubProject: CMS
Severity: Moderate
Versions: 2.5.18 and earlier 2.5.x versions, 3.2.2 and earlier 3.x versions
Exploit type: Unauthorised Logins
Reported Date: 2014-February-21
Fixed Date: 2014-March-06
CVE Number: Pending
Description
Inadequate checking allowed unauthorised logins via GMail authentication.
Affected Installs
Joomla! CMS versions 2.5.18 and earlier 2.5.x versions, 3.2.2 and earlier
3.x versions
Solution
Upgrade to version 2.5.19 or 3.2.3
Contact
The JSST at the Joomla! Security Center.
Reported By: Stefania Gaianigo
—
You are subscribed to email updates from “Security.”
| Autor | Tomislav Protega |
| Cert id | NCERT-REF-2014-03-0032-ADV |
| ID izvornika | 20140301 20140302 20140303 20140304 |
| Proizvod | Joomla! |
| Izvor | http://www.joomla.org/ |
