Security

///////////////////////////////////////////
[20140904] – Core – Denial of Service

Posted: 30 Sep 2014 12:00 PM PDT
http://feedproxy.google.com/~r/JoomlaSecurityNews/~3/MWxjsJYnk9U/596-20140904-core-denial-of-service.html?utm_source=feedburner&utm_medium=email

Project: Joomla!
SubProject: CMS
Severity: Low
Versions: 2.5.4 through 2.5.25, 3.2.5 and earlier 3.x versions, 3.3.0
through 3.3.4
Exploit type: Denial of Service
Reported Date: 2014-September-24
Fixed Date: 2014-September-30
CVE Number: CVE-2014-7229

Description

Inadequate checking allowed the potential for a denial of service attack.
Affected Installs

Joomla! CMS versions 2.5.4 through 2.5.25, 3.2.5 and earlier 3.x versions,
3.3.0 through 3.3.4
Solution

Upgrade to version 2.5.26, 3.2.6, or 3.3.5
Contact

The JSST at the Joomla! Security Center.
Reported By: Johannes Dahse

///////////////////////////////////////////
[20140903] – Core – Remote File Inclusion

Posted: 30 Sep 2014 12:00 PM PDT
http://feedproxy.google.com/~r/JoomlaSecurityNews/~3/NTyZcpJMN00/595-20140903-core-remote-file-inclusion.html?utm_source=feedburner&utm_medium=email

Project: Joomla!
SubProject: CMS
Severity: Moderate
Versions: 2.5.4 through 2.5.25, 3.2.5 and earlier 3.x versions, 3.3.0
through 3.3.4
Exploit type: Remote File Inclusion
Reported Date: 2014-September-24
Fixed Date: 2014-September-30
CVE Number: CVE-2014-7228

Description

Inadequate checking allowed the potential for remote files to be executed.
Affected Installs

Joomla! CMS versions 2.5.4 through 2.5.25, 3.2.5 and earlier 3.x versions,
3.3.0 through 3.3.4
Solution

Upgrade to version 2.5.26, 3.2.6, or 3.3.5
Additional Details

Please refer to AkeebaBackup.com for additional details.
Contact

The JSST at the Joomla! Security Center.
Reported By: Johannes Dahse

—
You are subscribed to email updates from “Security.”