/*====== google reCaptcha ======*/
German Chinese (Traditional) Czech Danish English Filipino French Greek Hebrew Hindi Hungarian Irish Italian Japanese Korean Norwegian Persian Polish Portuguese Russian Spanish Swedish Thai Turkish

Bewertung: 0 / 5

Star InactiveStar InactiveStar InactiveStar InactiveStar Inactive
 
  • [20190502] - Core - By-passing protection of Phar Stream Wrapper Interceptor

    Security Announcements May 8, 2019 | 02:00 am

    Project: Joomla!SubProject: CMSImpact: LowSeverity: LowVersions: 3.9.3 through 3.9.5Exploit type: Object InjectionReported Date: 2019-March-27Fixed Date: 2019-May-07DescriptionIn Joomla 3.9.3, the vulnerability of insecure deserialization when executing Phar archives was addressed by removing the known attack vector in the Joomla core. In order[…]

    Read more...
  • [20190501] - Core - XSS in com_users ACL debug views

    Security Announcements May 7, 2019 | 17:00 pm

    Project: Joomla!SubProject: CMSImpact: ModerateSeverity: LowVersions: 1.7.0 through 3.9.5Exploit type: XSSReported Date: 2019-April-29Fixed Date: 2019-May-07CVE Number: CVE-2019-11809DescriptionThe debug views of com_users do not properly escape user supplied data, which leads to a potential XSS attack vector.Affected InstallsJoomla! CMS versions 1.7.0 through[…]

    Read more...
  • [20190401] - Core - Directory Traversal in com_media

    Security Announcements Apr 9, 2019 | 17:00 pm

    Project: Joomla!SubProject: CMSImpact: ModerateSeverity: LowVersions: 1.5.0 through 3.9.4Exploit type: Directory TraversalReported Date: 2019-March-13Fixed Date: 2019-April-08CVE Number: CVE-2019-10945DescriptionThe Media Manager component does not properly sanitise the folder parameter, allowing attackers to act outside the media manager root directory.Affected InstallsJoomla! CMS versions 1.5.0[…]

    Read more...
  • [20190301] - Core - XSS in com_config JSON handler

    Security Announcements Mar 12, 2019 | 16:00 pm

    Project: Joomla!SubProject: CMSImpact: LowSeverity: LowVersions: 3.2.0 through 3.9.3Exploit type: XSSReported Date: 2019-March-04Fixed Date: 2019-March-12CVE Number: CVE-2019-9712DescriptionThe JSON handler in com_config lacks input validation, leading to XSS vulnerability.Affected InstallsJoomla! CMS versions 3.2.0 through 3.9.3SolutionUpgrade to version 3.9.4ContactThe JSST at the Joomla![…]

    Read more...
  • [20190206] - Core - Implement the TYPO3 PHAR stream wrapper

    Security Announcements Feb 12, 2019 | 16:00 pm

    Project: Joomla!SubProject: CMSImpact: LowSeverity: LowVersions: 2.5.0 through 3.9.2Exploit type: Object InjectionReported Date: 2019-January-18Fixed Date: 2019-February-12CVE Number: CVE-2019-7743DescriptionThe phar:// stream wrapper can be used for objection injection attacks. We now disallow usage of the phar:// handler for non .phar-files within the[…]

    Read more...

 

 

Beitrag teilen

Submit to DeliciousSubmit to DiggSubmit to FacebookSubmit to Google PlusSubmit to StumbleuponSubmit to TechnoratiSubmit to TwitterSubmit to LinkedIn

Empfehlung

Go to top