/*====== google reCaptcha ======*/
German Chinese (Traditional) Czech Danish English Filipino French Greek Hebrew Hindi Hungarian Irish Italian Japanese Korean Norwegian Persian Polish Portuguese Russian Spanish Swedish Thai Turkish

Bewertung: 0 / 5

Star InactiveStar InactiveStar InactiveStar InactiveStar Inactive
  • [20190701] - Core - Filter attribute in subform fields allows remote code execution

    Security Announcements Jul 9, 2019 | 15:00 pm

    Project: Joomla!SubProject: CMSImpact: ModerateSeverity: LowVersions: 3.9.7 - 3.9.8Exploit type: Remote Code ExecutionReported Date: 2019-June-20Fixed Date: 2019-July-09CVE Number: TBADescriptionInadequate filtering allows users authorised to create custom fields to manipulate the filtering options and inject an unvalidated option.Affected InstallsJoomla! CMS versions 3.9.7[…]

  • [20190601] - Core - CSV injection in com_actionlogs

    Security Announcements Jun 11, 2019 | 02:00 am

    Project: Joomla!SubProject: CMSImpact: LowSeverity: LowVersions: 3.9.0 through 3.9.6Exploit type: CSV InjectionReported Date: 2019-April-29Fixed Date: 2019-June-11CVE Number: CVE-2019-12765DescriptionThe CSV export of com_actionslogs is vulnerable to CSV injection.Affected InstallsJoomla! CMS versions 3.9.0 through 3.9.6SolutionUpgrade to version 3.9.7ContactThe JSST at the Joomla! Security[…]

  • [20190502] - Core - By-passing protection of Phar Stream Wrapper Interceptor

    Security Announcements May 8, 2019 | 02:00 am

    Project: Joomla!SubProject: CMSImpact: LowSeverity: LowVersions: 3.9.3 through 3.9.5Exploit type: Object InjectionReported Date: 2019-March-27Fixed Date: 2019-May-07DescriptionIn Joomla 3.9.3, the vulnerability of insecure deserialization when executing Phar archives was addressed by removing the known attack vector in the Joomla core. In order[…]

  • [20190501] - Core - XSS in com_users ACL debug views

    Security Announcements May 7, 2019 | 17:00 pm

    Project: Joomla!SubProject: CMSImpact: ModerateSeverity: LowVersions: 1.7.0 through 3.9.5Exploit type: XSSReported Date: 2019-April-29Fixed Date: 2019-May-07CVE Number: CVE-2019-11809DescriptionThe debug views of com_users do not properly escape user supplied data, which leads to a potential XSS attack vector.Affected InstallsJoomla! CMS versions 1.7.0 through[…]

  • [20190401] - Core - Directory Traversal in com_media

    Security Announcements Apr 9, 2019 | 17:00 pm

    Project: Joomla!SubProject: CMSImpact: ModerateSeverity: LowVersions: 1.5.0 through 3.9.4Exploit type: Directory TraversalReported Date: 2019-March-13Fixed Date: 2019-April-08CVE Number: CVE-2019-10945DescriptionThe Media Manager component does not properly sanitise the folder parameter, allowing attackers to act outside the media manager root directory.Affected InstallsJoomla! CMS versions 1.5.0[…]

  • [20190304] - Core - Missing ACL check in sample data plugins

    Security Announcements Mar 12, 2019 | 16:00 pm

    Project: Joomla!SubProject: CMSImpact: ModerateSeverity: HighVersions: 3.8.0 through 3.9.3Exploit type: XSSReported Date: 2019-February-28Fixed Date: 2019-March-12CVE Number: CVE-2019-9713DescriptionThe sample data plugins lack ACL checks, allowing unauthorized access.Affected InstallsJoomla! CMS versions 3.8.0 through 3.9.3SolutionUpgrade to version 3.9.4ContactThe JSST at the Joomla! Security Centre.Reported[…]




Beitrag teilen

Submit to DeliciousSubmit to DiggSubmit to FacebookSubmit to Google PlusSubmit to StumbleuponSubmit to TechnoratiSubmit to TwitterSubmit to LinkedIn


Go to top