Percorso

Security Announcements

  1. [20171103] - Core - Information Disclosure
    • Project: Joomla!
    • SubProject: CMS
    • Severity: Low
    • Versions: 3.7.0 through 3.8.1
    • Exploit type: Information Disclosure
    • Reported Date: 2017-May-17
    • Fixed Date: 2017-November-07
    • CVE Number: CVE-2017-16633

    Description

    A logic bug in com_fields exposed read-only information about a site's custom fields to unauthorized users.

    Affected Installs

    Joomla! CMS versions 3.7.0 through 3.8.1

    Solution

    Upgrade to version 3.8.2

    Contact

    The JSST at the Joomla! Security Centre.

    Reported By: Internal JSST audit
  2. [20171102] - Core - 2-factor-authentication bypass
    • Project: Joomla!
    • SubProject: CMS
    • Severity: Medium
    • Versions: 3.2.0 through 3.8.1
    • Exploit type: 
    • Reported Date: 2017-October-31
    • Fixed Date: 2017-November-07
    • CVE Number: CVE-2017-16634

    Description

    A bug allowed third parties to bypass a user's 2-factor-authentication method.

    Affected Installs

    Joomla! CMS versions 3.2.0 through 3.8.1

    Solution

    Upgrade to version 3.8.2

    Contact

    The JSST at the Joomla! Security Centre.

    Reported By: Yarince
  3. [20171101] - Core - LDAP Information Disclosure
    • Project: Joomla!
    • SubProject: CMS
    • Severity: Medium
    • Versions: 1.5.0 through 3.8.1
    • Exploit type: Information Disclosure
    • Reported Date: 2017-October-06
    • Fixed Date: 2017-November-07
    • CVE Number: CVE-2017-14596

    Description

    Inadequate escaping in the LDAP authentication plugin can result in disclosure of username and password.

    Affected Installs

    Joomla! CMS versions 1.5.0 through 3.8.1

    Solution

    Upgrade to version 3.8.2

    Contact

    The JSST at the Joomla! Security Centre.

    Reported By: Dr. Johannes Dahse, RIPS Technologies GmbH
  4. [20170901] - Core - Information Disclosure
    • Project: Joomla!
    • SubProject: CMS
    • Severity: Low
    • Versions: 3.7.0 through 3.7.5
    • Exploit type: Information Disclosure
    • Reported Date: 2017-August-4
    • Fixed Date: 2017-September-19
    • CVE Number: CVE-2017-14595

    Description

    A logic bug in a SQL query could lead to the disclosure of article intro texts when these articles are in the archived state.

    Affected Installs

    Joomla! CMS versions 3.7.0 through 3.7.5

    Solution

    Upgrade to version 3.8.0

    Contact

    The JSST at the Joomla! Security Centre.

    Reported By: Michal Prochaczek
  5. [20170902] - Core - LDAP Information Disclosure
    • Project: Joomla!
    • SubProject: CMS
    • Severity: Medium
    • Versions: 1.5.0 through 3.7.5
    • Exploit type: Information Disclosure
    • Reported Date: 2017-July-27
    • Fixed Date: 2017-September-19
    • CVE Number: CVE-2017-14596

    Description

    Inadequate escaping in the LDAP authentication plugin can result into a disclosure of username and password.

    Affected Installs

    Joomla! CMS versions 1.5.0 through 3.7.5

    Solution

    Upgrade to version 3.8.0

    Contact

    The JSST at the Joomla! Security Centre.

    Reported By: Dr. Johannes Dahse, RIPS Technologies GmbH
Documento senza titolo
Questo sito è a consultazione gratuita, finanziato esclusivamente dall’autore, privo di sponsor e non contiene pubblicità a pagamento.
Le informazioni presenti nel sito devono servire a migliorare, e non a sostituire, il rapporto medico-paziente.
Se hai problemi di salute, rivolgiti il prima possibile al tuo medico di fiducia.

powered by ©
Farmalem è un portale di servizio della salute e in tale ambito si pone l'obiettivo di rendere facilmente accessibili dati e notizie grazie ad una struttura chiara e semplice.
L’Autore di questo sito e Farmalem hanno un rapporto di consulenza gratuita fondato su anni di collaborazione medico-scientifica.
Copyright © Farmalem 2011 | All rights Reserved

 

Informativa

Questo sito o gli strumenti terzi da questo utilizzati si avvalgono di cookie necessari al funzionamento ed utili alle finalità illustrate nella cookie policy. Se vuoi saperne di più o negare il consenso a tutti o ad alcuni cookie, consulta la cookie policy.
Chiudendo questo banner, scorrendo questa pagina, cliccando su un link o proseguendo la navigazione in altra maniera, acconsenti all’uso dei cookie.