Sidebar

English (UK)

Joomla! Security News

  1. [20140904] - Core - Denial of Service

    • Project: Joomla!
    • SubProject: CMS
    • Severity: Low
    • Versions: 2.5.4 through 2.5.25, 3.2.5 and earlier 3.x versions, 3.3.0 through 3.3.4
    • Exploit type: Denial of Service
    • Reported Date: 2014-September-24
    • Fixed Date: 2014-September-30
    • CVE Number: CVE-2014-7229

    Description

    Inadequate checking allowed the potential for a denial of service attack.

    Affected Installs

    Joomla! CMS versions 2.5.4 through 2.5.25, 3.2.5 and earlier 3.x versions, 3.3.0 through 3.3.4

    Solution

    Upgrade to version 2.5.26, 3.2.6, or 3.3.5

    Contact

    The JSST at the Joomla! Security Center.

    Reported By: Johannes Dahse

  2. [20140903] - Core - Remote File Inclusion

    • Project: Joomla!
    • SubProject: CMS
    • Severity: Moderate
    • Versions: 2.5.4 through 2.5.25, 3.2.5 and earlier 3.x versions, 3.3.0 through 3.3.4
    • Exploit type: Remote File Inclusion
    • Reported Date: 2014-September-24
    • Fixed Date: 2014-September-30
    • CVE Number: CVE-2014-7228

    Description

    Inadequate checking allowed the potential for remote files to be executed.

    Affected Installs

    Joomla! CMS versions 2.5.4 through 2.5.25, 3.2.5 and earlier 3.x versions, 3.3.0 through 3.3.4

    Solution

    Upgrade to version 2.5.26, 3.2.6, or 3.3.5

    Additional Details

    Please refer to AkeebaBackup.com for additional details.

    Contact

    The JSST at the Joomla! Security Center.

    Reported By: Johannes Dahse

  3. [20140902] - Core - Unauthorised Logins

    • Project: Joomla!
    • SubProject: CMS
    • Severity: Moderate
    • Versions: 2.5.24 and earlier 2.5.x versions, 3.2.4 and earlier 3.x versions, 3.3.0 through 3.3.3
    • Exploit type: Unauthorised Logins
    • Reported Date: 2014-September-09
    • Fixed Date: 2014-September-23
    • CVE Number: CVE-2014-6632

    Description

    Inadequate checking allowed unauthorised logins via LDAP authentication.

    Affected Installs

    Joomla! CMS versions 2.5.24 and earlier 2.5.x versions, 3.2.4 and earlier 3.x versions, 3.3.0 through 3.3.3

    Solution

    Upgrade to version 2.5.25, 3.2.5, or 3.3.4

    Contact

    The JSST at the Joomla! Security Center.

    Reported By: Matthew Daley

  4. [20140901] - Core - XSS Vulnerability

    • Project: Joomla!
    • SubProject: CMS
    • Severity: Moderate
    • Versions: 3.2.0 through 3.2.4, 3.3.0 through 3.3.3
    • Exploit type: XSS Vulnerability
    • Reported Date: 2014-August-27
    • Fixed Date: 2014-September-23
    • CVE Number: CVE-2014-6631

    Description

    Inadequate escaping leads to XSS vulnerability in com_media.

    Affected Installs

    Joomla! CMS versions 3.2.0 through 3.2.4 and 3.3.0 through 3.3.3

    Solution

    Upgrade to version 3.2.5 or 3.3.4

    Contact

    The JSST at the Joomla! Security Center.

    Reported By: Dingjie (Daniel) Yang

  5. [20140301] - Core - SQL Injection

    • Project: Joomla!
    • SubProject: CMS
    • Severity: High
    • Versions: 3.1.0 through 3.2.2
    • Exploit type: SQL Injection
    • Reported Date: 2014-February-06
    • Fixed Date: 2014-March-06
    • CVE Number: Pending

    Description

    Inadequate escaping leads to SQL injection vulnerability.

    Affected Installs

    Joomla! CMS versions 3.1.0 through 3.2.2

    Solution

    Upgrade to version 3.2.3

    Contact

    The JSST at the Joomla! Security Center.

    Reported By: ??

Archived Articles

Who's Online

We have 16 guests and no members online

Latest News