Archive for November, 2017

5 results.

Joomla 4.0 Alpha 1 Released for Testing

Nov17
by Ike on November 17, 2017 at 3:00 pm
Posted In: Uncategorized
joomla 4 alpha 1

The Joomla Project is pleased to announce the availability of Joomla 4.0 Alpha 1 for download.

 Comment 

Oracle Security Alert for CVE-2017-10269 – 13 November 2017

Nov14
by Ike on November 14, 2017 at 7:30 pm
Posted In: Uncategorized
 Comment 

[20171103] – Core – Information Disclosure

Nov07
by Ike on November 7, 2017 at 3:00 pm
Posted In: Uncategorized
  • Project: Joomla!
  • SubProject: CMS
  • Severity: Low
  • Versions: 3.7.0 through 3.8.1
  • Exploit type: Information Disclosure
  • Reported Date: 2017-May-17
  • Fixed Date: 2017-November-07
  • CVE Number: CVE-2017-16633

Description

A logic bug in com_fields exposed read-only information about a site’s custom fields to unauthorized users.

Affected Installs

Joomla! CMS versions 3.7.0 through 3.8.1

Solution

Upgrade to version 3.8.2

Contact

The JSST at the Joomla! Security Centre.

Reported By: Internal JSST audit

 Comment 

[20171102] – Core – 2-factor-authentication bypass

Nov07
by Ike on November 7, 2017 at 3:00 pm
Posted In: Uncategorized
  • Project: Joomla!
  • SubProject: CMS
  • Severity: Medium
  • Versions: 3.2.0 through 3.8.1
  • Exploit type: 
  • Reported Date: 2017-October-31
  • Fixed Date: 2017-November-07
  • CVE Number: CVE-2017-16634

Description

A bug allowed third parties to bypass a user’s 2-factor-authentication method.

Affected Installs

Joomla! CMS versions 3.2.0 through 3.8.1

Solution

Upgrade to version 3.8.2

Contact

The JSST at the Joomla! Security Centre.

Reported By: Yarince

 Comment 

[20171101] – Core – LDAP Information Disclosure

Nov07
by Ike on November 7, 2017 at 3:00 pm
Posted In: Uncategorized
  • Project: Joomla!
  • SubProject: CMS
  • Severity: Medium
  • Versions: 1.5.0 through 3.8.1
  • Exploit type: Information Disclosure
  • Reported Date: 2017-October-06
  • Fixed Date: 2017-November-07
  • CVE Number: CVE-2017-14596

Description

Inadequate escaping in the LDAP authentication plugin can result in disclosure of username and password.

Affected Installs

Joomla! CMS versions 1.5.0 through 3.8.1

Solution

Upgrade to version 3.8.2

Contact

The JSST at the Joomla! Security Centre.

Reported By: Dr. Johannes Dahse, RIPS Technologies GmbH

 Comment 

58 queries. 8.25 mb Memory usage. 0.435 seconds.