Ike.ninja

• Project: Joomla!
• SubProject: CMS
• Impact: Low
• Severity: Low
• Versions: 3.1.2 through 3.8.7
• Exploit type: XSS
• Reported Date: 2018-March-30
• Fixed Date: 2018-May-22
• CVE Number: CVE-2018-11328

Description

Under specific circumstances (a redirect issued with a URI containing a username and password when the Location: header cannot be used), a lack of escaping the user-info component of the URI could result in a XSS vulnerability.

Affected Installs

Joomla! CMS versions 3.1.2 through 3.8.7

Solution

Upgrade to version 3.8.8

Contact

The JSST at the Joomla! Security Centre.

• Project: Joomla!
• SubProject: CMS
• Impact: Moderate
• Severity: Low
• Versions: 3.7.0 through 3.8.7
• Exploit type: Remote Code Execution
• Reported Date: 2018-May-14
• Fixed Date: 2018-May-22
• CVE Number: CVE-2018-11321

Description

Inadequate filtering allows users authorised to create custom fields to manipulate the filtering options and inject an unvalidated option.

Affected Installs

Joomla! CMS versions 3.7.0 through 3.8.7

Solution

Upgrade to version 3.8.8

Contact

The JSST at the Joomla! Security Centre.

• Project: Joomla!
• SubProject: CMS
• Impact: Low
• Severity: Low
• Versions: 3.0.0 through 3.8.7
• Exploit type: Information Disclosure
• Reported Date: 2018-February-09
• Fixed Date: 2018-May-22
• CVE Number: CVE-2018-11325

Description

The web install application would autofill password fields after either a form validation error or navigating to a previous install step, and displays the plain text password for the administrator account at the confirmation screen.

Affected Installs

Joomla! CMS versions 3.0.0 through 3.8.7

Solution

Upgrade to version 3.8.8

Contact

The JSST at the Joomla! Security Centre.

• Project: Joomla!
• SubProject: CMS
• Impact: High
• Severity: Low
• Versions: 2.5.0 through 3.8.7
• Exploit type: Malicious file upload
• Reported Date: 2018-March-14
• Fixed Date: 2018-May-22
• CVE Number: CVE-2018-11322

Description

Depending on the server configuration, PHAR files might be handled as executable PHP scripts by the webserver.

Affected Installs

Joomla! CMS versions 2.5.0 through 3.8.7

Solution

Upgrade to version 3.8.8

Contact

The JSST at the Joomla! Security Centre.

The post The Complete Guide to Your First Joomla! Installation from Plesk panel appeared first on Plesk.

(May 21) This updates contains various updates from the upstream glibc 2.27 release branch, including minor fixes for the `realpath` function and the i386 `memmove` implementation. Python helper scripts in the `glibc-benchtests` subpackage now use `/usr/bin/python3` as the script interpreter (RHBZ#1577223). Starting with this update, glibc will no longer re-exec systemd during glibc updates

(May 22) Several security issues were addressed in the Linux kernel.

(May 21) An update for java-1.7.0-openjdk is now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score,

The post Staging Environment Best Practices and How to Fix Yours appeared first on Plesk.

(May 17) An update for sensu is now available for Red Hat OpenStack Platform 10. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives adetailed severity rating, is available for each vulnerability from

(May 19) Security update for CVE-2017-17723, CVE-2017-17725, CVE-2018-5772

(May 17) An update is now available for Red Hat OpenStack Platform 10.0 (Newton). Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from

(May 19) FIx bundled libraries listed in package. Documentation change only, no functional change.

(May 17) An update is now available for Red Hat JBoss Enterprise Application Platform. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which

(May 17) Hans Jerry Illikainen discovered a type conversion vulnerability in the MP4 demuxer of the VLC media player, which could result in the execution of arbitrary code if a malformed media file is played.