Archive for August 26th, 2018

5 results.

Ubuntu 3752-2: Linux kernel (HWE) vulnerabilities

Aug26
by Ike on August 26, 2018 at 5:36 pm
Posted In: Uncategorized

(Aug 24) Several security issues were fixed in the Linux kernel.

 Comment 

Ubuntu 3753-1: Linux kernel vulnerabilities

Aug26
by Ike on August 26, 2018 at 5:36 pm
Posted In: Uncategorized

(Aug 24) Several security issues were fixed in the Linux kernel.

 Comment 

[20180803] – Core – ACL Violation in custom fields

Aug26
by Ike on August 26, 2018 at 1:45 pm
Posted In: Uncategorized
  • Project: Joomla!
  • SubProject: CMS
  • Impact: Low
  • Severity: Low
  • Versions: 3.7.0 through 3.8.11
  • Exploit type: ACL Violation
  • Reported Date: 2018-July-10
  • Fixed Date: 2018-August-28
  • CVE Number: CVE-2018-15881

Description

Inadequate checks regarding disabled fields can lead to an ACL violation.

Affected Installs

Joomla! CMS versions 3.7.0 through 3.8.11

Solution

Upgrade to version 3.8.12

Contact

The JSST at the Joomla! Security Centre.

Reported By: Elisa Foltyn, COOLCAT CREATIONS

 Comment 

[20180802] – Core – Stored XSS vulnerability in the frontend profile

Aug26
by Ike on August 26, 2018 at 1:45 pm
Posted In: Uncategorized
  • Project: Joomla!
  • SubProject: CMS
  • Impact: Low
  • Severity: Low
  • Versions: 1.5.0 through 3.8.11
  • Exploit type: XSS
  • Reported Date: 2018-July-10
  • Fixed Date: 2018-August-28
  • CVE Number: CVE-2018-15880

Description

Inadequate output filtering on the user profile page could lead to a stored XSS attack.

Affected Installs

Joomla! CMS versions 1.5.0 through 3.8.11

Solution

Upgrade to version 3.8.12

Contact

The JSST at the Joomla! Security Centre.

Reported By: Roland Dalmulder, Perfect Web Team

 Comment 

[20180801] – Core – Hardening the InputFilter for PHAR stubs

Aug26
by Ike on August 26, 2018 at 1:45 pm
Posted In: Uncategorized
  • Project: Joomla!
  • SubProject: CMS
  • Impact: High
  • Severity: Low
  • Versions: 1.5.0 through 3.8.11
  • Exploit type: Malicious file upload
  • Reported Date: 2018-August-23
  • Fixed Date: 2018-August-28
  • CVE Number: CVE-2018-15882

Description

Inadequate checks in the InputFilter class could allow specifically prepared PHAR files to pass the upload filter.

Affected Installs

Joomla! CMS versions 1.5.0 through 3.8.11

Solution

Upgrade to version 3.8.12

Contact

The JSST at the Joomla! Security Centre.

Reported By: Davide Tampellini

 Comment 

59 queries. 8.5 mb Memory usage. 1.330 seconds.