Ike.ninja

WordPress 5.0 Beta 4 is now available! This software is still in development, so we don’t recommend you run it on a production site. Consider setting up a test site to play with the new version. There are two ways to test the WordPress 5.0 Beta: try the WordPress Beta Tester plugin (you’ll want “bleeding edge nightlies”), or […]

To keep everyone aware of big projects and efforts across WordPress contributor teams, I’ve reached out to each team’s listed representatives. I asked each of them to share their Top Priority (and when they hope for it to be completed), as well as their biggest Wins and Worries. Have questions? I’ve included a link to […]

It’s a good day for the Joomla Project, as today we proudly announce the release of Joomla 3.9 – ‘The Privacy Tool Suite’ – marking the tenth minor release in the 3.x series.

WordPress 5.0 Beta 1 is now available! This software is still in development, so we don’t recommend you run it on a production site. Consider setting up a test site to play with the new version, and if you are using an existing test site be sure to update the Gutenberg plugin to v4.1. There are […]

Let’s say you need to find hosting for multiple web applications with cPanel backend access so clients cannot access each other’s backends. What can you do to create a secure hosting environment without paying for several different hosting accounts? Why not host it yourself?! Disclaimer: If you have one or two lightweight websites, this probably isn’t the most cost effective route to go, however, if you are currently paying to host several websites and have …

• Project: Joomla!
• SubProject: CMS
• Impact: Moderate
• Severity: Low
• Versions: 1.5.0 through 3.8.12
• Exploit type: ACL Violation
• Reported Date: 2017-December-27
• Fixed Date: 2018-October-02
• CVE Number: CVE-2018-17855

Description

In case that an attacker gets access to the mail account of an user who can approve admin verifications in the registration process he can activate himself.

Affected Installs

Joomla! CMS versions 1.5.0 through 3.8.12

Solution

Upgrade to version 3.8.13

Contact

The JSST at the Joomla! Security Centre.

• Project: Joomla!
• SubProject: CMS
• Impact: High
• Severity: Low
• Versions: 2.5.4 through 3.8.12
• Exploit type: Object Injection
• Reported Date: 2018-June-21
• Fixed Date: 2018-October-02
• CVE Number: CVE-2018-17856

Description

Joomla’s com_joomlaupdate allows the execution of arbitrary code. The default ACL config enabled access of Administrator-level users to access com_joomlaupdate and trigger a code execution.

Affected Installs

Joomla! CMS versions 2.5.4 through 3.8.12

Solution

Upgrade to version 3.8.13

Contact

The JSST at the Joomla! Security Centre.

• Project: Joomla!
• SubProject: CMS
• Impact: Moderate
• Severity: Low
• Versions: 2.5.0 through 3.8.12
• Exploit type: Incorrect Access Control
• Reported Date: 2018-September-17
• Fixed Date: 2018-October-02
• CVE Number: CVE-2018-17859

Description

Inadequate checks in com_contact could allowed mail submission in disabled forms.

Affected Installs

Joomla! CMS versions 2.5.0 through 3.8.12

Solution

Upgrade to version 3.8.13

Contact

The JSST at the Joomla! Security Centre.

Today is the first day of the 2018 cPanel Conference. We’re in the middle of setting everything up right now, getting ready to open up conference check-in and registration, and anticipating tonight’s networking party at Chapman and Kirby. We’ve spent the last 12 months planning this year’s conference, and we are ready to rock! Return of the Lab! This year the cPanel Lab is returning. In case you are unfamiliar, the cPanel Lab is a collection of …

There are a lot of things we are looking forward to at this year’s conference. Engaging talks, fantastic networking sessions, super cool swag, and of course, some of the best evening events in the industry. We are bringing it back to our hometown of Houston, TX and we cannot wait to give you the grand tour! We have so much in store for our attendees that we’ve put together this checklist. By the time you all …

A CMS-powered website has all the ingredients for an IT security nightmare: it is publicly accessible, it’s running on powerful machines with great connectivity and the underlying system is used countless times around the globe, making it an attractive target for attackers.
The Joomla Security Strike Team (JSST) is working hard to make sure that this nightmare doesn’t become reality for Joomla users!

cPanel Conference time is closing in steadily, with only 18 days left until the big event. Here on the cPanel University team, we’re continuing our tradition of offering a special certification. This certification is only available to those lucky folks that will be attending the conference in-person, who successfully complete a comprehensive exam. This exam covers the latest and greatest features and changes made over the past year’s worth of cPanel & WHM releases. Last …

The WHMCS team is incredibly excited to be sponsoring and taking part in cPanel Conference for another year. Thanks to our special relationship with cPanel, the cPanel conference provides a unique opportunity to connect with important partners and vendors that are part of the cPanel ecosystem and has proven itself to be a great event for bringing together people from all over the industry. The conference is taking place in our …

Dear [Name of the world’s best boss], cPanel is having their annual conference from October 1st through October 3rd, and I think it would be very beneficial to the company for me to attend. As you know, cPanel has significantly increased the speed with which they develop new features and release new versions. They’ve released four new major versions each of the last three years. Increasing my knowledge of the cPanel & WHM software is …

As most of you are aware, EasyApache3 (EA3) is going to End of Life status as of December 2018.  Moving to EOL status means that if you are still running EA3 by the time v78 is released, you will not be able to upgrade to the newest version of cPanel & WHM. The life cycle of EA3 over the next few cPanel releases will play out as follows: Advisements in version 72: warnings have been added to …