The post Spot these Pleskians at J and Beyond appeared first on Plesk.
Comment
Archive for Joomla
285 results.
Joomla 3.8.7 is now available. This is a bug fix release for the 3.x series of Joomla including over 70 bug fixes and improvements.
Joomla 3.8.6 is now available. This is a security fix release for the 3.x series of Joomla addressing one security vulnerability and including over 60 bug fixes and improvements.
[20180301] – Core – SQLi vulnerability User Notes
Mar13
on March 13, 2018
at 1:45 pm
Posted In: Uncategorized
- Project: Joomla!
- SubProject: CMS
- Impact: High
- Severity: Low
- Versions: 3.5.0 through 3.8.5
- Exploit type: SQLi
- Reported Date: 2018-March-08
- Fixed Date: 2018-March-12
- CVE Number: CVE-2018-8045
Description
The lack of type casting of a variable in SQL statement leads to a SQL injection vulnerability in the User Notes list view
Affected Installs
Joomla! CMS versions 3.5.0 through 3.8.5
Solution
Upgrade to version 3.8.6
Contact
The JSST at the Joomla! Security Centre.
Reported By: Entropy Moe
Joomla 3.8.5 is now available. This is a bug fix release for the 3.x series of Joomla fixing regressions which were reported after the 3.8.4 release.
[20180104] – Core – SQLi vulnerability in Hathor postinstall message
Jan30
on January 30, 2018
at 2:45 pm
Posted In: Uncategorized
- Project: Joomla!
- SubProject: CMS
- Impact: High
- Severity: Low
- Versions: 3.7.0 through 3.8.3
- Exploit type: SQLi
- Reported Date: 2017-November-17
- Fixed Date: 2018-January-30
- CVE Number: CVE-2018-6376
Description
The lack of type casting of a variable in SQL statement leads to a SQL injection vulnerability in the Hathor postinstall message.
Affected Installs
Joomla! CMS versions 3.7.0 through 3.8.3
Solution
Upgrade to version 3.8.4
Contact
The JSST at the Joomla! Security Centre.
Reported By: Karim Ouerghemmi, ripstech.com
[20180103] – Core – XSS vulnerability in Uri class
Jan30
on January 30, 2018
at 2:45 pm
Posted In: Uncategorized
- Project: Joomla!
- SubProject: CMS
- Impact: Moderate
- Severity: Low
- Versions: 1.5.0 through 3.8.3
- Exploit type: XSS
- Reported Date: 2017-November-17
- Fixed Date: 2018-January-30
- CVE Number: CVE-2018-6379
Description
Inadequate input filtering in the Uri class (formerly JUri) leads to a XSS vulnerability.
Affected Installs
Joomla! CMS versions 1.5.0 through 3.8.3
Solution
Upgrade to version 3.8.4
Contact
The JSST at the Joomla! Security Centre.
Reported By: Octavian Cinciu
[20180102] – Core – XSS vulnerability in com_fields
Jan30
on January 30, 2018
at 2:45 pm
Posted In: Uncategorized
- Project: Joomla!
- SubProject: CMS
- Impact: Moderate
- Severity: Low
- Versions: 3.7.0 through 3.8.3
- Exploit type: XSS
- Reported Date: 2018-January-20
- Fixed Date: 2018-January-30
- CVE Number: CVE-2018-6377
Description
Inadequate input filtering in com_fields leads to a XSS vulnerability in multiple field types, i.e. list, radio and checkbox.
Affected Installs
Joomla! CMS versions 3.7.0 through 3.8.3
Solution
Upgrade to version 3.8.4
Contact
The JSST at the Joomla! Security Centre.
Reported By: Benjamin Trenkle, JSST
[20180101] – Core – XSS vulnerability in module chromes
Jan30
on January 30, 2018
at 2:45 pm
Posted In: Uncategorized
- Project: Joomla!
- SubProject: CMS
- Impact: Moderate
- Severity: Low
- Versions: 3.0.0 through 3.8.3
- Exploit type: XSS
- Reported Date: 2018-January-21
- Fixed Date: 2018-January-30
- CVE Number: CVE-2018-6380
Description
Lack of escaping in the module chromes leads to XSS vulnerabilities in the module system.
Affected Installs
Joomla! CMS versions 3.0.0 through 3.8.3
Solution
Upgrade to version 3.8.4
Contact
The JSST at the Joomla! Security Centre.
Reported By: David Jardin, JSST
Joomla 3.8.4 is now available. This is a security release for the 3.x series of Joomla addressing four security vulnerabilities and including over 100 bug fixes and improvements.
There are many fine achievements to reflect on as we look back on 2017. Most importantly the Joomla Project wants to say a massive “thank you” to all our volunteers. As an open source project, Joomla can only achieve what it does with the valuable contributions of our extensive global community of hard-working volunteers. On behalf of the Joomla Project, Thank You!
Joomla’s Response to Overturning Net Neutrality in the United States
Dec15
on December 15, 2017
at 12:00 pm
Posted In: Uncategorized
New York – December 15, 2017
The FCC (Federal Communications Commission) vote on Thursday December 14, 2017 to repeal Net Neutrality, while unfortunately expected, is tremendously disappointing to all believers of an open and free internet.
Open Source Matters, Inc. and the Joomla Community believe wholeheartedly in content creation and dissemination. We as a community have been overwhelmingly in favor of retaining Net Neutrality in the United States and worldwide and will seek to make our voices heard in as many ways as possible.
Joomla 3.8.3 is now available. This is a bug fix release for the 3.x series of Joomla which includes over 60 bug fixes and improvements.
Introducing High Performance Joomla! Host A2 Hosting As Global Sponsor
Dec08
on December 8, 2017
at 2:00 pm
Posted In: Uncategorized
Who is A2 Hosting?
It’s likely that you’re already familiar with A2 Hosting. Not only are they an active Joomla! Community member and have sponsored Joomla! and our community, they have been hosting Joomla! sites since their launch back in 2003.
With the prospect of Joomla 4 next year we would like to raise awareness on the must of upgrading to PHP 7.
Joomla 4 will require PHP 7 to run, as stated in this announcement. Most hosts already offer PHP 7 in their packages and it should be fairly easy to change your PHP version. (Hint: before you do, make sure you backup) If not, contact your host today.
Let us give you 4 reasons why you shouldn’t wait on upgrading PHP.
Joomla 4.0 Alpha 1 Released for Testing
Nov17
on November 17, 2017
at 3:00 pm
Posted In: Uncategorized
[20171103] – Core – Information Disclosure
Nov07
on November 7, 2017
at 3:00 pm
Posted In: Uncategorized
- Project: Joomla!
- SubProject: CMS
- Severity: Low
- Versions: 3.7.0 through 3.8.1
- Exploit type: Information Disclosure
- Reported Date: 2017-May-17
- Fixed Date: 2017-November-07
- CVE Number: CVE-2017-16633
Description
A logic bug in com_fields exposed read-only information about a site’s custom fields to unauthorized users.
Affected Installs
Joomla! CMS versions 3.7.0 through 3.8.1
Solution
Upgrade to version 3.8.2
Contact
The JSST at the Joomla! Security Centre.
Reported By: Internal JSST audit
[20171102] – Core – 2-factor-authentication bypass
Nov07
on November 7, 2017
at 3:00 pm
Posted In: Uncategorized
- Project: Joomla!
- SubProject: CMS
- Severity: Medium
- Versions: 3.2.0 through 3.8.1
- Exploit type:
- Reported Date: 2017-October-31
- Fixed Date: 2017-November-07
- CVE Number: CVE-2017-16634
Description
A bug allowed third parties to bypass a user’s 2-factor-authentication method.
Affected Installs
Joomla! CMS versions 3.2.0 through 3.8.1
Solution
Upgrade to version 3.8.2
Contact
The JSST at the Joomla! Security Centre.
Reported By: Yarince
[20171101] – Core – LDAP Information Disclosure
Nov07
on November 7, 2017
at 3:00 pm
Posted In: Uncategorized
- Project: Joomla!
- SubProject: CMS
- Severity: Medium
- Versions: 1.5.0 through 3.8.1
- Exploit type: Information Disclosure
- Reported Date: 2017-October-06
- Fixed Date: 2017-November-07
- CVE Number: CVE-2017-14596
Description
Inadequate escaping in the LDAP authentication plugin can result in disclosure of username and password.
Affected Installs
Joomla! CMS versions 1.5.0 through 3.8.1
Solution
Upgrade to version 3.8.2
Contact
The JSST at the Joomla! Security Centre.
Reported By: Dr. Johannes Dahse, RIPS Technologies GmbH
[20170902] – Core – LDAP Information Disclosure
Sep19
on September 19, 2017
at 2:00 pm
Posted In: Uncategorized
- Project: Joomla!
- SubProject: CMS
- Severity: Medium
- Versions: 1.5.0 through 3.7.5
- Exploit type: Information Disclosure
- Reported Date: 2017-July-27
- Fixed Date: 2017-September-19
- CVE Number: CVE-2017-14596
Description
Inadequate escaping in the LDAP authentication plugin can result into a disclosure of username and password.
Affected Installs
Joomla! CMS versions 1.5.0 through 3.7.5
Solution
Upgrade to version 3.8.0
Contact
The JSST at the Joomla! Security Centre.
Reported By: Dr. Johannes Dahse, RIPS Technologies GmbH
[20170901] – Core – Information Disclosure
Sep19
on September 19, 2017
at 2:00 pm
Posted In: Uncategorized
- Project: Joomla!
- SubProject: CMS
- Severity: Low
- Versions: 3.7.0 through 3.7.5
- Exploit type: Information Disclosure
- Reported Date: 2017-August-4
- Fixed Date: 2017-September-19
- CVE Number: CVE-2017-14595
Description
A logic bug in a SQL query could lead to the disclosure of article intro texts when these articles are in the archived state.
Affected Installs
Joomla! CMS versions 3.7.0 through 3.7.5
Solution
Upgrade to version 3.8.0
Contact
The JSST at the Joomla! Security Centre.
Reported By: Michal Prochaczek
Joomla Community Magazine | October 2014
Oct10
on October 10, 2014
at 11:00 pm
Posted In: Uncategorized
The October issue of the Joomla Community Magazine is here! Our stories this month:
Editors Introduction
Joomla! World Conference 2014, Get Your Tickets Now!
Feature Stories
Interview with Brian Teeman
A New and Improved Joomla! Resources Directory
A Dream, Which we Dream Together, is Reality
Events
Upcoming Joomla Events October/November 2014
Project News
Leadership Highlights October 2014
A Thank You to OSM & the Joomla Community from CloudAccess.net
A Thank You to CloudAccess.net
Administrators
Investing in HTTPS is Crucial to Your Joomla Site’s Integrity
International Stories
Catalan
Open Source Matters tria nova presidenta, Sarah Watz…
Actualitzar Joomla! de la versió 2.5 a la 3.x
Français
Retour sur le JoomlaDay™ Bénin 2014
La création d’un article avec Joomla! n’a jamais été aussi facile !
Joomla! World Conference 2014, achetez vos billets maintenant !
Joomla! pour mon entreprise (partie 1)
Revenons aux fondamentaux : la puissance du collaboratif
Annonce de la création du Update Working Group
Joomla! annonce un nouveau site de démo et une option…
German
Der neue Joomla! Release Zyklus
Spanish
Premios y reconocimientos del CMS Joomla!
ACL en Joomla!
Desenredando Warp 7 y UIKIT
Un Nuevo Directorio de Recursos
Joomla! en La Rioja
In our next issue
We want to publish your Joomla! story in the next JCM issue! So take a look at our Author Resources content to get a better idea of what we are looking for, and then register to become a JCM author and submit your Joomla! story!
The Joomla! Project is pleased to announce the immediate availability of Joomla 3.3.6. This is a maintenance release addressing issues with yesterday’s 3.3.5 release. This release addresses an issue related to the core update component, one regression in the user password reset process, and adds a fallback upgrade mechanism for the update component. This release is considered a security release since it includes two resolved security issues associated with 3.3.5. A 3.2.7 release is also available for users who are still using Joomla! 3.2 which addresses the security issues and the upgrade component bug.
If you are currently running a Joomla! release on a server with PHP 5.3.10 or later, we encourage you to update immediately to Joomla! 3.3.6 via either the one-click update or the update downloads available at http://www.joomla.org/download.html.
Note that in order to update directly to 3.3.6 via the core update component, you must be running 3.2.2 or later due to the raised minimum supported PHP version and the update system not supporting checking the server’s PHP version in older releases. Older 3.x releases will be prompted to update to 3.2.7 before being presented the 3.3.6 update.
Special Download Instructions
Because of the issue with the update component, users who are running 3.2.6 or 3.3.5 will be unable to update to the next release using Joomla’s update component. These users will be required to update their Joomla! installation via the Extension Manager. Instructions for updating via the Extension Manager can be found on the Joomla! Documentation Wiki. Users who are running Joomla! 3.3.0 through 3.3.4 and 3.2.5 or earlier will be able to update using the update component. The Joomla! Documentation wiki contains full instructions on how to update your site.
The Joomla! Project is pleased to announce the immediate availability of Joomla 2.5.27. This is a maintenance release addressing issues with yesterday’s 2.5.26 release. This release addresses an issue related to the core update component. This release is considered a security release since it includes two resolved security issues associated with 2.5.26.
Special Download Instructions
Because of the issue with the update component, users who are running 2.5.26 will be unable to update to 2.5.27 using Joomla’s update component. These users will be required to update their Joomla! installation via the Extension Manager. Instructions for updating via the Extension Manager can be found on the Joomla! Documentation Wiki. Users who are running Joomla! 2.5.25 or earlier will be able to update using the update component. The Joomla! Documentation Wiki contains full instructions on how to update your site.
2.5 End of Life Update
As previously noted, the 2.5 series will reach end of life at the end of 2014, which will mark the end of support for this series. At this time, we project that 2.5.28 will be the last scheduled maintenance release, due in approximately six to eight weeks, the typical timeframe between Joomla! releases.
Download
New Installations: Download Joomla 2.5.27 (Full package) »
Update Package: Download Joomla 2.5.27 (Update packages) »
Note: Please read the update instructions before updating.
Instructions
*Please clear your browser’s cache after upgrading
Want to test drive Joomla? Try the online demo. Documentation is available for beginners.
Release Notes
Check the Joomla 2.5.27 Post-Release FAQs to see if there are important items and helpful hints discovered after the release.
Statistics for the 2.5.27 release period
- 4 tracker issues fixed
See the Joomla! 2.5.26 Milestone on GitHub for details of the items fixed.
Security Issues Fixed
- High Priority – Core – Remote File Inclusion More information »
- Medium Priority – Core – Denial of Service More information »
How can you help Joomla! development?
There are a variety of ways in which you can get actively involved with Joomla! It doesn’t matter if you are a coder, an integrator, or merely a user of Joomla!. You can contact the Joomla! Community Development Manager, David Hurley, to get more information, or if you are ready you can jump right into the Joomla! Bug Squad.
The Joomla! Bug Squad is one of the most active teams in the Joomla! development process and is always looking for people (not just developers) that can help with sorting bug reports, coding patches and testing solutions. It’s a great way for increasing your working knowledge of Joomla!, and also a great way to meet new people from all around the world.
If you are interested, please read about us on the Joomla! Documentation Wiki and, if you wish to join, email Nick Savov, our Bug Squad coordinator.
You can also help Joomla! development by thanking those involved in the many areas of the process. In the past year, for example, over 1,000 bugs have been fixed by the Bug Squad.
Contributors
Thank you to the community members who were active in the testing and resolution of the issues addressed in this release:
Constantin Romankiewicz, Dmitry Rekun, Jean-Marie Simonet, Johannes S-F, Michael Babker, Nicholas Dionysopoulos, Paulos Matos, Tobias Zulauf.
Joomla! Bug Squad
Thank you to the Joomla! Bug Squad for their dedicated efforts investigating reports, fixing problems, and applying patches to Joomla. If you find a bug in Joomla!, please report it on the Joomla! Issue Tracker.
Active members of the Joomla! Bug Squad during past 3 months include: A. Booij, Achal Aggarwal, Anja Hage, Beat , Benjamin Trenkle, Bernard Saulme, Brian Teeman, Christiane Maier-Stadtherr, Constantin Romankiewicz, David Jardin, Dennis Hermacki, Elijah Madden, George Wilson, Hans Kuijpers, Hilary Cheyne, Jean-Marie Simonet, Jelle Kok, Jisse Reitsma, Joe Steele, Josien Verreijt, Leo Lammerink, Marcel van Beelen, Marco Richter, Matt Thomas, Max Sarte, Michael Babker, Mikhail M, Nick Savov, Nicholas Dionysopoulos, Niels van der Veer, Peter Lose, Peter Wiseman, Piotr Mocko, Robert Dam, Robert Gastaud, Roberto Segura, Roland Dalmulder, Sander Potjer, Sergio Manzi, Stefania Gaianigo, Thomas Hunziker, Thomas Jackson, Tobias Zulauf, Todor Iliev, Valentin Despa, Viktor Vogel.
Bug Squad Leadership: Nick Savov, Coordinator.
Joomla! Security Strike Team
A big thanks to the Joomla! Security Strike Team for their ongoing work to keep Joomla! secure. Members include: Airton Torres, Alan Langford, Beat, Bill Richardson, Claire Mandville, David Hurley, Don Gilbert, Gary Brooks, Jason Kendall, Javier Gomez, Jean-Marie Simonet, Marijke Stuivenberg, Mark Boos, Mark Dexter, Matias Griese, Michael Babker, Nick Savov, Pushapraj Sharma, Roberto Segura, Rouven Weßling, Thomas Hunziker.
The Joomla! Project and the Production Leadership Team are proud to announce the release of Joomla! 3.3.5. This is a security release for the 3.x series of Joomla! and addresses two security issues in addition to several regressions introduced in the 3.3.4 release. A 3.2.6 release is also available for users who are still using Joomla! 3.2 which addresses the security issues.
If you are currently running a Joomla! release on a server with PHP 5.3.10 or later, we encourage you to update immediately to Joomla! 3.3.4 via either the one-click update or the update downloads available at http://www.joomla.org/download.html.
Note that in order to update directly to 3.3.5 via the core update component, you must be running 3.2.2 or later due to the raised minimum supported PHP version and the update system not supporting checking the server’s PHP version in older releases. Older 3.x releases will be prompted to update to 3.2.6 before being presented the 3.3.5 update.
[20140904] – Core – Denial of Service
Sep30
on September 30, 2014
at 7:00 pm
Posted In: Uncategorized
- Project: Joomla!
- SubProject: CMS
- Severity: Low
- Versions: 2.5.4 through 2.5.25, 3.2.5 and earlier 3.x versions, 3.3.0 through 3.3.4
- Exploit type: Denial of Service
- Reported Date: 2014-September-24
- Fixed Date: 2014-September-30
- CVE Number: CVE-2014-7229
Description
Inadequate checking allowed the potential for a denial of service attack.
Affected Installs
Joomla! CMS versions 2.5.4 through 2.5.25, 3.2.5 and earlier 3.x versions, 3.3.0 through 3.3.4
Solution
Upgrade to version 2.5.26, 3.2.6, or 3.3.5
Contact
The JSST at the Joomla! Security Center.
Reported By: Johannes Dahse
[20140903] – Core – Remote File Inclusion
Sep30
on September 30, 2014
at 7:00 pm
Posted In: Uncategorized
- Project: Joomla!
- SubProject: CMS
- Severity: Moderate
- Versions: 2.5.4 through 2.5.25, 3.2.5 and earlier 3.x versions, 3.3.0 through 3.3.4
- Exploit type: Remote File Inclusion
- Reported Date: 2014-September-24
- Fixed Date: 2014-September-30
- CVE Number: CVE-2014-7228
Description
Inadequate checking allowed the potential for remote files to be executed.
Affected Installs
Joomla! CMS versions 2.5.4 through 2.5.25, 3.2.5 and earlier 3.x versions, 3.3.0 through 3.3.4
Solution
Upgrade to version 2.5.26, 3.2.6, or 3.3.5
Additional Details
Please refer to AkeebaBackup.com for additional details.
Contact
The JSST at the Joomla! Security Center.
Reported By: Johannes Dahse
[20140902] – Core – Unauthorised Logins
Sep23
on September 23, 2014
at 7:00 pm
Posted In: Uncategorized
- Project: Joomla!
- SubProject: CMS
- Severity: Moderate
- Versions: 2.5.24 and earlier 2.5.x versions, 3.2.4 and earlier 3.x versions, 3.3.0 through 3.3.3
- Exploit type: Unauthorised Logins
- Reported Date: 2014-September-09
- Fixed Date: 2014-September-23
- CVE Number: CVE-2014-6632
Description
Inadequate checking allowed unauthorised logins via LDAP authentication.
Affected Installs
Joomla! CMS versions 2.5.24 and earlier 2.5.x versions, 3.2.4 and earlier 3.x versions, 3.3.0 through 3.3.3
Solution
Upgrade to version 2.5.25, 3.2.5, or 3.3.4
Contact
The JSST at the Joomla! Security Center.
Reported By: Matthew Daley
[20140901] – Core – XSS Vulnerability
Sep23
on September 23, 2014
at 7:00 pm
Posted In: Uncategorized
- Project: Joomla!
- SubProject: CMS
- Severity: Moderate
- Versions: 3.2.0 through 3.2.4, 3.3.0 through 3.3.3
- Exploit type: XSS Vulnerability
- Reported Date: 2014-August-27
- Fixed Date: 2014-September-23
- CVE Number: CVE-2014-6631
Description
Inadequate escaping leads to XSS vulnerability in com_media.
Affected Installs
Joomla! CMS versions 3.2.0 through 3.2.4 and 3.3.0 through 3.3.3
Solution
Upgrade to version 3.2.5 or 3.3.4
Contact
The JSST at the Joomla! Security Center.
Reported By: Dingjie (Daniel) Yang
Joomla Community Magazine | August 2014
Aug03
on August 3, 2014
at 10:21 pm
Posted In: Uncategorized
The August issue of the Joomla Community Magazine is here! Our stories this month:
Editors Introduction
Feature Stories
Joomla Project and Product Marketing. One Can Not Exist Without the Other!
Pizza, Bugs and Fun in The Netherlands
Cum Munus – J and Beyond 2014
The Nasty Business of Passing Off
Talking Joomla! at WordCamp?
The Heart of Joomla! is the Community
Developers
Video: David Hurley Becomes Joomla! 3.4 Release Leader
Introducing The Wheel (The Power of Collaboration)
Project News
Leadership Highlights August 2014
Events
Roundup from JUG Corner – July 2014
Upcoming Joomla! Events – August & September 2014
JoomlaDay Minnesota and the Hope for a Local Joomla! Community
Joomla! Bug Sprint in Manchester
Designers
Book Reviews
Google Summer of Code
Keep Calm and Write Test
An Easy Way to Benchmark a Webserver
Project: JIssues Tracker Status Update
Why Simple Structured Data (Microdata, RDFa) isn’t so Simple
International Stories
Français
Créer facilement son site avec Joomla! (partie 2)
Le Tour d’Adresse du Développeur
J’ai le même problème…
Portuguese (Brazil)
Joomla Day Cidade do México 2014
Spanish
Resultados del Joomla Day Ciudad de México 2014
J&Bellong, Joomla y el marketing
01. Instalar VirtueMart 2.6.6
Joomla! Para Diseñadores
Tutorial: MasterBootstrap, instalación y puesta a punto
Joomla en las Administraciones locales
¿Qué podemos hacer para cambiar la tendencia?
In our next issue
We want to publish your Joomla! story in the next JCM issue! So take a look at our Author Resources content to get a better idea of what we are looking for, and then register to become a JCM author and submit your Joomla! story!