Houston, TX — cPanel & WHM version 11.32, which released today to the RELEASE tier, offers numerous updates, including enhancements to mail functionality and login screens. It also officially supports DKIM and includes the Logaholic web analytics application. This latest…
Archive for security
- Project: Joomla!
- SubProject: All
- Severity: Low
- Versions: 2.5.3 and all earlier 2.5.x versions
- Exploit type: Information Disclosure
- Reported Date: 2012-January-7
- Fixed Date: 2012-April-2
Description
Inadequate permission checking allows unauthorised viewing of some administrative back end information.
Affected Installs
Joomla! versions 2.5.3 and all earlier 2.5.x versions
Solution
Upgrade to version 2.5.4
Reported by Cyrille Barthelemy
Contact
The JSST at the Joomla! Security Center.
- Project: Joomla!
- SubProject: All
- Severity: High
- Versions: 1.5.25 and all earlier 1.5.x versions
- Exploit type: Password Change
- Reported Date: 2012-March-8
- Fixed Date: 2012-March-27
Description
Insufficient randomness leads to password reset vulnerability.
Affected Installs
Joomla! versions 1.5.25 and all earlier 1.5.x versions
Solution
Upgrade to version 1.5.26
Reported by George Argyros and Aggelos Kiayias
Contact
The JSST at the Joomla! Security Center.
- Project: Joomla!
- SubProject: All
- Severity: Low
- Versions: 1.5.25 and all earlier 1.5.x versions
- Exploit type: Information Disclosure
- Reported Date: 2012-January-7
- Fixed Date: 2012-March-27
Description
Inadequate permission checking allows unauthorised viewing of administrative back end information.
Affected Installs
Joomla! versions 1.5.25 and all earlier 1.5.x versions
Solution
Upgrade to version 1.5.26
Reported by Cyrille Barthelemy
Contact
The JSST at the Joomla! Security Center.
cPanel & WHM 11.30.6.6 provides major fixes for CentOS 4 as well as other minor fixes The recent end of life to CentOS 4 by CentOS, provided issues when updating or installing packages from YUM. cPanel located the correct…
cPanel to End Support for PHP 4 cPanel announces that EasyApache will no longer support PHP 4 beginning May, 2012. PHP 4 has not been actively developed, or supported by the PHP developers, for several years. Many CVEs reported against…
- Project: Joomla!
- SubProject: All
- Severity: High
- Versions: 2.5.2, 2.5.1, 2.5.0, and all 1.7.x and 1.6.x releases
- Exploit type: Password Change
- Reported Date: 2012-March-8
- Fixed Date: 2012-March-15
Description
Insufficient randomness leads to password reset vulnerability.
Affected Installs
Joomla! versions 2.5.2, 2.5.1, 2.5.0, and all 1.7.x and 1.6.x versions
Solution
Upgrade to version 2.5.3
Reported by George Argyros and Aggelos Kiayias
Contact
The JSST at the Joomla! Security Center.
At cPanel Conference 2011, cPanel announced the upcoming launch of Attracta SEO tool features within cPanel & WHM. cPanel and Attracta have launched a special site ( go.cpanel.net/attracta/ ) dedicated to partners wishing to gain full access to the upcoming…
- Project: Joomla!
- SubProject: All
- Severity: High
- Versions: 2.5.2, 2.5.1, 2.5.0, and all 1.7.x and 1.6.x releases
- Exploit type: Privilege Escalation
- Reported Date: 2012-March-12
- Fixed Date: 2012-March-15
Description
Programming error allows privilege escalation in some cases.
Affected Installs
Joomla! versions 2.5.2, 2.5.1, 2.5.0, and all 1.7.x and 1.6.x versions
Solution
Upgrade to version 2.5.3
Reported by Jeff Channel
Contact
The JSST at the Joomla! Security Center.
On Monday, March 12, 2012, cPanel will travel to Austin, Texas and join a number of Partners, industry friends, and hosting guru’s at this year’s South by Southwest 2012 (SxSW) conference. cPanel & WHM powers some of the largest and most…
- Project: Joomla!
- SubProject: All
- Severity: High
- Versions: 2.5.1, 2.5.0 and 1.7.0 – 1.7.5
- Exploit type: SQL Injection
- Reported Date: 2012-February-29
- Fixed Date: 2012-March-05
Description
Inadequate escaping leads to SQL injection vulnerability.
Affected Installs
Joomla! version 2.5.1, 2.5.0, 1.7.4, and all earlier 1.7.x versions
Solution
Upgrade to version 2.5.2
Reported by Ching Shiong Sow, Stratsec
Contact
The JSST at the Joomla! Security Center.
- Project: Joomla!
- SubProject: All
- Severity: Moderate
- Versions: 2.5.1 and 2.5.0
- Exploit type: XSS Vulnerability
- Reported Date: 2012-February-29
- Fixed Date: 2012-March-05
Description
Inadequate filtering leads to XSS vulnerability.
Affected Installs
Joomla! version 2.5.1 and 2.5.0.
Solution
Upgrade to version 2.5.2
Reported by Phil Purviance
Contact
The JSST at the Joomla! Security Center.
For continued compatibility with the latest versions of cPanel & WHM, please update your server to CentOS 6 or RHEL 6.CentOS and Red Hat discontinued support for version 4 of their respective operating systems on February 29, 2012. cPanel & WHM version 11.32 will…
cPanel, Inc., announced that its subsidiary, Hostbed, L.L.C., has acquired Siteocity.com, a small website hosting solutions provider. The purchase gives cPanel a direct platform for real-world testing of its products. Siteocity.com will continue to operate under its current name. cPanel…
Houston, TX — cPanel & WHM version 11.32, which released today to the edge tier, offers numerous updates, including enhancements to mail functionality and login screens. It also officially supports DKIM and includes the Logaholic web analytics application. Enhanced Mail…
Improvements were made to the Sever Administrator Interface, Website Owner Interface and to the product as a whole. Some Improvements to Sever Administrator Interface (SAI) include: Resellers can create IIS shared application pools with the new Application Pool Manager…
Rank Company site OS Outagehh:mm:ss FailedReq% DNS […]
Rank Company site OS Outagehh:mm:ss FailedReq% DNS […]
- Project: Joomla!
- SubProject: All
- Severity: Low
- Versions: 2.5.0 and 1.7.0 – 1.7.4
- Exploit type: Information Disclosure
- Reported Date: 2012-January-29
- Fixed Date: 2012-February-02
Description
Inadequate validation leads to path disclosure in administrator.
Affected Installs
Joomla! version 2.5.0, 1.7.4, and all earlier 1.7.x versions
Solution
Upgrade to version 2.5.1 or 1.7.5 or higher
Reported by Jakub Galczyk
Contact
The JSST at the Joomla! Security Center.
- Project: Joomla!
- SubProject: All
- Severity: Low
- Versions: 2.5.0 and 1.7.0 – 1.7.4
- Exploit type: Information Disclosure
- Reported Date: 2012-January-29
- Fixed Date: 2012-February-02
Description
Inadequate validation leads to information disclosure in administrator.
Affected Installs
Joomla! version 2.5.0, 1.7.4, and all earlier 1.7.x versions
Solution
Upgrade to version 1.7.5 or 2.5.1 or higher
Reported by Jakub Galczyk
Contact
The JSST at the Joomla! Security Center.
- Project: Joomla!
- SubProject: All
- Severity: Moderate
- Versions: 1.7.4 and all earlier 1.7.x versions
- Exploit type: Information Disclosure
- Reported Date: 2012-January-06
- Fixed Date: 2012-February-02
Description
On some servers the error log could be read by unauthorised users.
Affected Installs
Joomla! version 1.7.4 and all earlier 1.7.x versions
Solution
Upgrade to version 2.5.1 or 1.7.5 or higher
Reported by Alain Rivest
Contact
The JSST at the Joomla! Security Center.
Social network Bebo is still inaccessible after an apparent technical error took the site offline yesterday.
Year of the Meetup
We hereby declare 2012 as the Year of the WordPress Meetup. You’ll want to get in on this action. So what is a WordPress Meetup? Basically, it’s people in a community getting together — meeting up — who share an interest in WordPress, whether they be bloggers, business users, developers, consultants, or any other category of person able to say, “I use WordPress in some way and I like it, and I want to meet other people who can say the same.
The United States Department of Justice appears to be under attack for the second time since the popular MegaUpload file sharing site was taken down.
- Project: Joomla!
- SubProject: All
- Severity: Low
- Versions: 1.7.3 and all earlier 1.7 and 1.6 versions
- Exploit type: Information Disclosure
- Reported Date: 2012-January-07
- Fixed Date: 2012-January-24
Description
Inadequate filtering leads to information disclosure.
Affected Installs
Joomla! version 1.7.3 and all earlier versions
Solution
Upgrade to version 1.7.4 or 2.5.0 or higher
Reported by Erwan Peton – Intrinsec
Contact
The JSST at the Joomla! Security Center.
- Project: Joomla!
- SubProject: All
- Severity: Moderate
- Versions: 1.7.3 and all earlier 1.7 and 1.6 versions
- Exploit type: XSS Vulnerability
- Reported Date: 2011-November-16
- Fixed Date: 2012-January-24
Description
Inadequate filtering leads to XSS vulnerability.
Affected Installs
Joomla! version 1.7.3 and all earlier versions
Solution
Upgrade to version 1.7.4 or 2.5.0 or higher
Reported by Ankita Kapadia
Contact
The JSST at the Joomla! Security Center.
- Project: Joomla!
- SubProject: All
- Severity: Low
- Versions: 1.7.3 and all earlier 1.7 and 1.6 versions
- Exploit type: Information Disclosure
- Reported Date: 2011-December-19
- Fixed Date: 2012-January-24
Description
Inadequate filtering leads to information disclosure.
Affected Installs
Joomla! version 1.7.3 and all earlier versions
Solution
Upgrade to version 1.7.4 or 2.5.0 or higher
Reported by Jean-Marie Simonet
Contact
The JSST at the Joomla! Security Center.
- Project: Joomla!
- SubProject: All
- Severity: Moderate
- Versions: 1.7.3 and all earlier versions
- Exploit type: XSS Vulnerability
- Reported Date: 2012-January-22
- Fixed Date: 2012-January-24
Description
Inadequate filtering leads to XSS vulnerability.
Affected Installs
Joomla! version 1.7.3 and all earlier 1.7 and 1.6 versions
Solution
Upgrade to version 1.7.4 or 2.5.0 or higher
Reported by David Jardin
Contact
The JSST at the Joomla! Security Center.
The newest cPanel & WHM release, 11.30.5.6, improves Google Chrome support. This update for cPanel & WHM resolves an issue with handling form submissions by newer versions of Google Chrome. The error affected file uploads in the cPanel File Manager…
WordPress.org is officially joining the protest against Senate Bill 968: the Protect IP Act that is coming before the U.S. Senate next week. As I wrote in my post a week ago, if this bill is passed it will jeopardize internet freedom and shift the power of the independent web into the hands of corporations. […]