[20120901] – Core – XSS Vulnerability

Sep14
by Ike on September 14, 2012 at 7:21 am
Posted In: Uncategorized
  • Project: Joomla!
  • SubProject: All
  • Severity: Low
  • Versions: 2.5.6 and all earlier 2.5.x versions
  • Exploit type: XSS Vulnerability
  • Reported Date: 2012-April-30
  • Fixed Date: 2012-September-13

Description

Inadequate escaping of output leads to XSS vulnerability.

Affected Installs

Joomla! versions 2.5.6 and all earlier 2.5.x versions

Solution

Upgrade to version 2.5.7

Reported by Janek Vind and Antoine Cervoise

Contact

The JSST at the Joomla! Security Center.

 Comment 

[20120902] – Core – XSS Vulnerability

Sep14
by Ike on September 14, 2012 at 7:21 am
Posted In: Uncategorized
  • Project: Joomla!
  • SubProject: All
  • Severity: Low
  • Versions: 2.5.6 and all earlier 2.5.x versions
  • Exploit type: XSS Vulnerability
  • Reported Date: 2012-July-2
  • Fixed Date: 2012-September-13

Description

Inadequate escaping of output leads to XSS vulnerability in language switcher module.

Affected Installs

Joomla! versions 2.5.6 and all earlier 2.5.x versions

Solution

Upgrade to version 2.5.7

Reported by S. Schurtz

Contact

The JSST at the Joomla! Security Center.

 Comment 

Debian: 2548-1: Security Summary: Summary

Sep14
by Ike on September 14, 2012 at 6:08 am
Posted In: Uncategorized

(Sep 13) Security Report Summary

 Comment 

Debian: 2547-1: bind9: improper assert

Sep14
by Ike on September 14, 2012 at 5:59 am
Posted In: Uncategorized

(Sep 12) It was discovered that BIND, a DNS server, does not handle DNS records properly which approach size limits inherent to the DNS protocol. An attacker could use crafted DNS records to crash the BIND server process, leading to a denial of service. [More…]

 Comment 

Ubuntu: 1559-1: GIMP vulnerabilities

Sep14
by Ike on September 14, 2012 at 5:08 am
Posted In: Uncategorized

(Sep 10) GIMP could be made to crash or run programs as your login if it opened aspecially crafted file.

 Comment 

58 queries. 8.25 mb Memory usage. 1.245 seconds.