[20131102] Core XSS Vulnerability

Nov06
by Ike on November 6, 2013 at 6:47 pm
Posted In: CMS, Joomla, security, Security Center
  • Project: Joomla!
  • SubProject: All
  • Severity: Moderate
  • Versions: 2.5.14 and earlier 2.5.x versions. 3.1.5 and earlier 3.x versions.
  • Exploit type: XSS Vulnerability
  • Reported Date: 2013-October-06
  • Fixed Date: 2013-November-06
  • CVE Number:

Description

Inadequate filtering leads to XSS vulnerability in com_contact, com_weblinks, com_newsfeeds.

Affected Installs

Joomla! version 2.5.14 and earlier 2.5.x versions; and version 3.1.5 and earlier 3.0.x versions.

Solution

Upgrade to version 2.5.15, 3.1.6 or 3.2.

Contact

The JSST at the Joomla! Security Center.

Reported By: Osanda Malith

└ Tags: , , , ,
 Comment 

[20131101] Core XSS Vulnerability

Nov06
by Ike on November 6, 2013 at 6:47 pm
Posted In: CMS, Joomla, security, Security Center
  • Project: Joomla!
  • SubProject: All
  • Severity: High
  • Versions: 2.5.14 and earlier 2.5.x versions. 3.1.5 and earlier 3.x versions.
  • Exploit type: XSS Vulnerability
  • Reported Date: 2013-October-25
  • Fixed Date: 2013-November-06
  • CVE Number:

Description

Inadequate filtering leads to XSS vulnerability in com_contact.

Affected Installs

Joomla! version 2.5.14 and earlier 2.5.x versions; and version 3.1.5 and earlier 3.0.x versions.

Solution

Upgrade to version 2.5.15, 3.1.6 or 3.2.

Contact

The JSST at the Joomla! Security Center.

Reported By: Osanda Malith

└ Tags: , , , ,
 Comment 

Joomla! 3.2.0 Stable Released

Nov06
by Ike on November 6, 2013 at 11:00 am
Posted In: CMS, Community, Joomla, Project Release News, Releases

Joomla! 3.2 - Something new for everyone

Joomla 3.2.0 Released

The Joomla! Project and Community is excited and proud to announce the immediate availability of Joomla! CMS 3.2.0 Stable.

With literally dozens of new features including:

  • Content version control
  • Many user interface improvements
  • Easy multi-lingual setup for 64 officially supported languages
  • Built-in Joomla! Extensions Finder as an onsite interface to the Joomla! Extensions Directory (that currently lists over 4000 extensions) providing one-click extensions installation
  • Increased security with strong passwords and two step authentication
  • New rapid development framework for new extension coding

Joomla 3.2 is truly a Something New for Everyone release. These exciting new features are highlighted and explained in a series of short video preview tutorials: Joomla! 3.2 Video Tutorials.

└ Tags: , , , ,
 Comment 

Ubuntu: 2011-1: Libav vulnerabilities

Nov06
by Ike on November 6, 2013 at 6:50 am
Posted In: Other

(Nov 4) Libav could be made to crash or run programs as your login if it opened aspecially crafted file.

 Comment 

Debian: 2792-1: wireshark: Multiple vulnerabilities

Nov06
by Ike on November 6, 2013 at 6:33 am
Posted In: Other

(Nov 4) Multiple vulnerabilities were discovered in the dissectors for IEEE 802.15.4, NBAP, SIP and TCP, which could result in denial of service. The oldstable distribution (squeeze) is only affected by CVE-2013-6340. [More…]

└ Tags: , , ,
 Comment 

50 queries. 8.5 mb Memory usage. 0.328 seconds.