– checking for references between IP addresses and domains with “Forwarding” hosting type in Plesk database
– validation for DUMP_TMP_D variable in /etc/psa/psa.conf file
The following bugs have been fixed:
[-] Wrong permission was set on /tmp folder after 10.4.4 MU#16 installing
[-] Error 404 at browsing “Downloads” report generated by AWStats
[-] Wrong IP subnets validation
[-] Unable to sync service plan with hosting disabled
- Project: Joomla!
- SubProject: All
- Severity: High
- Versions: 2.5.2, 2.5.1, 2.5.0, and all 1.7.x and 1.6.x releases
- Exploit type: Password Change
- Reported Date: 2012-March-8
- Fixed Date: 2012-March-15
Description
Insufficient randomness leads to password reset vulnerability.
Affected Installs
Joomla! versions 2.5.2, 2.5.1, 2.5.0, and all 1.7.x and 1.6.x versions
Solution
Upgrade to version 2.5.3
Reported by George Argyros and Aggelos Kiayias
Contact
The JSST at the Joomla! Security Center.
Pre-Launch for Attracta SEO Tools Integration
At cPanel Conference 2011, cPanel announced the upcoming launch of Attracta SEO tool features within cPanel & WHM. cPanel and Attracta have launched a special site ( go.cpanel.net/attracta/ ) dedicated to partners wishing to gain full access to the upcoming features.
Attracta SEO tools are scheduled for release to the cPanel & WHM EDGE tier at the beginning of April with availability in the CURRENT tier later in the month.
Hosting providers can visit go.cpanel.net/AttractaDiscuss for more information and to join the program please visit go.cpanel.net/attracta/ .
“As we launch a major new feature set within the cPanel & WHM product, we want to make sure we provide server owners and hosting providers with all the details on this integration,” said Aaron Phillips, vice president of operations at cPanel.
Attracta will become a standard feature within cPanel & WHM, with the ability to instantly turn it off or on (by default, Attracta will be on).
The Attracta features in cPanel & WHM provide easy sitemap creation, submission, and even professional SEO services to take over where automation left off.
Hosting providers will also enjoy a revenue-sharing opportunity that includes a high conversion rate along with a one-to-one relationship with Attracta.
“It was important to cPanel that we not be a middle entity in this process, and instead allow hosting providers the distinct ability to gain their full revenue sharing,” said Phillips.
In addition to providing integrated SEO tools to website owners using cPanel & WHM, Attracta also provides professional services at affordable prices to help website owners gain further traction and traffic to their websites. Attracta has provided over 1 million websites with a set of SEO tools to help get the websites crawled and immediately included in search engines.
Attracta is currently used by top hosting providers including HostGator, BlueHost, HostDime, UK2.Net, and HostPapa.
“We were looking for an easy-to-use solution to help our clients obtain more traffic to their websites, and Attracta was a perfect fit,” Brent Oxley, of HostGator, explained when asked why HostGator chose Attracta.
“They have an easy integration into the cPanel API, and an automated, free setup that takes our clients step by step through the process,” Oxley added.
“Attracta has helped our clients increase traffic to their websites,” Oxley continued. “As a host, it has helped us extend the life of our clients, while also adding an additional revenue stream.”
Please visit go.cpanel.net/AttractaDiscuss for more information and to join the program please visit go.cpanel.net/attracta/.
[20120303] – Core – Privilege Escalation
- Project: Joomla!
- SubProject: All
- Severity: High
- Versions: 2.5.2, 2.5.1, 2.5.0, and all 1.7.x and 1.6.x releases
- Exploit type: Privilege Escalation
- Reported Date: 2012-March-12
- Fixed Date: 2012-March-15
Description
Programming error allows privilege escalation in some cases.
Affected Installs
Joomla! versions 2.5.2, 2.5.1, 2.5.0, and all 1.7.x and 1.6.x versions
Solution
Upgrade to version 2.5.3
Reported by Jeff Channel
Contact
The JSST at the Joomla! Security Center.