[20121102] – Core – Clickjacking

Oct08
by Ike on October 8, 2012 at 9:09 pm
Posted In: CMS, Core Security, Joomla, security
  • Project: Joomla!
  • SubProject: All
  • Severity: Moderate
  • Versions: 2.5.7 and all earlier 2.5.x versions
  • Exploit type: Clickjacking vulnerability
  • Reported Date: 2012-October-15
  • Fixed Date: 2012-November-08
  • CVE Number: CVE-2012-5827

Description

Inadequate protection leads to clickjacking vulnerability.

Affected Installs

Joomla! version 2.5.7 and all earlier 2.5.x versions.

Solution

Upgrade to version 2.5.8

Reported by Ajay Singh Negi

Contact

The JSST at the Joomla! Security Center.

└ Tags:
 Comment 

Plesk Mirror Setup Tool 1.2

Oct08
by Ike on October 8, 2012 at 5:35 am
Posted In: Plesk, Releases

New version of Plesk Mirror Setup Tool 1.2 is uploaded to the article http://kb.parallels.com/113337
Synchronization of extensions/ directory for Linux versions of Plesk has been added.

└ Tags: ,
 Comment 

Ubuntu: 1588-1: Software Properties vulnerability

Oct07
by Ike on October 7, 2012 at 7:26 am
Posted In: Uncategorized

(Oct 1) Software Properties could be tricked into installing arbitrary PPA GPG keys.

 Comment 

Ubuntu: 1595-1: libxslt vulnerabilities

Oct07
by Ike on October 7, 2012 at 7:26 am
Posted In: Uncategorized

(Oct 4) Applications using libxslt could be made to crash or run programs as yourlogin if they processed a specially crafted file.

 Comment 

Debian: 2555-1: libxslt: Multiple vulnerabilities

Oct06
by Ike on October 6, 2012 at 7:22 am
Posted In: Uncategorized

(Oct 5) Nicholas Gregoire and Cris Neckar discovered several memory handling bugs in libxslt, which could lead to denial of service or the execution of arbitrary code if a malformed document is processed. [More…]

└ Tags:
 Comment 

50 queries. 8.75 mb Memory usage. 5.407 seconds.