The essential news about content management systems and mobile technology.
Powered by Joocial, XT Search for Algolia, and SlimApps.

  • Project: Joomla!
  • SubProject: CMS
  • Severity: Low
  • Versions: 3.0.0 through 3.4.1
  • Exploit type: Open Redirect
  • Reported Date: 2015-June-01
  • Fixed Date: 2015-June-30
  • CVE Number: tbd

Description

Inadequate checking of the return value allowed to redirect to an extern page.

Affected Installs

Joomla! CMS versions 3.0.0 through 3.4.1

Solution

Upgrade to version 3.4.2

Contact

The JSST at the Joomla! Security Center....

Reported By: Sharath Unni and Steven Sweeting

Read more

  • Project: Joomla!
  • SubProject: CMS
  • Severity: Low
  • Versions: 2.5.4 through 2.5.25, 3.2.5 and earlier 3.x versions, 3.3.0 through 3.3.4
  • Exploit type: Denial of Service
  • Reported Date: 2014-September-24
  • Fixed Date: 2014-September-30
  • CVE Number: CVE-2014-7229

Description

Inadequate checking allowed the potential for a denial of service attack.

Affected Installs

Joomla! CMS versions 2.5.4 through 2.5.25, 3.2.5 and earlier 3.x versions, 3.3.0 through 3.3.4

Solution

Upgrade to version 2.5.26, 3.2.6, or 3.3.5

Contact

The JSST at the Joomla! Security Center....

Reported By: Johannes Dahse image
image

Read more

  • Project: Joomla!
  • SubProject: CMS
  • Severity: Moderate
  • Versions: 3.2.0 through 3.2.4, 3.3.0 through 3.3.3
  • Exploit type: XSS Vulnerability
  • Reported Date: 2014-August-27
  • Fixed Date: 2014-September-23
  • CVE Number: CVE-2014-6631

Description

Inadequate escaping leads to XSS vulnerability in com_media.

Affected Installs

Joomla! CMS versions 3.2.0 through 3.2.4 and 3.3.0 through 3.3.3

Solution

Upgrade to version 3.2.5 or 3.3.4

Contact

The JSST at the Joomla! Security Center....

Reported By: Dingjie (Daniel) Yang
image
image

Read more

  • Project: Joomla!
  • SubProject: CMS
  • Severity: Moderate
  • Versions: 2.5.4 through 2.5.25, 3.2.5 and earlier 3.x versions, 3.3.0 through 3.3.4
  • Exploit type: Remote File Inclusion
  • Reported Date: 2014-September-24
  • Fixed Date: 2014-September-30
  • CVE Number: CVE-2014-7228

Description

Inadequate checking allowed the potential for remote files to be executed.

Affected Installs

Joomla! CMS versions 2.5.4 through 2.5.25, 3.2.5 and earlier 3.x versions, 3.3.0 through 3.3.4

Solution

Upgrade to version 2.5.26, 3.2.6, or 3.3.5

Additional Details

Please refer to AkeebaBackup.com for additional details.

Contact

The JSST at the Joomla! Security Center....

Reported By: Johannes Dahse image
image

Read more

  • Project: Joomla!
  • SubProject: CMS
  • Severity: Moderate
  • Versions: 2.5.24 and earlier 2.5.x versions, 3.2.4 and earlier 3.x versions, 3.3.0 through 3.3.3
  • Exploit type: Unauthorised Logins
  • Reported Date: 2014-September-09
  • Fixed Date: 2014-September-23
  • CVE Number: CVE-2014-6632

Description

Inadequate checking allowed unauthorised logins via LDAP authentication.

Affected Installs

Joomla! CMS versions 2.5.24 and earlier 2.5.x versions, 3.2.4 and earlier 3.x versions, 3.3.0 through 3.3.3

Solution

Upgrade to version 2.5.25, 3.2.5, or 3.3.4

Contact

The JSST at the Joomla! Security Center....

Reported By: Matthew Daley
image
image

Read more