Cookies warning

On 01 Januar 2015, the rules about cookies on websites changed. This site uses cookies. We have already set cookies which are essential for the operation of this site.

User Login Enregistrement Regain password
Email Username

Joomla! Security News

  1. [20170901] - Core - Information Disclosure

    • Project: Joomla!
    • SubProject: CMS
    • Severity: Low
    • Versions: 3.7.0 through 3.7.5
    • Exploit type: Information Disclosure
    • Reported Date: 2017-August-4
    • Fixed Date: 2017-September-19
    • CVE Number: CVE-2017-14595

    Description

    A logic bug in a SQL query could lead to the disclosure of article intro texts when these articles are in the archived state.

    Affected Installs

    Joomla! CMS versions 3.7.0 through 3.7.5

    Solution

    Upgrade to version 3.8.0

    Contact

    The JSST at the Joomla! Security Centre.

    Reported By:Michal Prochaczek
  2. [20170902] - Core - LDAP Information Disclosure

    • Project: Joomla!
    • SubProject: CMS
    • Severity: Medium
    • Versions: 1.5.0 through 3.7.5
    • Exploit type: Information Disclosure
    • Reported Date: 2017-July-27
    • Fixed Date: 2017-September-19
    • CVE Number: CVE-2017-14596

    Description

    Inadequate escaping in the LDAP authentication plugin can result into a disclosure of username and password.

    Affected Installs

    Joomla! CMS versions 1.5.0 through 3.7.5

    Solution

    Upgrade to version 3.8.0

    Contact

    The JSST at the Joomla! Security Centre.

    Reported By:Dr. Johannes Dahse, RIPS Technologies GmbH
  3. [20170704] - Core - Installer: Lack of Ownership Verification

    • Project: Joomla!
    • SubProject: CMS Installer
    • Severity: High
    • Versions: 1.0.0 through 3.7.3
    • Exploit type: Lack of Ownership Verification
    • Reported Date: 2017-Apr-06
    • Fixed Date: 2017-July-25
    • CVE Number: CVE-2017-11364

    Description

    The CMS installer application lacked a process to verify the users ownership of a webspace, potentially allowing users to gain control.

    Please note: Already installed sites are not affected, as this issue is limited to the installer application!

    Affected Installs

    Joomla! CMS versions 1.0.0 through 3.7.3

    Solution

    Upgrade to version 3.7.4

    Contact

    The JSST at the Joomla! Security Centre.

    Reported By: Hanno Böck
  4. [20170705] - Core - XSS Vulnerability

    • Project: Joomla!
    • SubProject: CMS
    • Severity: Low
    • Versions: 1.5.0 through 3.7.3
    • Exploit type: XSS
    • Reported Date: 2017-April-26
    • Fixed Date: 2017-July-25
    • CVE Number: CVE-2017-11612

    Description

    Inadequate filtering of potentially malicious HTML tags leads to XSS vulnerabilities in various components.

    Affected Installs

    Joomla! CMS versions 1.5.0 through 3.7.3

    Solution

    Upgrade to version 3.7.4

    Contact

    The JSST at the Joomla! Security Centre.

    Reported By: Beat B, JSST
  5. [20170701] - Core - Information Disclosure

    • Project: Joomla!
    • SubProject: CMS
    • Severity: High
    • Versions: 1.7.3 - 3.7.2
    • Exploit type: Information Disclosure
    • Reported Date: 2016-Feb-05
    • Fixed Date: 2017-July-04
    • CVE Number: CVE-2017-9933

    Description

    Improper cache invalidation leads to disclosure of form contents.

    Affected Installs

    Joomla! CMS versions 1.7.3-3.7.2

    Solution

    Upgrade to version 3.7.3

    Contact

    The JSST at the Joomla! Security Centre.

    Reported By: Jeff Channell

Design studio Toulouse- Agence de communication - Création de site internet - Site internet low cost en Haute-Garronne - Site internet pas cher sur Toulouse - Solution informatique pour entreprise- Créer un site internet - Communiquer via le web - Référencement site internet - Création de newsletters - Site vitrine pas cher - Site marchand - Création web - Site internet sur-mesure - Site e-commerce - Création de site web sur Dunkerque - Agence web nord-pas-de-calais - Intégration web - Développement de site - Augmenter la visibilité de son site internet - Référencement naturel - Conseil pour bien référencer mon site - Augmenter le trafic de son site internet - Générer des contacts des visiteurs - Prestation web - Outil web - Hébergement - Gestion de base de données - Moteurs de recherche - Site internet compatible pour mobile smartphone - Refonte site internet - Refonte charte graphique - Être présent sur les réseaux sociaux - Design et conception de site web - Agence de communication Toulouse - Conseil web marketing et référencement - Site internet avec gestion de contenu - Communication internet - Projet web - Site administrable - Web design - Cahier des charges - Agence web Toulouse - CMS - Joomla -Wordpress - Yii framwork - SEO -SEM - SEA

JoomShaper