SUMMARY cPanel, Inc. has updated RPMs for EasyApache 4 with cURL version 7.60.0 and released EasyApache 3.36.5 with cURL 7.60.0 on May 22, 2018. This release addresses vulnerabilities related to CVE-2018-1000300 and CVE-2018-1000301. We strongly encour…
EasyApache 2018-05-22 Security Release Read More »
cPanel TSR-2018-0003 Full Disclosure SEC-393 Summary API tokens retain ACLs that are removed from accounts. Security Rating cPanel has assigned this vulnerability a CVSSv3 score of 6.4 CVSS:3.0/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H Description Starting w…
cPanel TSR-2018-0003 Full Disclosure Read More »
Project: Joomla!
SubProject: CMS
Impact: Low
Severity: Low
Versions: 1.5.0 through 3.8.7
Exploit type: XSS
Reported Date: 2017-October-28
Fixed Date: 2018-May-22
CVE Number: CVE-2018-6378
Description
Inadequate filtering of file and folder names lead…
[20180509] – Core – XSS vulnerability in the media manager Read More »
Project: Joomla!
SubProject: CMS
Impact: Low
Severity: Low
Versions: 3.1.2 through 3.8.7
Exploit type: XSS
Reported Date: 2018-March-30
Fixed Date: 2018-May-22
CVE Number: CVE-2018-XXXX
Description
Under specific circumstances (a redirect issued with…
[20180508] – Core – Possible XSS attack in the redirect method Read More »
Project: Joomla!
SubProject: CMS
Impact: Medium
Severity: Low
Versions: 3.0.0 through 3.8.7
Exploit type: Session race condition
Reported Date: 2017-July-08
Fixed Date: 2018-May-22
CVE Number: CVE-2018-XXXX
Description
A long running background proce…
[20180507] – Core – Session deletion race condition Read More »
Project: Joomla!
SubProject: CMS
Impact: Moderate
Severity: Low
Versions: 3.7.0 through 3.8.7
Exploit type: Remote Code Execution
Reported Date: 2018-May-14
Fixed Date: 2018-May-22
CVE Number: CVE-2018-XXXX
Description
Inadequate filtering allows use…
[20180506] – Core – Filter field in com_fields allows remote code execution Read More »
Project: Joomla!
SubProject: CMS
Impact: Moderate
Severity: Moderate
Versions: 3.0.0 through 3.8.7
Exploit type:XSS
Reported Date:2018-February-02 & 2018-March-27
Fixed Date: 2018-May-22
CVE Number: CVE-2018-XXXX
Description
Inadequate input filt…
[20180505] – Core – XSS Vulnerabilities & additional hardening Read More »
Project: Joomla!
SubProject: CMS
Impact: Low
Severity: Low
Versions: 3.0.0 through 3.8.7
Exploit type: Information Disclosure
Reported Date: 2018-February-09
Fixed Date: 2018-May-22
CVE Number: CVE-2018-XXXX
Description
The web install application wo…
[20180504] – Core – Installer leaks plain text password to local user Read More »
Project: Joomla!
SubProject: CMS
Impact: Low
Severity: Moderate
Versions: 3.1.0 through 3.8.7
Exploit type: Information Disclosure
Reported Date: 2018-April-27
Fixed Date: 2018-May-22
CVE Number: CVE-2018-XXXX
Description
Inadequate checks allowed us…
[20180503] – Core – Information Disclosure about unpublished tags Read More »
Project: Joomla!
SubProject: CMS
Impact: High
Severity: Low
Versions: 2.5.0 through 3.8.7
Exploit type: Malicious file upload
Reported Date: 2018-March-14
Fixed Date: 2018-May-22
CVE Number: CVE-2018-XXXX
Description
Depending on the server configura…
[20180502] – Core – Add PHAR files to the upload blacklist Read More »
