Top Crowdfunding Experts Roundup

Leave a Comment / Site Tips /

Crowdfunding fans are likely already familiar with the world of Kickstarter, Indiegogo, and Vann Alexandra. But what do the experts behind these companies have to say about how best to prepare for crowdfunding success? Read on to discover thoughts from three top experts about how to avoid crowdfunding failure and best to strategize for 2017. […]

The post Top Crowdfunding Experts Roundup appeared first on .

Top Crowdfunding Experts Roundup Read More »

Making it Big in the Big Apple: Fiverr NYC April Workshop

Leave a Comment / Site Tips /

Need a side-hustle? How about a side Gig that can become your full-time Gig? Fiverr NYC is proud to host a night of tips and tricks from specialists who will deliver a fun-filled workshop about the three critical elements to building a successful business: starting, growing, and maximizing what you’ve created. A Fiverr family member […]

The post Making it Big in the Big Apple: Fiverr NYC April Workshop appeared first on .

Making it Big in the Big Apple: Fiverr NYC April Workshop Read More »

[20170408] – Core – Information Disclosure

Leave a Comment / Joomla /
  • Project: Joomla!
  • SubProject: CMS
  • Severity: Low
  • Versions: 3.4.0 through 3.6.5
  • Exploit type: Information Disclosure
  • Reported Date: 2016-Feb-06
  • Fixed Date: 2017-April-25
  • CVE Number: CVE-2017-8057

Description

Multiple files caused full path disclosures on systems with enabled error reporting.

Affected Installs

Joomla! CMS versions 3.4.0 through 3.6.5

Solution

Upgrade to version 3.7.0

Contact

The JSST at the Joomla! Security Centre.

Reported By: Sim of tencent security

[20170408] – Core – Information Disclosure Read More »

[20170407] – Core – ACL Violations

Leave a Comment / Joomla /
  • Project: Joomla!
  • SubProject: CMS
  • Severity: Low
  • Versions: 3.2.0 through 3.6.5
  • Exploit type: ACL Violation
  • Reported Date: 2017-March-01
  • Fixed Date: 2017-April-25
  • CVE Number: CVE-2017-7989

Description

Inadequate mime type checks allowed low-privilege users to upload swf files even if they were explicitly forbidden.

Affected Installs

Joomla! CMS versions 3.2.0 through 3.6.5

Solution

Upgrade to version 3.7.0

Contact

The JSST at the Joomla! Security Centre.

Reported By: Abdullah Hussam

[20170407] – Core – ACL Violations Read More »

[20170406] – Core – ACL Violations

Leave a Comment / Joomla /
  • Project: Joomla!
  • SubProject: CMS
  • Severity: Low
  • Versions: 1.6.0 through 3.6.5
  • Exploit type: ACL Violation
  • Reported Date: 2016-April-29
  • Fixed Date: 2017-April-25
  • CVE Number: CVE-2017-7988

Description

Inadequate filtering of form contents lead allow to overwrite the author of an article.

Affected Installs

Joomla! CMS versions 1.6.0 through 3.6.5

Solution

Upgrade to version 3.7.0

Contact

The JSST at the Joomla! Security Centre.

Reported By: T-Systems Multimedia Solutions

[20170406] – Core – ACL Violations Read More »

[20170405] – Core – XSS Vulnerability

Leave a Comment / Joomla /
  • Project: Joomla!
  • SubProject: CMS
  • Severity: Low
  • Versions: 3.2.0 through 3.6.5
  • Exploit type: XSS
  • Reported Date: 2016-February-28
  • Fixed Date: 2017-April-25
  • CVE Number: CVE-2017-7987

Description

Inadequate escaping of file and folder names leads to XSS vulnerabilites in the template manager component.

Affected Installs

Joomla! CMS versions 3.2.0 through 3.6.5

Solution

Upgrade to version 3.7.0

Contact

The JSST at the Joomla! Security Centre.

Reported By: David Jardin

[20170405] – Core – XSS Vulnerability Read More »

[20170404] – Core – XSS Vulnerability

Leave a Comment / Joomla /
  • Project: Joomla!
  • SubProject: CMS
  • Severity: Low
  • Versions: 1.5.0 through 3.6.5
  • Exploit type: XSS
  • Reported Date: 2017-February-22
  • Fixed Date: 2017-April-25
  • CVE Number: CVE-2017-7986

Description

Inadequate filtering of specific HTML attributes leads to XSS vulnerabilites in various components.

Affected Installs

Joomla! CMS versions 1.5.0 through 3.6.5

Solution

Upgrade to version 3.7.0

Contact

The JSST at the Joomla! Security Centre.

Reported By: Fortinet’s FortiGuard Labs

[20170404] – Core – XSS Vulnerability Read More »

[20170403] – Core – XSS Vulnerability

Leave a Comment / Joomla /
  • Project: Joomla!
  • SubProject: CMS
  • Severity: Low
  • Versions: 1.5.0 through 3.6.5
  • Exploit type: XSS
  • Reported Date: 2017-March-21
  • Fixed Date: 2017-April-25
  • CVE Number: CVE-2017-7985

Description

Inadequate filtering of multibyte characters leads to XSS vulnerabilites in various components.

Affected Installs

Joomla! CMS versions 1.5.0 through 3.6.5

Solution

Upgrade to version 3.7.0

Contact

The JSST at the Joomla! Security Centre.

Reported By: Fortinet’s FortiGuard Labs

[20170403] – Core – XSS Vulnerability Read More »

[20170402] – Core – XSS Vulnerability

Leave a Comment / Joomla /
  • Project: Joomla!
  • SubProject: CMS
  • Severity: Low
  • Versions: 3.2.0 through 3.6.5
  • Exploit type: XSS
  • Reported Date: 2016-December-23
  • Fixed Date: 2017-April-25
  • CVE Number: CVE-2017-7984

Description

Inadequate filtering leads to XSS in the template manager component.

Affected Installs

Joomla! CMS versions 3.2.0 through 3.6.5

Solution

Upgrade to version 3.7.0

Contact

The JSST at the Joomla! Security Centre.

Reported By: Chen Ruiqi

[20170402] – Core – XSS Vulnerability Read More »

[20170401] – Core – Information Disclosure

Leave a Comment / Joomla /
  • Project: Joomla!
  • SubProject: CMS
  • Severity: Low
  • Versions: 1.5.0 through 3.6.5
  • Exploit type: Information Disclosure
  • Reported Date: 2017-Jan-02
  • Fixed Date: 2017-April-25
  • CVE Number: CVE-2017-7983

Description

Mail sent using the JMail API leaked the used PHPMailer version in the mail headers.

Affected Installs

Joomla! CMS versions 1.5.0 through 3.6.5

Solution

Upgrade to version 3.7.0

Contact

The JSST at the Joomla! Security Centre.

Reported By: Conor McKnight

[20170401] – Core – Information Disclosure Read More »