SITE TIPS.info - Page 752 of 895 - security news & tips for the website community

[20170407] – Core – ACL Violations

Leave a Comment / Joomla / Tipper2010

Project: Joomla!
SubProject: CMS
Severity: Low
Versions: 3.2.0 through 3.6.5
Exploit type: ACL Violation
Reported Date: 2017-March-01
Fixed Date: 2017-April-25
CVE Number: CVE-2017-7989

Description

Inadequate mime type checks allowed low-privilege users to upload swf files even if they were explicitly forbidden.

Affected Installs

Joomla! CMS versions 3.2.0 through 3.6.5

Solution

Upgrade to version 3.7.0

Contact

The JSST at the Joomla! Security Centre.

Reported By: Abdullah Hussam

[20170407] – Core – ACL Violations Read More »

[20170406] – Core – ACL Violations

Leave a Comment / Joomla / Tipper2010

Project: Joomla!
SubProject: CMS
Severity: Low
Versions: 1.6.0 through 3.6.5
Exploit type: ACL Violation
Reported Date: 2016-April-29
Fixed Date: 2017-April-25
CVE Number: CVE-2017-7988

Description

Inadequate filtering of form contents lead allow to overwrite the author of an article.

Affected Installs

Joomla! CMS versions 1.6.0 through 3.6.5

Solution

Upgrade to version 3.7.0

Contact

The JSST at the Joomla! Security Centre.

Reported By: T-Systems Multimedia Solutions

[20170406] – Core – ACL Violations Read More »

[20170405] – Core – XSS Vulnerability

Leave a Comment / Joomla / Tipper2010

Project: Joomla!
SubProject: CMS
Severity: Low
Versions: 3.2.0 through 3.6.5
Exploit type: XSS
Reported Date: 2016-February-28
Fixed Date: 2017-April-25
CVE Number: CVE-2017-7987

Description

Inadequate escaping of file and folder names leads to XSS vulnerabilites in the template manager component.

Affected Installs

Joomla! CMS versions 3.2.0 through 3.6.5

Solution

Upgrade to version 3.7.0

Contact

The JSST at the Joomla! Security Centre.

Reported By: David Jardin

[20170405] – Core – XSS Vulnerability Read More »

[20170404] – Core – XSS Vulnerability

Leave a Comment / Joomla / Tipper2010

Project: Joomla!
SubProject: CMS
Severity: Low
Versions: 1.5.0 through 3.6.5
Exploit type: XSS
Reported Date: 2017-February-22
Fixed Date: 2017-April-25
CVE Number: CVE-2017-7986

Description

Inadequate filtering of specific HTML attributes leads to XSS vulnerabilites in various components.

Affected Installs

Joomla! CMS versions 1.5.0 through 3.6.5

Solution

Upgrade to version 3.7.0

Contact

The JSST at the Joomla! Security Centre.

Reported By: Fortinet’s FortiGuard Labs

[20170404] – Core – XSS Vulnerability Read More »

[20170403] – Core – XSS Vulnerability

Leave a Comment / Joomla / Tipper2010

Project: Joomla!
SubProject: CMS
Severity: Low
Versions: 1.5.0 through 3.6.5
Exploit type: XSS
Reported Date: 2017-March-21
Fixed Date: 2017-April-25
CVE Number: CVE-2017-7985

Description

Inadequate filtering of multibyte characters leads to XSS vulnerabilites in various components.

Affected Installs

Joomla! CMS versions 1.5.0 through 3.6.5

Solution

Upgrade to version 3.7.0

Contact

The JSST at the Joomla! Security Centre.

Reported By: Fortinet’s FortiGuard Labs

[20170403] – Core – XSS Vulnerability Read More »

[20170402] – Core – XSS Vulnerability

Leave a Comment / Joomla / Tipper2010

Project: Joomla!
SubProject: CMS
Severity: Low
Versions: 3.2.0 through 3.6.5
Exploit type: XSS
Reported Date: 2016-December-23
Fixed Date: 2017-April-25
CVE Number: CVE-2017-7984

Description

Inadequate filtering leads to XSS in the template manager component.

Affected Installs

Joomla! CMS versions 3.2.0 through 3.6.5

Solution

Upgrade to version 3.7.0

Contact

The JSST at the Joomla! Security Centre.

Reported By: Chen Ruiqi

[20170402] – Core – XSS Vulnerability Read More »

[20170401] – Core – Information Disclosure

Leave a Comment / Joomla / Tipper2010

Project: Joomla!
SubProject: CMS
Severity: Low
Versions: 1.5.0 through 3.6.5
Exploit type: Information Disclosure
Reported Date: 2017-Jan-02
Fixed Date: 2017-April-25
CVE Number: CVE-2017-7983

Description

Mail sent using the JMail API leaked the used PHPMailer version in the mail headers.

Affected Installs

Joomla! CMS versions 1.5.0 through 3.6.5

Solution

Upgrade to version 3.7.0

Contact

The JSST at the Joomla! Security Centre.

Reported By: Conor McKnight

[20170401] – Core – Information Disclosure Read More »

Roots run deep for American growers

Leave a Comment / Business Talk, Site Tips / Tipper2010

(BPT) – The trend of home and community gardens is on the rise in the U.S. A 2014 study by the National Gardening Association found 1 in 3 households now grow their own food to help put breakfast, lunch and dinner on kitchen tables. While more and more…

Roots run deep for American growers Read More »

Roots run deep for American growers

Leave a Comment / Business Talk, Site Tips / Tipper2010

(BPT) – The trend of home and community gardens is on the rise in the U.S. A 2014 study by the National Gardening Association found 1 in 3 households now grow their own food to help put breakfast, lunch and dinner on kitchen tables. While more and more…

Roots run deep for American growers Read More »

How to Find the Perfect Workspace for You (and Your Business)

Leave a Comment / Site Tips / Tipper2010

Setting up a startup by yourself is never easy, but you know that – after all those long nights spent forming a winning business plan. As your business grows, so will the size of your team. From interviewing prospective employees to finding an office space that can accommodate everyone, there will only ever be more […]

The post How to Find the Perfect Workspace for You (and Your Business) appeared first on .

How to Find the Perfect Workspace for You (and Your Business) Read More »