Posts Tagged ‘Joomla’


Joomla! vulnerabilitiesFive vulnerabilities in the content management system Joomla!

These flaws allows a remote user to elevate privileges on the system by exploiting SQL injection. One of vulnerabilities in Joomla! allows an attacker to gain administrator rights.

The developers of the popular content management system Joomla released a security update that fixes five vulnerabilities. One of flaws allows an attacker to remotely elevate privileges using the SQL-injection and obtain administrator rights on most web-sites running Joomla!. (more…)

Joomla WordPressExperts warn web developers about growing number of attacks to the WordPress and Joomla platforms.

Researchers at the Sans Institute said they had received several reports of attempted attacks on the popular content management system (CMS), including WordPress and Joomla. Compromised web-sites have been infected with malicious code, redirect users to third-party portals.

Researcher John Bambenek, CEO Bambenek Consulting, a leading blog Sans Institute, said that the incident is of particular interest because of the attempts to attack intruders massively page by hacking servers.

“It is interesting to note that this does not seem to Exploit search produces a vulnerability. Apparently, hackers scanning servers for multiple breaches Joomla and WordPress”, – the expert added on his personal blog. (more…)

Vulnerability

Multiple vulnerabilities in Joomla!

Vulnerability: Multiple vulnerabilities in Joomla!

Danger: Low
Patch: Yes
Number of vulnerabilities: 1

CVE ID: CVE-2012-5827
Vector of operation: Remote
Impact: Cross Site Scripting
Security Bypass

Affected products: Joomla! 2.x

Affected versions: Joomla! 2.5.7 possibly earlier.

Description:

The vulnerability allows malicious people to conduct XSS attacks. (more…)

Joomla vulnerability

SQL-injection in Spider Catalog

Vulnerability:SQL-injection in the Joomla! Spider Catalog

Danger: middle
Number of vulnerabilities: 1

Impact: Unauthorized change

Affected products: Spider Catalog 1.x (component for Joomla!)

Affected versions: Joomla! Spider Catalog 1.1, maybe earlier

Description:

The vulnerability allows a remote user to execute arbitrary SQL commands in the application database. (more…)

Joomla vulnerabilityJoomla! one of the most powerful content management system with Open Source (Open Source CMS) on the planet. It is used all over the world for everything from simple websites to complex corporate applications. Joomla! easy to install, simple to manage, reliable.

Administer the site – is the management policies and procedures input, storage and output of data on the site. This can be data, graphics or tables. The data is entered in a special program (like another site within your site) which locates and stores your data. This program is called a content management system (the administrative module).

Working with the administrative module is performed remotely from any computer with access to the Internet. To operate the system enough to have a computer web-browser (the default is already installed on almost all computers.) Installation of any additional software components are required. (more…)

Joomla vulnerabilityVulnerability: Cross-site scripting in Joomla!

Danger: Low
If the Patch: Yes
Number of vulnerabilities: 1
Impact: Cross Site Scripting
Affected products: Joomla! 3.x

Affected versions: Joomla! versions prior to 3.0.1.

Description:

The vulnerability allows malicious people to conduct XSS attacks. (more…)

Joomla vulnerabilityVulnerability: System compromise in Joomla! MijoFTP

Danger: High
If the Patch: Yes
Number of vulnerabilities: 1
Impact: System Compromise
Affected products: MijoFTP 1.x (component for Joomla!)

Affected versions: Joomla! MijoFTP versions up to 1.1.0. (more…)

Joomla vulnerabilityAffected products: iCagenda 1.x (Component for Joomla!)

Impact: Unauthorized change

Affected versions: Joomla! iCagenda 1.1.4, possibly earlier.

Description:

The vulnerability allows a remote user to execute arbitrary SQL commands in the application database.

The vulnerability is caused due to insufficient input validation in the “id” parameter in the script index.php (when the parameter “option” is “com_icagenda”, “view” is “list”, and “layout” is “event”). This can be exploited to execute arbitrary SQL commands in the application database. (more…)

Joomla vulnerabilityAffected products: Komento 1.x (component for Joomla!)

Affected versions: Joomla! Komento 1.0.2769, possibly earlier.

Description:

The vulnerability allows a remote user to execute arbitrary SQL commands in the application database.

The vulnerability is caused due to insufficient input validation in the parameter “cid” in the script index.php / component / komento / rss (when the parameter “view” is “rss”). This can be exploited to execute arbitrary SQL commands in the application database. (more…)