The Joomla! Community Portal ™

JoomlaConnect

JoomlaConnect - Security English

(View All Languages)

Recent Posts

Akeeba CMS Update

  • Report this


Extension Update Details

Akeeba CMS Update 1.0.2


Update Notice URL
https://www.akeebabackup.com/home/news/1605-security-update-sep-2014.html

Keep reading about: Akeeba CMS Update...
 

Akeeba Backup

  • Report this


Extension Update Details

Akeeba Backup 4.0.4


UpdateNoticeURL
https://www.akeebabackup.com/home/news/1605-security-update-sep-2014.html

Keep reading about: Akeeba Backup...
 

[20140904] - Core - Denial of Service

  • Report this


  • Project: Joomla!
  • SubProject: CMS
  • Severity: Low
  • Versions: 2.5.4 through 2.5.25, 3.2.5 and earlier 3.x versions, 3.3.0 through 3.3.4
  • Exploit type: Denial of Service
  • Reported Date: 2014-September-24
  • Fixed Date: 2014-September-30
  • CVE Number: CVE-2014-7229

Description

Inadequate checking allowed the potential for a denial of service attack.

Affected Installs

Joomla! CMS versions 2.5.4 through...

Keep reading about: [20140904] - Core - Denial of Service...
 

[20140903] - Core - Remote File Inclusion

  • Report this


  • Project: Joomla!
  • SubProject: CMS
  • Severity: Moderate
  • Versions: 2.5.4 through 2.5.25, 3.2.5 and earlier 3.x versions, 3.3.0 through 3.3.4
  • Exploit type: Remote File Inclusion
  • Reported Date: 2014-September-24
  • Fixed Date: 2014-September-30
  • CVE Number: CVE-2014-7228

Description

Inadequate checking allowed the potential for remote files to be executed.

Affected Installs

Joomla! CMS versions 2.5.4...

Keep reading about: [20140903] - Core - Remote File Inclusion...
 

Hika Shop

  • Report this


HikaShop 2.3.2 and below also Hika Market 1.4.3 and below

Remote code execution

Note that developer did not inform the VEL

Keep reading about: Hika Shop...
 

Hika Shop

  • Report this


HikaShop 2.3.2 and below also Hika Market 1.4.3 and below

Remote code execution

Note that developer did not inform the VEL

Notice of resolution: http://www.hikashop.com/index.php?option=com_content&view=article&id=269

 

Keep reading about: Hika Shop...
 

JDownloads

  • Report this


unauthorized file upload

vulnerable versions: below 1.9.1.6 (Joomla 2.5) and below 1.9.2.11 (Joomla 3)

security release announcement: http://www.jdownloads.com/index.php?option=com_content&view=article&id=231:urgent-security-update-for-19-series&catid=51:news

 

Note that the developer did not inform the VEL

Keep reading about: JDownloads...
 

[20140901] - Core - XSS Vulnerability

  • Report this


  • Project: Joomla!
  • SubProject: CMS
  • Severity: Moderate
  • Versions: 3.2.0 through 3.2.4, 3.3.0 through 3.3.3
  • Exploit type: XSS Vulnerability
  • Reported Date: 2014-August-27
  • Fixed Date: 2014-September-23
  • CVE Number: CVE-2014-6631

Description

Inadequate escaping leads to XSS vulnerability in com_media.

Affected Installs

Joomla! CMS versions 3.2.0 through 3.2.4 and 3.3.0 through...

Keep reading about: [20140901] - Core - XSS Vulnerability...
 

[20140902] - Core - Unauthorised Logins

  • Report this


  • Project: Joomla!
  • SubProject: CMS
  • Severity: Moderate
  • Versions: 2.5.24 and earlier 2.5.x versions, 3.2.4 and earlier 3.x versions, 3.3.0 through 3.3.3
  • Exploit type: Unauthorised Logins
  • Reported Date: 2014-September-09
  • Fixed Date: 2014-September-23
  • CVE Number: CVE-2014-6632

Description

Inadequate checking allowed unauthorised logins via LDAP authentication.

Affected Installs

Joomla! CMS...

Keep reading about: [20140902] - Core - Unauthorised Logins...
 

Spider Contacts 1.3.6 SQLI

  • Report this


Joomla Spider Contacts 1.3.6 SQL Injection

Keep reading about: Spider Contacts 1.3.6 SQLI...
 


To get your feed included in JoomlaConnect, see our page on getting connected.