The Joomla! Community Portal ™

JoomlaConnect

JoomlaConnect - Security English

(View All Languages)

Recent Posts

plg_highlight_button, 1.5 and previious sqli

  • Report this


plg_highlight_button, 1.5 and previious versions, SQL Injection

Update notice: http://www.jonijnm.es/web/descargas/category/9-highlight-code.html

Keep reading about: plg_highlight_button, 1.5 and previious sqli...
 

plg_highlight_content, 1.5 and previous

  • Report this


plg_highlight_content, 1.5 and previious versions, XSS (Cross Site Scripting)

update notice: http://www.jonijnm.es/web/descargas/category/9-highlight-code.html

Keep reading about: plg_highlight_content, 1.5 and previous...
 

[20140302] - Core - XSS Vulnerability

  • Report this


  • Project: Joomla!
  • SubProject: CMS
  • Severity: Moderate
  • Versions: 3.1.2 through 3.2.2
  • Exploit type: XSS Vulnerability
  • Reported Date: 2014-March-04
  • Fixed Date: 2014-March-06
  • CVE Number: Pending

Description

Inadequate escaping leads to XSS vulnerability in com_contact.

Affected Installs

Joomla! CMS versions 3.1.2 through 3.2.2

Solution

Upgrade to version 3.2.3

Contact

The JSST at the Joomla!...

Keep reading about: [20140302] - Core - XSS Vulnerability...
 

[20140303] - Core - XSS Vulnerability

  • Report this


  • Project: Joomla!
  • SubProject: CMS
  • Severity: Moderate
  • Versions: 2.5.18 and earlier 2.5.x versions, 3.2.2 and earlier 3.x versions
  • Exploit type: XSS Vulnerability
  • Reported Date: 2014-March-05
  • Fixed Date: 2014-March-06
  • CVE Number: Pending

Description

Inadequate escaping leads to XSS vulnerability.

Affected Installs

Joomla! CMS versions 2.5.18 and earlier 2.5.x versions, 3.2.2 and earlier 3.x...

Keep reading about: [20140303] - Core - XSS Vulnerability...
 

[20140304] - Core - Unauthorised Logins

  • Report this


  • Project: Joomla!
  • SubProject: CMS
  • Severity: Moderate
  • Versions: 2.5.18 and earlier 2.5.x versions, 3.2.2 and earlier 3.x versions
  • Exploit type: Unauthorised Logins
  • Reported Date: 2014-February-21
  • Fixed Date: 2014-March-06
  • CVE Number: Pending

Description

Inadequate checking allowed unauthorised logins via GMail authentication.

Affected Installs

Joomla! CMS versions 2.5.18 and earlier 2.5.x...

Keep reading about: [20140304] - Core - Unauthorised Logins...
 

[20140301] - Core - SQL Injection

  • Report this


  • Project: Joomla!
  • SubProject: CMS
  • Severity: High
  • Versions: 3.1.0 through 3.2.2
  • Exploit type: SQL Injection
  • Reported Date: 2014-February-06
  • Fixed Date: 2014-March-06
  • CVE Number: Pending

Description

Inadequate escaping leads to SQL injection vulnerability.

Affected Installs

Joomla! CMS versions 3.1.0 through 3.2.2

Solution

Upgrade to version 3.2.3

Contact

The JSST at the Joomla! Security...

Keep reading about: [20140301] - Core - SQL Injection...
 

ActiveHelper LiveHelp, 3.2.0, sqli

  • Report this


ActiveHelper LiveHelp, 3.2.0, SQL Injection

Keep reading about: ActiveHelper LiveHelp, 3.2.0, sqli...
 

ActiveHelper LiveHelp, 3.2.0, sqli

  • Report this


ActiveHelper LiveHelp, 3.2.0, SQL Injection
We already updated the LiveHelp Server to the version 3.3.0 that include a security patch that fixes the reported issue. We also include a few improvements on other units.
 
Update Notice URL
 
http://www.activehelper.com/kunena/7-news-announcements-a-tutorials/11846-livehelp-server-ver-3-3-0-for-joomla-1-5-2-5-3

Keep reading about: ActiveHelper LiveHelp, 3.2.0, sqli...
 

JJ Shoutbox, 1.2.6,

  • Report this


JJ Shoutbox, 1.2.6, Other
Developer statement
This security issue was for version 1.2.6 of JJ Shoutbox. We fixed this issue last night and released version 1.3.0     http://joomjunk.co.uk/products/module-home/shoutbox.html#changelog

Keep reading about: JJ Shoutbox, 1.2.6,...
 

Google Maps plugin for Joomla, pre 3.1 and 2.20,

  • Report this


Google Maps plugin for Joomla, 3.1 and 2.20, XSS (Cross Site Scripting) joomla-base
reumer.net
developer statement
A SECURITY RELEASE 3.1 of plugin Google Maps by Reumer is released and this must be applied to your Joomla installation. http://tech.reumer.net/Google-Maps/Documentation-of-plugin-Googlemap/security-release-3-1-of-plugin-googlemaps.html

Keep reading about: Google Maps plugin for Joomla, pre 3.1 and 2.20,...
 


To get your feed included in JoomlaConnect, see our page on getting connected.