7 Nov

Latest Joomla Vulnerability News

Author: admin Filed under: headline No Responses

Joomla! Security News

[20091103] – Core – Front-End Editor Issue

Posted: 03 Nov 2009 08:31 AM PST

* Project: Joomla!
* SubProject: com_content
* Severity: Moderate
* Versions: 1.5.14 and all previous 1.5 releases
* Exploit type: Front-End Editing
* Reported Date: 2009-September-05
* Fixed Date: 2009-November-03

Description

When logged into the front end with Author access, it was possible to replace an article written by another user.
Affected Installs

All 1.5.x installs prior to and including 1.5.14 are affected.
Solution

Upgrade to latest Joomla! version (1.5.15 or newer).

Reported by Hannes Papenberg
Contact

The JSST at the Joomla! Security Center.

[20091103] – Core – XML File Read Issue

Posted: 01 Nov 2009 05:03 PM PST

* Project: Joomla!
* SubProject: All
* Severity: Low
* Versions: 1.5.14 and all previous 1.5 releases
* Exploit type: Extension Version Disclosure
* Reported Date: 2009-October-13
* Fixed Date: 2009-Nov-03

Description

It is possible to read the contents of an extension’s XML file and find the version number of the installed extension. This could allow people to exploit a known security flaws for a specific version of an extension.
Affected Installs

All 1.5.x installs prior to and including 1.5.14 are affected.
Solution

Turn on Apache mod_rewrite and configure your .htaccess file to filter out XML files. In the htaccess.txt file shipped with version 1.5.15, lines 35-39 contain example code that will deny access to XML files. You can incorporate this code (or similar code) into your .htaccess file. Be sure to test that it does not cause problems on your site.

Reported by WHK and Gergő Erdősi
Contact

http://developer.joomla.org/security.html

The JSST at the Joomla! Security Center.

Popularity: 1% [?]

If you enjoyed this post, make sure you subscribe to my RSS feed!

Related posts:

  1. Joomla Template XSS vulnerability
  2. Google Removed My Website (Google Search Quality)
  3. sh404SEF 404 Component Not found Solved
  4. Joomla Seo Plugin – Integrate All Joomla Pages With Keywords
  5. WWW and Non-WWW Pagerank difference For same url
  6. How to remove /component/content/article Joomla URls
  7. Google Updates Latest News Results
  8. Latest Wordpress 2.7 Template
  9. Iphone How To Hack – Safer Than Before
  10. Unable to create directory – Is its parent directory writable by the server?
  11. How to automatically fix URL spelling mistakes
  12. Code Which Hacked Google
  13. Free Latest Wordpress Themes
  14. How To Remove Time/Date Stamp From Blogspot & Wordpress
  15. Safest Browser – World’s safest Browser Mystery Continues
  16. How to remove category base from permalinks.
  17. Revenue drop in admob earning after google acquiring news
  18. Submit 50000 urls To search engines
  19. Best adsense module (Plugins) for joomla
  20. World’s First Hack-Proof Processor And Operating System From China
  21. emails latest
  22. How to Remove Malicious Footer Links Code In Wordpress
  23. How to Add New Sidebar To Wordpress

Written on November 7 2009 and is filed under headline. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.
«
»

Leave a Reply