Joomla Security Notice :: March 7, 2014

Started by Jason, March 07, 2014, 09:08:29 AM

Previous topic - Next topic

0 Members and 1 Guest are viewing this topic.

Print
Go Down Pages1
User actions

Jason

March 07, 2014, 09:08:29 AM
Security alert sent today by Joomla:

Quote

Joomla! Security News
[20140301] - Core - SQL Injection
[20140302] - Core - XSS Vulnerability
[20140303] - Core - XSS Vulnerability
[20140304] - Core - Unauthorised Logins
[20140301] - Core - SQL Injection
Posted: 06 Mar 2014 12:30 PM PST
Project: Joomla!
SubProject: CMS
Severity: High
Versions: 3.1.0 through 3.2.2
Exploit type: SQL Injection
Reported Date: 2014-February-06
Fixed Date: 2014-March-06
CVE Number: Pending
Description

Inadequate escaping leads to SQL injection vulnerability.
Affected Installs

Joomla! CMS versions 3.1.0 through 3.2.2
Solution

Upgrade to version 3.2.3
Contact

The JSST at the Joomla! Security Center.
Reported By: ??


[20140302] - Core - XSS Vulnerability
Posted: 06 Mar 2014 12:30 PM PST
Project: Joomla!
SubProject: CMS
Severity: Moderate
Versions: 3.1.2 through 3.2.2
Exploit type: XSS Vulnerability
Reported Date: 2014-March-04
Fixed Date: 2014-March-06
CVE Number: Pending
Description

Inadequate escaping leads to XSS vulnerability in com_contact.
Affected Installs

Joomla! CMS versions 3.1.2 through 3.2.2
Solution

Upgrade to version 3.2.3
Contact

The JSST at the Joomla! Security Center.
Reported By: ??


[20140303] - Core - XSS Vulnerability
Posted: 06 Mar 2014 12:30 PM PST
Project: Joomla!
SubProject: CMS
Severity: Moderate
Versions: 2.5.18 and earlier 2.5.x versions, 3.2.2 and earlier 3.x versions
Exploit type: XSS Vulnerability
Reported Date: 2014-March-05
Fixed Date: 2014-March-06
CVE Number: Pending
Description

Inadequate escaping leads to XSS vulnerability.
Affected Installs

Joomla! CMS versions 2.5.18 and earlier 2.5.x versions, 3.2.2 and earlier 3.x versions
Solution

Upgrade to version 2.5.19 or 3.2.3
Contact

The JSST at the Joomla! Security Center.
Reported By: JSST


[20140304] - Core - Unauthorised Logins
Posted: 06 Mar 2014 12:30 PM PST
Project: Joomla!
SubProject: CMS
Severity: Moderate
Versions: 2.5.18 and earlier 2.5.x versions, 3.2.2 and earlier 3.x versions
Exploit type: Unauthorised Logins
Reported Date: 2014-February-21
Fixed Date: 2014-March-06
CVE Number: Pending
Description

Inadequate checking allowed unauthorised logins via GMail authentication.
Affected Installs

Joomla! CMS versions 2.5.18 and earlier 2.5.x versions, 3.2.2 and earlier 3.x versions
Solution

Upgrade to version 2.5.19 or 3.2.3
Contact

The JSST at the Joomla! Security Center.
Reported By: Stefania Gaianigo

Print
Go Up Pages1
User actions