Posts Tagged ‘security updates’

Joomla Security Alert: Core – Negative Values for Limit and Offset

April 24th, 2010 | Author: Lahle Wolfe

Core – Negative Values for Limit and Offset
Posted: 23 Apr 2010 10:31 AM PDT

  • Project: Joomla!
  • SubProject: All
  • Severity: Moderate
  • Versions: 1.5.15 and all previous 1.5 releases
  • Exploit type: information Disclosure
  • Reported Date: 2010-Feb-21
  • Fixed Date: 2010-Apr-23

Description: If a user entered a URL with a negative query limit or offset, a PHP notice would display revealing information about the system.

Affected Installs: All 1.5.x installs prior to and including 1.5.15 are affected.

Solution: Upgrade to the latest Joomla! version (1.5.16 or later)

Joomla! Security Center

Share
Posted in Technology|Security Updates | Tags: | Comments Closed

Joomla Security Update: Core – Installer Migration Script

April 24th, 2010 | Author: Lahle Wolfe

Core – Installer Migration Script
Posted: 23 Apr 2010 10:27 AM PDT

  • Project: Joomla!
  • SubProject: All
  • Severity: Low
  • Versions: 1.5.15 and all previous 1.5 releases
  • Exploit type: Code upload
  • Reported Date: 2009-Dec-30
  • Fixed Date: 2010-Apr-23

Description: The migration script in the Joomla! installer does not check the file type being uploaded. If the installation application is present, an attacker could use it to upload malicious files to a server.

Affected Installs: All 1.5.x installs prior to and including 1.5.15 are affected.

Solution: Upgrade to the latest Joomla! version (1.5.16 or later)

Joomla Security Center

Share
Posted in Technology|Security Updates | Tags: , | Comments Closed

Joomla Security Update: Core – Sessation Fixation

April 24th, 2010 | Author: Lahle Wolfe

Joomla Security Update: Core – Sessation Fixation
Posted: 23 Apr 2010 10:22 AM PDT

  • Project: Joomla!
  • SubProject: All
  • Severity: Moderate
  • Versions: 1.5.15 and all previous 1.5 releases
  • Exploit type: Session fixation
  • Reported Date: 2010-Mar-25
  • Fixed Date: 2010-Apr-23

Description: Session id doesn’t get modified when user logs in.  A remote site may be able to forward a visitor to the Joomla! site and set a specific cookie.  If the user then logs in, the remote site can use that cookie to authenticate as that user.

Affected Installs: All 1.5.x installs prior to and including 1.5.15 are affected.

Solution: Upgrade to the latest Joomla! version (1.5.16 or later)

Joomla Security Center

Share
Posted in Technology|Security Updates | Tags: , | 1 Comment »

Joomla security update – Core – Password Reset Tokens

April 24th, 2010 | Author: Lahle Wolfe

If your site is built in Joomla, be sure to pass this important Joomla security alert along to your IT guru.

[20100423] – Core – Password Reset Tokens

Posted: 22 Apr 2010 05:00 PM PDT

  • Project: Joomla!
  • SubProject: All
  • Severity: Low
  • Versions: 1.5.15 and all previous 1.5 releases
  • Exploit type: Unauthorized Access
  • Reported Date: 2010-Jan-07
  • Fixed Date: 2010-Apr-23

Description: When a user requests a password reset, the reset tokens were stored in plain text in the database. While this is not a vulnerability in itself, it allows user accounts to be compromised if there is an extension on the site with an SQL injection vulnerability.

Affected Installs: All 1.5.x installs prior to and including 1.5.15 are affected.

Solution: Upgrade to the latest Joomla! version (1.5.16 or later)

More Information: Joomla! Security Center.

Share
Posted in Technology|Security Updates | Tags: , | Comments Closed
LAWolfe Web Marketing

Promote Your Page Too
Must Read Attorney Marketing

Read My Book Review

Archives

Contact Us | Privacy / Disclaimer | About Us
Copyright © 2011 LA Wolfe Web Marketing Services. All Rights Reserved.

Designed by LA Wolfe Web Marketing Services.