ICAVOR - Il·lustre Col·legi d'Advocats del Vallès Oriental

Normes Cookies: ICAVOR utilitza cookies amb finalitats funcionals i analítics Més informació
Toggle Bar
Estàs aquí:Home Col·legi Mútues Joomla! Security News

Joomla! Security News

  1. [20190701] - Core - Filter attribute in subform fields allows remote code execution
    • Project: Joomla!
    • SubProject: CMS
    • Impact: Moderate
    • Severity: Low
    • Versions: 3.9.7 - 3.9.8
    • Exploit type: Remote Code Execution
    • Reported Date: 2019-June-20
    • Fixed Date: 2019-July-09
    • CVE Number: TBA

    Description

    Inadequate filtering allows users authorised to create custom fields to manipulate the filtering options and inject an unvalidated option.

    Affected Installs

    Joomla! CMS versions 3.9.7 - 3.9.8

    Solution

    Upgrade to version 3.9.9

    Contact

    The JSST at the Joomla! Security Centre.

    Reported By:Benjamin Trenkle, JSST
  2. [20190603] - Core - ACL hardening of com_joomlaupdate
    • Project: Joomla!
    • SubProject: CMS
    • Impact:Low
    • Severity: Low
    • Versions: 3.8.13 through 3.9.6
    • Exploit type: Incorrect Access Control
    • Reported Date: 2019-April-10
    • Fixed Date: 2019-June-11
    • CVE Number: CVE-2019-12764

    Description

    The update server URL of com_joomlaupdate can be manipulated by non Super-Admin users.

    Affected Installs

    Joomla! CMS versions 3.8.13 through 3.9.6

    Solution

    Upgrade to version 3.9.7

    Contact

    The JSST at the Joomla! Security Centre.

     
  3. [20190602] - Core - XSS in subform field
    • Project: Joomla!
    • SubProject: CMS
    • Impact:Moderate
    • Severity: Low
    • Versions: 3.6.0 through 3.9.6
    • Exploit type: XSS
    • Reported Date: 2019-January-01
    • Fixed Date: 2019-June-11
    • CVE Number: CVE-2019-12766

    Description

    The subform fieldtype does not sufficiently filter or validate input of subfields, this leads to XSS attack vectors.

    Affected Installs

    Joomla! CMS versions 3.6.0 through 3.9.6

    Solution

    Upgrade to version 3.9.7

    Contact

    The JSST at the Joomla! Security Centre.

    Reported By:Volkmar Schlothauer, ghsvs.de
  4. [20190601] - Core - CSV injection in com_actionlogs
    • Project: Joomla!
    • SubProject: CMS
    • Impact:Low
    • Severity: Low
    • Versions: 3.9.0 through 3.9.6
    • Exploit type: CSV Injection
    • Reported Date: 2019-April-29
    • Fixed Date: 2019-June-11
    • CVE Number: CVE-2019-12765

    Description

    The CSV export of com_actionslogs is vulnerable to CSV injection.

    Affected Installs

    Joomla! CMS versions 3.9.0 through 3.9.6

    Solution

    Upgrade to version 3.9.7

    Contact

    The JSST at the Joomla! Security Centre.

    Reported By:Jose Antonio Rodriguez Garcia and Phil Keeble (MWR InfoSecurity)
  5. [20190502] - Core - By-passing protection of Phar Stream Wrapper Interceptor
    • Project: Joomla!
    • SubProject: CMS
    • Impact:Low
    • Severity: Low
    • Versions: 3.9.3 through 3.9.5
    • Exploit type: Object Injection
    • Reported Date: 2019-March-27
    • Fixed Date: 2019-May-07

    Description

    In Joomla 3.9.3, the vulnerability of insecure deserialization when executing Phar archives was addressed by removing the known attack vector in the Joomla core. In order to intercept file invocations like file_exists or stat on compromised Phar archives the base name has to be determined and checked before allowing to be handled by PHP Phar stream handling. The used implementation however is vulnerable to path traversal leading to scenarios where the Phar archive to be assessed is not the actual (compromised) file.

    Affected Installs

    Joomla! CMS versions 3.9.3 through 3.9.5

    Solution

    Upgrade to version 3.9.6

    Contact

    The JSST at the Joomla! Security Centre.

    Reported By:Daniel le Gall, Fix coordinated by Oliver Hader from TYPO3

Continguts destacats

  • Notícies destacades

  • Configuració correu

  • Cloud

  • Accés SIGA

Comunicat sobre JUSTIFICANTS Juliol i Agost 2019. Comunicat sobre JUST... Us comuniquem que aquest mes de juliol, i per ... Llegir més
Comunicat sobre guàrdies de juliol agost i setembre Comunicat sobre guà... Les substitucions o canvis de juliol i del 1 a... Llegir més
Sentència del TS  de 10 de juny de 2019 sobre Nulidad cláusula sòl Sentència del TS d...   Sentència de Tribunal Suprem  de... Llegir més

Configuració correu  Dades de configuració del correu electrònic d'ICAVOR. Accedir-hi

Accés Cloud ICAVOR  Servei Cloud iicavor. Accedir-hi

acces sigaAccediu amb el vostre certificat digital ACA al Col·legi Virtual per tràmitar i consultar les vostres dades del torn d'ofici.

Llegir més

logo transparentnegatiu 150
IL·LUSTRE COL·LEGI D´ADVOCATS GRANOLLERS Partits judicials de Granollers i Mollet del Vallès.
Carrer Llevant núm. 2,  08402 Granollers
Tel. 93 879 26 03 Fax 93 879 14 38 E-mail: Aquesta adreça de correu-e està protegida dels robots de spam.Necessites Javascript habilitat per veure-la. CIF: Q0863004H