You are here
Home > Preporuke > Nadogradnja za Joomla! CMS

Nadogradnja za Joomla! CMS

by ncert - 0

Security Centre

///////////////////////////////////////////
[20140904] – Core – Denial of Service

Posted: 30 Sep 2014 12:00 PM PDT
http://feedproxy.google.com/~r/JoomlaSecurityNews/~3/xAf88I1Zh_M/596-20140904-core-denial-of-service.html?utm_source=feedburner&utm_medium=email

Project: Joomla!
SubProject: CMS
Severity: Low
Versions: 2.5.4 through 2.5.25, 3.2.5 and earlier 3.x versions, 3.3.0
through 3.3.4
Exploit type: Denial of Service
Reported Date: 2014-September-24
Fixed Date: 2014-September-30
CVE Number: CVE-2014-7229

Description

Inadequate checking allowed the potential for a denial of service attack.
Affected Installs

Joomla! CMS versions 2.5.4 through 2.5.25, 3.2.5 and earlier 3.x versions,
3.3.0 through 3.3.4
Solution

Upgrade to version 2.5.26, 3.2.6, or 3.3.5
Contact

The JSST at the Joomla! Security Center.
Reported By: Johannes Dahse

///////////////////////////////////////////
[20140903] – Core – Remote File Inclusion

Posted: 30 Sep 2014 12:00 PM PDT
http://feedproxy.google.com/~r/JoomlaSecurityNews/~3/Prq6H6SqfxQ/595-20140903-core-remote-file-inclusion.html?utm_source=feedburner&utm_medium=email

Project: Joomla!
SubProject: CMS
Severity: Moderate
Versions: 2.5.4 through 2.5.25, 3.2.5 and earlier 3.x versions, 3.3.0
through 3.3.4
Exploit type: Remote File Inclusion
Reported Date: 2014-September-24
Fixed Date: 2014-September-30
CVE Number: CVE-2014-7228

Description

Inadequate checking allowed the potential for remote files to be executed.
Affected Installs

Joomla! CMS versions 2.5.4 through 2.5.25, 3.2.5 and earlier 3.x versions,
3.3.0 through 3.3.4
Solution

Upgrade to version 2.5.26, 3.2.6, or 3.3.5
Additional Details

Please refer to AkeebaBackup.com for additional details.
Contact

The JSST at the Joomla! Security Center.
Reported By: Johannes Dahse

///////////////////////////////////////////
[20140902] – Core – Unauthorised Logins

Posted: 23 Sep 2014 12:00 PM PDT
http://feedproxy.google.com/~r/JoomlaSecurityNews/~3/0KkCNuKqbKs/594-20140902-core-unauthorised-logins.html?utm_source=feedburner&utm_medium=email

Project: Joomla!
SubProject: CMS
Severity: Moderate
Versions: 2.5.24 and earlier 2.5.x versions, 3.2.4 and earlier 3.x
versions, 3.3.0 through 3.3.3
Exploit type: Unauthorised Logins
Reported Date: 2014-September-09
Fixed Date: 2014-September-23
CVE Number: CVE-2014-6632

Description

Inadequate checking allowed unauthorised logins via LDAP authentication.
Affected Installs

Joomla! CMS versions 2.5.24 and earlier 2.5.x versions, 3.2.4 and earlier
3.x versions, 3.3.0 through 3.3.3
Solution

Upgrade to version 2.5.25, 3.2.5, or 3.3.4
Contact

The JSST at the Joomla! Security Center.
Reported By: Matthew Daley

///////////////////////////////////////////
[20140901] – Core – XSS Vulnerability

Posted: 23 Sep 2014 12:00 PM PDT
http://feedproxy.google.com/~r/JoomlaSecurityNews/~3/it1CYBJfXWA/593-20140901-core-xss-vulnerability.html?utm_source=feedburner&utm_medium=email

Project: Joomla!
SubProject: CMS
Severity: Moderate
Versions: 3.2.0 through 3.2.4, 3.3.0 through 3.3.3
Exploit type: XSS Vulnerability
Reported Date: 2014-August-27
Fixed Date: 2014-September-23
CVE Number: CVE-2014-6631

Description

Inadequate escaping leads to XSS vulnerability in com_media.
Affected Installs

Joomla! CMS versions 3.2.0 through 3.2.4 and 3.3.0 through 3.3.3
Solution

Upgrade to version 3.2.5 or 3.3.4
Contact

The JSST at the Joomla! Security Center.
Reported By: Dingjie (Daniel) Yang

///////////////////////////////////////////
[20140301] – Core – SQL Injection

Posted: 06 Mar 2014 12:30 PM PST
http://feedproxy.google.com/~r/JoomlaSecurityNews/~3/oRsKCmBBzEg/578-20140301-core-sql-injection.html?utm_source=feedburner&utm_medium=email

Project: Joomla!
SubProject: CMS
Severity: High
Versions: 3.1.0 through 3.2.2
Exploit type: SQL Injection
Reported Date: 2014-February-06
Fixed Date: 2014-March-06
CVE Number: Pending

Description

Inadequate escaping leads to SQL injection vulnerability.
Affected Installs

Joomla! CMS versions 3.1.0 through 3.2.2
Solution

Upgrade to version 3.2.3
Contact

The JSST at the Joomla! Security Center.
Reported By: ??

///////////////////////////////////////////
[20140302] – Core – XSS Vulnerability

Posted: 06 Mar 2014 12:30 PM PST
http://feedproxy.google.com/~r/JoomlaSecurityNews/~3/mHcKoMgEhfA/579-20140302-core-xss-vulnerability.html?utm_source=feedburner&utm_medium=email

Project: Joomla!
SubProject: CMS
Severity: Moderate
Versions: 3.1.2 through 3.2.2
Exploit type: XSS Vulnerability
Reported Date: 2014-March-04
Fixed Date: 2014-March-06
CVE Number: Pending

Description

Inadequate escaping leads to XSS vulnerability in com_contact.
Affected Installs

Joomla! CMS versions 3.1.2 through 3.2.2
Solution

Upgrade to version 3.2.3
Contact

The JSST at the Joomla! Security Center.
Reported By: ??

///////////////////////////////////////////
[20140303] – Core – XSS Vulnerability

Posted: 06 Mar 2014 12:30 PM PST
http://feedproxy.google.com/~r/JoomlaSecurityNews/~3/2v5VQvtBRqs/580-20140303-core-xss-vulnerability.html?utm_source=feedburner&utm_medium=email

Project: Joomla!
SubProject: CMS
Severity: Moderate
Versions: 2.5.18 and earlier 2.5.x versions, 3.2.2 and earlier 3.x versions
Exploit type: XSS Vulnerability
Reported Date: 2014-March-05
Fixed Date: 2014-March-06
CVE Number: Pending

Description

Inadequate escaping leads to XSS vulnerability.
Affected Installs

Joomla! CMS versions 2.5.18 and earlier 2.5.x versions, 3.2.2 and earlier
3.x versions
Solution

Upgrade to version 2.5.19 or 3.2.3
Contact

The JSST at the Joomla! Security Center.
Reported By: JSST

///////////////////////////////////////////
[20140304] – Core – Unauthorised Logins

Posted: 06 Mar 2014 12:30 PM PST
http://feedproxy.google.com/~r/JoomlaSecurityNews/~3/mQFrPozIj9I/581-20140304-core-unauthorised-logins.html?utm_source=feedburner&utm_medium=email

Project: Joomla!
SubProject: CMS
Severity: Moderate
Versions: 2.5.18 and earlier 2.5.x versions, 3.2.2 and earlier 3.x versions
Exploit type: Unauthorised Logins
Reported Date: 2014-February-21
Fixed Date: 2014-March-06
CVE Number: Pending

Description

Inadequate checking allowed unauthorised logins via GMail authentication.
Affected Installs

Joomla! CMS versions 2.5.18 and earlier 2.5.x versions, 3.2.2 and earlier
3.x versions
Solution

Upgrade to version 2.5.19 or 3.2.3
Contact

The JSST at the Joomla! Security Center.
Reported By: Stefania Gaianigo

///////////////////////////////////////////
[20131103] Core XSS Vulnerability

Posted: 06 Nov 2013 10:47 AM PST
http://feedproxy.google.com/~r/JoomlaSecurityNews/~3/EJmy9rtDKJk/572-core-xss-20131103.html?utm_source=feedburner&utm_medium=email

Project: Joomla!
SubProject: All
Severity: Moderate
Versions: 2.5.14 and earlier 2.5.x versions. 3.1.5 and earlier 3.x versions.
Exploit type: XSS Vulnerability
Reported Date: 2013-October-26
Fixed Date: 2013-November-06
CVE Number:

Description

Inadequate filtering leads to XSS vulnerability in com_contact.
Affected Installs

Joomla! version 2.5.14 and earlier 2.5.x versions; and version 3.1.5 and
earlier 3.0.x versions.
Solution

Upgrade to version 2.5.16, 3.1.6 or 3.2.
Contact

The JSST at the Joomla! Security Center.
Reported By: Osanda Malith Jayathissa

///////////////////////////////////////////
[20131102] Core XSS Vulnerability

Posted: 06 Nov 2013 10:47 AM PST
http://feedproxy.google.com/~r/JoomlaSecurityNews/~3/AnSVmSKvtjU/571-core-xss-20131102.html?utm_source=feedburner&utm_medium=email

Project: Joomla!
SubProject: All
Severity: Moderate
Versions: 2.5.14 and earlier 2.5.x versions. 3.1.5 and earlier 3.x versions.
Exploit type: XSS Vulnerability
Reported Date: 2013-October-06
Fixed Date: 2013-November-06
CVE Number:

Description

Inadequate filtering leads to XSS vulnerability in com_contact,
com_weblinks, com_newsfeeds.
Affected Installs

Joomla! version 2.5.14 and earlier 2.5.x versions; and version 3.1.5 and
earlier 3.0.x versions.
Solution

Upgrade to version 2.5.16, 3.1.6 or 3.2.
Contact

The JSST at the Joomla! Security Center.
Reported By: Osanda Malith Jayathissa

///////////////////////////////////////////
[20131101] Core XSS Vulnerability

Posted: 06 Nov 2013 10:47 AM PST
http://feedproxy.google.com/~r/JoomlaSecurityNews/~3/QmY8h07_Mgk/570-core-xss-20131101.html?utm_source=feedburner&utm_medium=email

Project: Joomla!
SubProject: All
Severity: High
Versions: 2.5.14 and earlier 2.5.x versions. 3.1.5 and earlier 3.x versions.
Exploit type: XSS Vulnerability
Reported Date: 2013-October-25
Fixed Date: 2013-November-06
CVE Number:

Description

Inadequate filtering leads to XSS vulnerability in com_contact.
Affected Installs

Joomla! version 2.5.14 and earlier 2.5.x versions; and version 3.1.5 and
earlier 3.0.x versions.
Solution

Upgrade to version 2.5.16, 3.1.6 or 3.2.
Contact

The JSST at the Joomla! Security Center.
Reported By: Osanda Malith Jayathissa


You are subscribed to email updates from “Security Centre.”
To stop receiving these emails, you may unsubscribe now:
https://feedburner.google.com/fb/a/mailunsubscribe?k=klRMcgAuNv0B2qiOWTrkr13c6R0

Email delivery powered by Google.
Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, United
States

<!DOCTYPE html PUBLIC “-//W3C//DTD XHTML 1.0 Transitional//EN” “http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd”>
<html>
<head>
<META http-equiv=”Content-Type” content=”text/html; charset=UTF-8″>
<title>Security Centre</title>
</head>
<body>
<style type=”text/css”>

h1 a:hover {background-color:#888;color:#fff ! important;}

div#emailbody table#itemcontentlist tr td div ul {
list-style-type:square;
padding-left:1em;
}

div#emailbody table#itemcontentlist tr td div blockquote {
padding-left:6px;
border-left: 6px solid #dadada;
margin-left:1em;
}

div#emailbody table#itemcontentlist tr td div li {
margin-bottom:1em;
margin-left:1em;
}

table#itemcontentlist tr td a:link, table#itemcontentlist tr td a:visited, table#itemcontentlist tr td a:active, ul#summarylist li a {
color:#000099;
font-weight:bold;
text-decoration:none;
}

img {border:none;}

</style>
<div xmlns=”http://www.w3.org/1999/xhtml” id=”emailbody” style=”margin:0 2em;font-family:Arial, Helvetica, sans-serif;line-height:140%;font-size:9px;color:#000000;”>
<table style=”border:0;padding:0;margin:0;width:100%”>
<tr>
<td style=”vertical-align:top” width=”99%”>
<h1 style=”margin:0;padding-bottom:6px;”>
<a style=”color:#888;font-size:22px;font-family:Arial, Helvetica, sans-serif;font-weight:normal;text-decoration:none;” href=”http://developer.joomla.org/security-centre.html” title=”(http://developer.joomla.org/security-centre.html)”>Joomla! Security News</a>
</h1>
</td>
<td width=”1%” />
</tr>
</table>
<hr style=”border:1px solid #ccc;padding:0;margin:0″ />
<ul style=”clear:both;padding:0 0 0 1.2em;width:100%” id=”summarylist”>
<li>
<a href=”#1″>[20140904] – Core – Denial of Service</a>
</li>
<li>
<a href=”#2″>[20140903] – Core – Remote File Inclusion</a>
</li>
<li>
<a href=”#3″>[20140902] – Core – Unauthorised Logins</a>
</li>
<li>
<a href=”#4″>[20140901] – Core – XSS Vulnerability</a>
</li>
<li>
<a href=”#5″>[20140301] – Core – SQL Injection</a>
</li>
<li>
<a href=”#6″>[20140302] – Core – XSS Vulnerability</a>
</li>
<li>
<a href=”#7″>[20140303] – Core – XSS Vulnerability</a>
</li>
<li>
<a href=”#8″>[20140304] – Core – Unauthorised Logins</a>
</li>
<li>
<a href=”#9″>[20131103] Core XSS Vulnerability</a>
</li>
<li>
<a href=”#10″>[20131102] Core XSS Vulnerability</a>
</li>
<li>
<a href=”#11″>[20131101] Core XSS Vulnerability</a>
</li>
</ul>
<table id=”itemcontentlist”>
<tr xmlns=””>
<td style=”margin-bottom:0;line-height:1.4em;”>
<p style=”margin:1em 0 3px 0;”>
<a name=”1″ style=”font-family:Arial, Helvetica, sans-serif;font-size:9px;” href=”http://feedproxy.google.com/~r/JoomlaSecurityNews/~3/xAf88I1Zh_M/596-20140904-core-denial-of-service.html?utm_source=feedburner&utm_medium=email”>[20140904] – Core – Denial of Service</a>
</p>
<p style=”font-size:9px;color:#555;margin:9px 0 3px 0;font-family:Arial, Helvetica, sans-serif;line-height:140%;font-size:9px;”>
<span>Posted:</span> 30 Sep 2014 12:00 PM PDT</p>
<div style=”margin:0;font-family:Arial, Helvetica, sans-serif;line-height:140%;font-size:9px;color:#000000;”><ul>
<li>Project: Joomla!</li>
<li>SubProject: CMS</li>
<li>Severity: <span class=”label label-warning”>Low</span></li>
<li>Versions: 2.5.4 through 2.5.25, 3.2.5 and earlier 3.x versions, 3.3.0 through 3.3.4</li>
<li>Exploit type: Denial of Service</li>
<li>Reported Date: 2014-September-24</li>
<li>Fixed Date: 2014-September-30</li>
<li>CVE Number: <a href=”http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-7229″ target=”_blank”>CVE-2014-7229</a></li>
</ul>
<h3>Description</h3>
<p>Inadequate checking allowed the potential for a denial of service attack.</p>
<h3>Affected Installs</h3>
<p>Joomla! CMS versions 2.5.4 through 2.5.25, 3.2.5 and earlier 3.x versions, 3.3.0 through 3.3.4</p>
<h3>Solution</h3>
<p>Upgrade to version 2.5.26, 3.2.6, or 3.3.5</p>
<h3>Contact</h3>
<p>The JSST at the Joomla! Security Center.</p>
<div class=”alert alert-info”><strong>Reported By:</strong> Johannes Dahse</div><div class=”feedflare”>
<a href=”http://feeds.feedburner.com/~ff/JoomlaSecurityNews?a=xAf88I1Zh_M:7KiPZvCRrJo:yIl2AUoC8zA”><img src=”http://feeds.feedburner.com/~ff/JoomlaSecurityNews?d=yIl2AUoC8zA” border=”0″></img></a>
</div><img src=”http://feeds.feedburner.com/~r/JoomlaSecurityNews/~4/xAf88I1Zh_M?utm_source=feedburner&utm_medium=email” height=”1″ width=”1″ alt=””/></div>
</td>
</tr>
<tr>
<td style=”margin-bottom:0;line-height:1.4em;”>
<p style=”margin:1em 0 3px 0;”>
<a name=”2″ style=”font-family:Arial, Helvetica, sans-serif;font-size:9px;” href=”http://feedproxy.google.com/~r/JoomlaSecurityNews/~3/Prq6H6SqfxQ/595-20140903-core-remote-file-inclusion.html?utm_source=feedburner&utm_medium=email”>[20140903] – Core – Remote File Inclusion</a>
</p>
<p style=”font-size:9px;color:#555;margin:9px 0 3px 0;font-family:Arial, Helvetica, sans-serif;line-height:140%;font-size:9px;”>
<span>Posted:</span> 30 Sep 2014 12:00 PM PDT</p>
<div style=”margin:0;font-family:Arial, Helvetica, sans-serif;line-height:140%;font-size:9px;color:#000000;”><ul>
<li>Project: Joomla!</li>
<li>SubProject: CMS</li>
<li>Severity: <span class=”label label-warning”>Moderate</span></li>
<li>Versions: 2.5.4 through 2.5.25, 3.2.5 and earlier 3.x versions, 3.3.0 through 3.3.4</li>
<li>Exploit type: Remote File Inclusion</li>
<li>Reported Date: 2014-September-24</li>
<li>Fixed Date: 2014-September-30</li>
<li>CVE Number: <a href=”http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-7228″ target=”_blank”>CVE-2014-7228</a></li>
</ul>
<h3>Description</h3>
<p>Inadequate checking allowed the potential for remote files to be executed.</p>
<h3>Affected Installs</h3>
<p>Joomla! CMS versions 2.5.4 through 2.5.25, 3.2.5 and earlier 3.x versions, 3.3.0 through 3.3.4</p>
<h3>Solution</h3>
<p>Upgrade to version 2.5.26, 3.2.6, or 3.3.5</p>
<h3>Additional Details</h3>
<p>Please refer to <a href=”https://www.akeebabackup.com/home/news/1605-security-update-sep-2014.html” target=”_blank”>AkeebaBackup.com</a> for additional details.</p>
<h3>Contact</h3>
<p>The JSST at the Joomla! Security Center.</p>
<div class=”alert alert-info”><strong>Reported By:</strong> Johannes Dahse</div><div class=”feedflare”>
<a href=”http://feeds.feedburner.com/~ff/JoomlaSecurityNews?a=Prq6H6SqfxQ:CXWpLF6ggFU:yIl2AUoC8zA”><img src=”http://feeds.feedburner.com/~ff/JoomlaSecurityNews?d=yIl2AUoC8zA” border=”0″></img></a>
</div><img src=”http://feeds.feedburner.com/~r/JoomlaSecurityNews/~4/Prq6H6SqfxQ?utm_source=feedburner&utm_medium=email” height=”1″ width=”1″ alt=””/></div>
</td>
</tr>
<tr>
<td style=”margin-bottom:0;line-height:1.4em;”>
<p style=”margin:1em 0 3px 0;”>
<a name=”3″ style=”font-family:Arial, Helvetica, sans-serif;font-size:9px;” href=”http://feedproxy.google.com/~r/JoomlaSecurityNews/~3/0KkCNuKqbKs/594-20140902-core-unauthorised-logins.html?utm_source=feedburner&utm_medium=email”>[20140902] – Core – Unauthorised Logins</a>
</p>
<p style=”font-size:9px;color:#555;margin:9px 0 3px 0;font-family:Arial, Helvetica, sans-serif;line-height:140%;font-size:9px;”>
<span>Posted:</span> 23 Sep 2014 12:00 PM PDT</p>
<div style=”margin:0;font-family:Arial, Helvetica, sans-serif;line-height:140%;font-size:9px;color:#000000;”><ul>
<li>Project: Joomla!</li>
<li>SubProject: CMS</li>
<li>Severity: <span class=”label label-warning”>Moderate</span></li>
<li>Versions: 2.5.24 and earlier 2.5.x versions, 3.2.4 and earlier 3.x versions, 3.3.0 through 3.3.3</li>
<li>Exploit type: Unauthorised Logins</li>
<li>Reported Date: 2014-September-09</li>
<li>Fixed Date: 2014-September-23</li>
<li>CVE Number: <a href=”http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6632″ target=”_blank”>CVE-2014-6632</a></li>
</ul>
<h3>Description</h3>
<p>Inadequate checking allowed unauthorised logins via LDAP authentication.</p>
<h3>Affected Installs</h3>
<p>Joomla! CMS versions 2.5.24 and earlier 2.5.x versions, 3.2.4 and earlier 3.x versions, 3.3.0 through 3.3.3</p>
<h3>Solution</h3>
<p>Upgrade to version 2.5.25, 3.2.5, or 3.3.4</p>
<h3>Contact</h3>
<p>The JSST at the Joomla! Security Center.</p>
<div class=”alert alert-info”><strong>Reported By:</strong> Matthew Daley</div><div class=”feedflare”>
<a href=”http://feeds.feedburner.com/~ff/JoomlaSecurityNews?a=0KkCNuKqbKs:89OZao2VSMg:yIl2AUoC8zA”><img src=”http://feeds.feedburner.com/~ff/JoomlaSecurityNews?d=yIl2AUoC8zA” border=”0″></img></a>
</div><img src=”http://feeds.feedburner.com/~r/JoomlaSecurityNews/~4/0KkCNuKqbKs?utm_source=feedburner&utm_medium=email” height=”1″ width=”1″ alt=””/></div>
</td>
</tr>
<tr>
<td style=”margin-bottom:0;line-height:1.4em;”>
<p style=”margin:1em 0 3px 0;”>
<a name=”4″ style=”font-family:Arial, Helvetica, sans-serif;font-size:9px;” href=”http://feedproxy.google.com/~r/JoomlaSecurityNews/~3/it1CYBJfXWA/593-20140901-core-xss-vulnerability.html?utm_source=feedburner&utm_medium=email”>[20140901] – Core – XSS Vulnerability</a>
</p>
<p style=”font-size:9px;color:#555;margin:9px 0 3px 0;font-family:Arial, Helvetica, sans-serif;line-height:140%;font-size:9px;”>
<span>Posted:</span> 23 Sep 2014 12:00 PM PDT</p>
<div style=”margin:0;font-family:Arial, Helvetica, sans-serif;line-height:140%;font-size:9px;color:#000000;”><ul>
<li>Project: Joomla!</li>
<li>SubProject: CMS</li>
<li>Severity: <span class=”label label-warning”>Moderate</span></li>
<li>Versions: 3.2.0 through 3.2.4, 3.3.0 through 3.3.3</li>
<li>Exploit type: XSS Vulnerability</li>
<li>Reported Date: 2014-August-27</li>
<li>Fixed Date: 2014-September-23</li>
<li>CVE Number: <a href=”http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6631″ target=”_blank”>CVE-2014-6631</a></li>
</ul>
<h3>Description</h3>
<p>Inadequate escaping leads to XSS vulnerability in com_media.</p>
<h3>Affected Installs</h3>
<p>Joomla! CMS versions 3.2.0 through 3.2.4 and 3.3.0 through 3.3.3</p>
<h3>Solution</h3>
<p>Upgrade to version 3.2.5 or 3.3.4</p>
<h3>Contact</h3>
<p>The JSST at the Joomla! Security Center.</p>
<div class=”alert alert-info”><strong>Reported By:</strong> Dingjie (Daniel) Yang</div><div class=”feedflare”>
<a href=”http://feeds.feedburner.com/~ff/JoomlaSecurityNews?a=it1CYBJfXWA:E2Kxi4UQqIA:yIl2AUoC8zA”><img src=”http://feeds.feedburner.com/~ff/JoomlaSecurityNews?d=yIl2AUoC8zA” border=”0″></img></a>
</div><img src=”http://feeds.feedburner.com/~r/JoomlaSecurityNews/~4/it1CYBJfXWA?utm_source=feedburner&utm_medium=email” height=”1″ width=”1″ alt=””/></div>
</td>
</tr>
<tr>
<td style=”margin-bottom:0;line-height:1.4em;”>
<p style=”margin:1em 0 3px 0;”>
<a name=”5″ style=”font-family:Arial, Helvetica, sans-serif;font-size:9px;” href=”http://feedproxy.google.com/~r/JoomlaSecurityNews/~3/oRsKCmBBzEg/578-20140301-core-sql-injection.html?utm_source=feedburner&utm_medium=email”>[20140301] – Core – SQL Injection</a>
</p>
<p style=”font-size:9px;color:#555;margin:9px 0 3px 0;font-family:Arial, Helvetica, sans-serif;line-height:140%;font-size:9px;”>
<span>Posted:</span> 06 Mar 2014 12:30 PM PST</p>
<div style=”margin:0;font-family:Arial, Helvetica, sans-serif;line-height:140%;font-size:9px;color:#000000;”><ul>
<li>Project: Joomla!</li>
<li>SubProject: CMS</li>
<li>Severity: <span class=”label label-important”>High</span></li>
<li>Versions: 3.1.0 through 3.2.2</li>
<li>Exploit type: SQL Injection</li>
<li>Reported Date: 2014-February-06</li>
<li>Fixed Date: 2014-March-06</li>
<li>CVE Number: Pending</li>
</ul>
<h3>Description</h3>
<p>Inadequate escaping leads to SQL injection vulnerability.</p>
<h3>Affected Installs</h3>
<p>Joomla! CMS versions 3.1.0 through 3.2.2</p>
<h3>Solution</h3>
<p>Upgrade to version 3.2.3</p>
<h3>Contact</h3>
<p>The JSST at the Joomla! Security Center.</p>
<div class=”alert alert-info”><strong>Reported By:</strong> ??</div><div class=”feedflare”>
<a href=”http://feeds.feedburner.com/~ff/JoomlaSecurityNews?a=oRsKCmBBzEg:BpA7JiYPwCU:yIl2AUoC8zA”><img src=”http://feeds.feedburner.com/~ff/JoomlaSecurityNews?d=yIl2AUoC8zA” border=”0″></img></a>
</div><img src=”http://feeds.feedburner.com/~r/JoomlaSecurityNews/~4/oRsKCmBBzEg?utm_source=feedburner&utm_medium=email” height=”1″ width=”1″ alt=””/></div>
</td>
</tr>
<tr>
<td style=”margin-bottom:0;line-height:1.4em;”>
<p style=”margin:1em 0 3px 0;”>
<a name=”6″ style=”font-family:Arial, Helvetica, sans-serif;font-size:9px;” href=”http://feedproxy.google.com/~r/JoomlaSecurityNews/~3/mHcKoMgEhfA/579-20140302-core-xss-vulnerability.html?utm_source=feedburner&utm_medium=email”>[20140302] – Core – XSS Vulnerability</a>
</p>
<p style=”font-size:9px;color:#555;margin:9px 0 3px 0;font-family:Arial, Helvetica, sans-serif;line-height:140%;font-size:9px;”>
<span>Posted:</span> 06 Mar 2014 12:30 PM PST</p>
<div style=”margin:0;font-family:Arial, Helvetica, sans-serif;line-height:140%;font-size:9px;color:#000000;”><ul>
<li>Project: Joomla!</li>
<li>SubProject: CMS</li>
<li>Severity: <span class=”label label-warning”>Moderate</span></li>
<li>Versions: 3.1.2 through 3.2.2</li>
<li>Exploit type: XSS Vulnerability</li>
<li>Reported Date: 2014-March-04</li>
<li>Fixed Date: 2014-March-06</li>
<li>CVE Number: Pending</li>
</ul>
<h3>Description</h3>
<p>Inadequate escaping leads to XSS vulnerability in com_contact.</p>
<h3>Affected Installs</h3>
<p>Joomla! CMS versions 3.1.2 through 3.2.2</p>
<h3>Solution</h3>
<p>Upgrade to version 3.2.3</p>
<h3>Contact</h3>
<p>The JSST at the Joomla! Security Center.</p>
<div class=”alert alert-info”><strong>Reported By:</strong> ??</div><div class=”feedflare”>
<a href=”http://feeds.feedburner.com/~ff/JoomlaSecurityNews?a=mHcKoMgEhfA:4iup6HUOZng:yIl2AUoC8zA”><img src=”http://feeds.feedburner.com/~ff/JoomlaSecurityNews?d=yIl2AUoC8zA” border=”0″></img></a>
</div><img src=”http://feeds.feedburner.com/~r/JoomlaSecurityNews/~4/mHcKoMgEhfA?utm_source=feedburner&utm_medium=email” height=”1″ width=”1″ alt=””/></div>
</td>
</tr>
<tr>
<td style=”margin-bottom:0;line-height:1.4em;”>
<p style=”margin:1em 0 3px 0;”>
<a name=”7″ style=”font-family:Arial, Helvetica, sans-serif;font-size:9px;” href=”http://feedproxy.google.com/~r/JoomlaSecurityNews/~3/2v5VQvtBRqs/580-20140303-core-xss-vulnerability.html?utm_source=feedburner&utm_medium=email”>[20140303] – Core – XSS Vulnerability</a>
</p>
<p style=”font-size:9px;color:#555;margin:9px 0 3px 0;font-family:Arial, Helvetica, sans-serif;line-height:140%;font-size:9px;”>
<span>Posted:</span> 06 Mar 2014 12:30 PM PST</p>
<div style=”margin:0;font-family:Arial, Helvetica, sans-serif;line-height:140%;font-size:9px;color:#000000;”><ul>
<li>Project: Joomla!</li>
<li>SubProject: CMS</li>
<li>Severity: <span class=”label label-warning”>Moderate</span></li>
<li>Versions: 2.5.18 and earlier 2.5.x versions, 3.2.2 and earlier 3.x versions</li>
<li>Exploit type: XSS Vulnerability</li>
<li>Reported Date: 2014-March-05</li>
<li>Fixed Date: 2014-March-06</li>
<li>CVE Number: Pending</li>
</ul>
<h3>Description</h3>
<p>Inadequate escaping leads to XSS vulnerability.</p>
<h3>Affected Installs</h3>
<p>Joomla! CMS versions 2.5.18 and earlier 2.5.x versions, 3.2.2 and earlier 3.x versions</p>
<h3>Solution</h3>
<p>Upgrade to version 2.5.19 or 3.2.3</p>
<h3>Contact</h3>
<p>The JSST at the Joomla! Security Center.</p>
<div class=”alert alert-info”><strong>Reported By:</strong> JSST</div><div class=”feedflare”>
<a href=”http://feeds.feedburner.com/~ff/JoomlaSecurityNews?a=2v5VQvtBRqs:HXEdWqJlA3M:yIl2AUoC8zA”><img src=”http://feeds.feedburner.com/~ff/JoomlaSecurityNews?d=yIl2AUoC8zA” border=”0″></img></a>
</div><img src=”http://feeds.feedburner.com/~r/JoomlaSecurityNews/~4/2v5VQvtBRqs?utm_source=feedburner&utm_medium=email” height=”1″ width=”1″ alt=””/></div>
</td>
</tr>
<tr>
<td style=”margin-bottom:0;line-height:1.4em;”>
<p style=”margin:1em 0 3px 0;”>
<a name=”8″ style=”font-family:Arial, Helvetica, sans-serif;font-size:9px;” href=”http://feedproxy.google.com/~r/JoomlaSecurityNews/~3/mQFrPozIj9I/581-20140304-core-unauthorised-logins.html?utm_source=feedburner&utm_medium=email”>[20140304] – Core – Unauthorised Logins</a>
</p>
<p style=”font-size:9px;color:#555;margin:9px 0 3px 0;font-family:Arial, Helvetica, sans-serif;line-height:140%;font-size:9px;”>
<span>Posted:</span> 06 Mar 2014 12:30 PM PST</p>
<div style=”margin:0;font-family:Arial, Helvetica, sans-serif;line-height:140%;font-size:9px;color:#000000;”><ul>
<li>Project: Joomla!</li>
<li>SubProject: CMS</li>
<li>Severity: <span class=”label label-warning”>Moderate</span></li>
<li>Versions: 2.5.18 and earlier 2.5.x versions, 3.2.2 and earlier 3.x versions</li>
<li>Exploit type: Unauthorised Logins</li>
<li>Reported Date: 2014-February-21</li>
<li>Fixed Date: 2014-March-06</li>
<li>CVE Number: Pending</li>
</ul>
<h3>Description</h3>
<p>Inadequate checking allowed unauthorised logins via GMail authentication.</p>
<h3>Affected Installs</h3>
<p>Joomla! CMS versions 2.5.18 and earlier 2.5.x versions, 3.2.2 and earlier 3.x versions</p>
<h3>Solution</h3>
<p>Upgrade to version 2.5.19 or 3.2.3</p>
<h3>Contact</h3>
<p>The JSST at the Joomla! Security Center.</p>
<div class=”alert alert-info”><strong>Reported By:</strong> Stefania Gaianigo</div><div class=”feedflare”>
<a href=”http://feeds.feedburner.com/~ff/JoomlaSecurityNews?a=mQFrPozIj9I:256Om37X0lo:yIl2AUoC8zA”><img src=”http://feeds.feedburner.com/~ff/JoomlaSecurityNews?d=yIl2AUoC8zA” border=”0″></img></a>
</div><img src=”http://feeds.feedburner.com/~r/JoomlaSecurityNews/~4/mQFrPozIj9I?utm_source=feedburner&utm_medium=email” height=”1″ width=”1″ alt=””/></div>
</td>
</tr>
<tr>
<td style=”margin-bottom:0;line-height:1.4em;”>
<p style=”margin:1em 0 3px 0;”>
<a name=”9″ style=”font-family:Arial, Helvetica, sans-serif;font-size:9px;” href=”http://feedproxy.google.com/~r/JoomlaSecurityNews/~3/EJmy9rtDKJk/572-core-xss-20131103.html?utm_source=feedburner&utm_medium=email”>[20131103] Core XSS Vulnerability</a>
</p>
<p style=”font-size:9px;color:#555;margin:9px 0 3px 0;font-family:Arial, Helvetica, sans-serif;line-height:140%;font-size:9px;”>
<span>Posted:</span> 06 Nov 2013 10:47 AM PST</p>
<div style=”margin:0;font-family:Arial, Helvetica, sans-serif;line-height:140%;font-size:9px;color:#000000;”><ul>
<li>Project: Joomla!</li>
<li>SubProject: All</li>
<li>Severity: <span class=”label label-warning”>Moderate</span></li>
<li>Versions: 2.5.14 and earlier 2.5.x versions. 3.1.5 and earlier 3.x versions.</li>
<li>Exploit type: XSS Vulnerability</li>
<li>Reported Date: 2013-October-26</li>
<li>Fixed Date: 2013-November-06</li>
<li>CVE Number:</li>
</ul>
<h3>Description</h3>
<p>Inadequate filtering leads to XSS vulnerability in com_contact.</p>
<h3>Affected Installs</h3>
<p>Joomla! version 2.5.14 and earlier 2.5.x versions; and version 3.1.5 and earlier 3.0.x versions.</p>
<h3>Solution</h3>
<p>Upgrade to version 2.5.16, 3.1.6 or 3.2.</p>
<h3>Contact</h3>
<p>The JSST at the Joomla! Security Center.</p>
<div class=”alert alert-info”><strong>Reported By:</strong> Osanda Malith Jayathissa</div><div class=”feedflare”>
<a href=”http://feeds.feedburner.com/~ff/JoomlaSecurityNews?a=EJmy9rtDKJk:ACaII92QBFM:yIl2AUoC8zA”><img src=”http://feeds.feedburner.com/~ff/JoomlaSecurityNews?d=yIl2AUoC8zA” border=”0″></img></a>
</div><img src=”http://feeds.feedburner.com/~r/JoomlaSecurityNews/~4/EJmy9rtDKJk?utm_source=feedburner&utm_medium=email” height=”1″ width=”1″ alt=””/></div>
</td>
</tr>
<tr>
<td style=”margin-bottom:0;line-height:1.4em;”>
<p style=”margin:1em 0 3px 0;”>
<a name=”10″ style=”font-family:Arial, Helvetica, sans-serif;font-size:9px;” href=”http://feedproxy.google.com/~r/JoomlaSecurityNews/~3/AnSVmSKvtjU/571-core-xss-20131102.html?utm_source=feedburner&utm_medium=email”>[20131102] Core XSS Vulnerability</a>
</p>
<p style=”font-size:9px;color:#555;margin:9px 0 3px 0;font-family:Arial, Helvetica, sans-serif;line-height:140%;font-size:9px;”>
<span>Posted:</span> 06 Nov 2013 10:47 AM PST</p>
<div style=”margin:0;font-family:Arial, Helvetica, sans-serif;line-height:140%;font-size:9px;color:#000000;”><ul>
<li>Project: Joomla!</li>
<li>SubProject: All</li>
<li>Severity: <span class=”label label-warning”>Moderate</span></li>
<li>Versions: 2.5.14 and earlier 2.5.x versions. 3.1.5 and earlier 3.x versions.</li>
<li>Exploit type: XSS Vulnerability</li>
<li>Reported Date: 2013-October-06</li>
<li>Fixed Date: 2013-November-06</li>
<li>CVE Number:</li>
</ul>
<h3>Description</h3>
<p>Inadequate filtering leads to XSS vulnerability in com_contact, com_weblinks, com_newsfeeds.</p>
<h3>Affected Installs</h3>
<p>Joomla! version 2.5.14 and earlier 2.5.x versions; and version 3.1.5 and earlier 3.0.x versions.</p>
<h3>Solution</h3>
<p>Upgrade to version 2.5.16, 3.1.6 or 3.2.</p>
<h3>Contact</h3>
<p>The JSST at the Joomla! Security Center.</p>
<div class=”alert alert-info”><strong>Reported By:</strong> <span style=”line-height: 1.3em;”>Osanda Malith Jayathissa</span></div><div class=”feedflare”>
<a href=”http://feeds.feedburner.com/~ff/JoomlaSecurityNews?a=AnSVmSKvtjU:recwIPc-jYQ:yIl2AUoC8zA”><img src=”http://feeds.feedburner.com/~ff/JoomlaSecurityNews?d=yIl2AUoC8zA” border=”0″></img></a>
</div><img src=”http://feeds.feedburner.com/~r/JoomlaSecurityNews/~4/AnSVmSKvtjU?utm_source=feedburner&utm_medium=email” height=”1″ width=”1″ alt=””/></div>
</td>
</tr>
<tr>
<td style=”margin-bottom:0;line-height:1.4em;”>
<p style=”margin:1em 0 3px 0;”>
<a name=”11″ style=”font-family:Arial, Helvetica, sans-serif;font-size:9px;” href=”http://feedproxy.google.com/~r/JoomlaSecurityNews/~3/QmY8h07_Mgk/570-core-xss-20131101.html?utm_source=feedburner&utm_medium=email”>[20131101] Core XSS Vulnerability</a>
</p>
<p style=”font-size:9px;color:#555;margin:9px 0 3px 0;font-family:Arial, Helvetica, sans-serif;line-height:140%;font-size:9px;”>
<span>Posted:</span> 06 Nov 2013 10:47 AM PST</p>
<div style=”margin:0;font-family:Arial, Helvetica, sans-serif;line-height:140%;font-size:9px;color:#000000;”><ul>
<li>Project: Joomla!</li>
<li>SubProject: All</li>
<li>Severity: <span class=”label label-warning”>High</span></li>
<li>Versions: 2.5.14 and earlier 2.5.x versions. 3.1.5 and earlier 3.x versions.</li>
<li>Exploit type: XSS Vulnerability</li>
<li>Reported Date: 2013-October-25</li>
<li>Fixed Date: 2013-November-06</li>
<li>CVE Number:</li>
</ul>
<h3>Description</h3>
<p>Inadequate filtering leads to XSS vulnerability in com_contact.</p>
<h3>Affected Installs</h3>
<p>Joomla! version 2.5.14 and earlier 2.5.x versions; and version 3.1.5 and earlier 3.0.x versions.</p>
<h3>Solution</h3>
<p>Upgrade to version 2.5.16, 3.1.6 or 3.2.</p>
<h3>Contact</h3>
<p>The JSST at the Joomla! Security Center.</p>
<div class=”alert alert-info”><strong>Reported By:</strong> <span style=”line-height: 1.3em;”>Osanda Malith Jayathissa</span></div><div class=”feedflare”>
<a href=”http://feeds.feedburner.com/~ff/JoomlaSecurityNews?a=QmY8h07_Mgk:3hjPCmUrAYw:yIl2AUoC8zA”><img src=”http://feeds.feedburner.com/~ff/JoomlaSecurityNews?d=yIl2AUoC8zA” border=”0″></img></a>
</div><img src=”http://feeds.feedburner.com/~r/JoomlaSecurityNews/~4/QmY8h07_Mgk?utm_source=feedburner&utm_medium=email” height=”1″ width=”1″ alt=””/></div>
</td>
</tr>
</table>
<table style=”border-top:1px solid #999;padding-top:4px;margin-top:1.5em;width:100%” id=”footer”>
<tr>
<td style=”text-align:left;font-family:Helvetica,Arial,Sans-Serif;font-size:11px;margin:0 6px 1.2em 0;color:#333;”>You are subscribed to email updates from <a href=”http://developer.joomla.org/security-centre.html”>Security Centre</a>
<br />To stop receiving these emails, you may <a href=”https://feedburner.google.com/fb/a/mailunsubscribe?k=klRMcgAuNv0B2qiOWTrkr13c6R0″>unsubscribe now</a>.</td>
<td style=”font-family:Helvetica,Arial,Sans-Serif;font-size:11px;margin:0 6px 1.2em 0;color:#333;text-align:right;vertical-align:top”>Email delivery powered by Google</td>
</tr>
<tr>
<td colspan=”2″ style=”text-align:left;font-family:Helvetica,Arial,Sans-Serif;font-size:11px;margin:0 6px 1.2em 0;color:#333;”>Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, United States</td>
</tr>
</table>
</div>
</body>
</html>
7e

ncert
Top
More in Preporuke
Nadogradnja za OS X Server

Apple je izdao nadogradnju za OS X Server koja otklanja četiri ranjivosti u komponentama Dovecot, Firewall, Postfix i Wiki Server....

Close