Security Centre
///////////////////////////////////////////
[20140904] – Core – Denial of Service
Posted: 30 Sep 2014 12:00 PM PDT
http://feedproxy.google.com/~r/JoomlaSecurityNews/~3/xAf88I1Zh_M/596-20140904-core-denial-of-service.html?utm_source=feedburner&utm_medium=email
Project: Joomla!
SubProject: CMS
Severity: Low
Versions: 2.5.4 through 2.5.25, 3.2.5 and earlier 3.x versions, 3.3.0
through 3.3.4
Exploit type: Denial of Service
Reported Date: 2014-September-24
Fixed Date: 2014-September-30
CVE Number: CVE-2014-7229
Description
Inadequate checking allowed the potential for a denial of service attack.
Affected Installs
Joomla! CMS versions 2.5.4 through 2.5.25, 3.2.5 and earlier 3.x versions,
3.3.0 through 3.3.4
Solution
Upgrade to version 2.5.26, 3.2.6, or 3.3.5
Contact
The JSST at the Joomla! Security Center.
Reported By: Johannes Dahse
///////////////////////////////////////////
[20140903] – Core – Remote File Inclusion
Posted: 30 Sep 2014 12:00 PM PDT
http://feedproxy.google.com/~r/JoomlaSecurityNews/~3/Prq6H6SqfxQ/595-20140903-core-remote-file-inclusion.html?utm_source=feedburner&utm_medium=email
Project: Joomla!
SubProject: CMS
Severity: Moderate
Versions: 2.5.4 through 2.5.25, 3.2.5 and earlier 3.x versions, 3.3.0
through 3.3.4
Exploit type: Remote File Inclusion
Reported Date: 2014-September-24
Fixed Date: 2014-September-30
CVE Number: CVE-2014-7228
Description
Inadequate checking allowed the potential for remote files to be executed.
Affected Installs
Joomla! CMS versions 2.5.4 through 2.5.25, 3.2.5 and earlier 3.x versions,
3.3.0 through 3.3.4
Solution
Upgrade to version 2.5.26, 3.2.6, or 3.3.5
Additional Details
Please refer to AkeebaBackup.com for additional details.
Contact
The JSST at the Joomla! Security Center.
Reported By: Johannes Dahse
///////////////////////////////////////////
[20140902] – Core – Unauthorised Logins
Posted: 23 Sep 2014 12:00 PM PDT
http://feedproxy.google.com/~r/JoomlaSecurityNews/~3/0KkCNuKqbKs/594-20140902-core-unauthorised-logins.html?utm_source=feedburner&utm_medium=email
Project: Joomla!
SubProject: CMS
Severity: Moderate
Versions: 2.5.24 and earlier 2.5.x versions, 3.2.4 and earlier 3.x
versions, 3.3.0 through 3.3.3
Exploit type: Unauthorised Logins
Reported Date: 2014-September-09
Fixed Date: 2014-September-23
CVE Number: CVE-2014-6632
Description
Inadequate checking allowed unauthorised logins via LDAP authentication.
Affected Installs
Joomla! CMS versions 2.5.24 and earlier 2.5.x versions, 3.2.4 and earlier
3.x versions, 3.3.0 through 3.3.3
Solution
Upgrade to version 2.5.25, 3.2.5, or 3.3.4
Contact
The JSST at the Joomla! Security Center.
Reported By: Matthew Daley
///////////////////////////////////////////
[20140901] – Core – XSS Vulnerability
Posted: 23 Sep 2014 12:00 PM PDT
http://feedproxy.google.com/~r/JoomlaSecurityNews/~3/it1CYBJfXWA/593-20140901-core-xss-vulnerability.html?utm_source=feedburner&utm_medium=email
Project: Joomla!
SubProject: CMS
Severity: Moderate
Versions: 3.2.0 through 3.2.4, 3.3.0 through 3.3.3
Exploit type: XSS Vulnerability
Reported Date: 2014-August-27
Fixed Date: 2014-September-23
CVE Number: CVE-2014-6631
Description
Inadequate escaping leads to XSS vulnerability in com_media.
Affected Installs
Joomla! CMS versions 3.2.0 through 3.2.4 and 3.3.0 through 3.3.3
Solution
Upgrade to version 3.2.5 or 3.3.4
Contact
The JSST at the Joomla! Security Center.
Reported By: Dingjie (Daniel) Yang
///////////////////////////////////////////
[20140301] – Core – SQL Injection
Posted: 06 Mar 2014 12:30 PM PST
http://feedproxy.google.com/~r/JoomlaSecurityNews/~3/oRsKCmBBzEg/578-20140301-core-sql-injection.html?utm_source=feedburner&utm_medium=email
Project: Joomla!
SubProject: CMS
Severity: High
Versions: 3.1.0 through 3.2.2
Exploit type: SQL Injection
Reported Date: 2014-February-06
Fixed Date: 2014-March-06
CVE Number: Pending
Description
Inadequate escaping leads to SQL injection vulnerability.
Affected Installs
Joomla! CMS versions 3.1.0 through 3.2.2
Solution
Upgrade to version 3.2.3
Contact
The JSST at the Joomla! Security Center.
Reported By: ??
///////////////////////////////////////////
[20140302] – Core – XSS Vulnerability
Posted: 06 Mar 2014 12:30 PM PST
http://feedproxy.google.com/~r/JoomlaSecurityNews/~3/mHcKoMgEhfA/579-20140302-core-xss-vulnerability.html?utm_source=feedburner&utm_medium=email
Project: Joomla!
SubProject: CMS
Severity: Moderate
Versions: 3.1.2 through 3.2.2
Exploit type: XSS Vulnerability
Reported Date: 2014-March-04
Fixed Date: 2014-March-06
CVE Number: Pending
Description
Inadequate escaping leads to XSS vulnerability in com_contact.
Affected Installs
Joomla! CMS versions 3.1.2 through 3.2.2
Solution
Upgrade to version 3.2.3
Contact
The JSST at the Joomla! Security Center.
Reported By: ??
///////////////////////////////////////////
[20140303] – Core – XSS Vulnerability
Posted: 06 Mar 2014 12:30 PM PST
http://feedproxy.google.com/~r/JoomlaSecurityNews/~3/2v5VQvtBRqs/580-20140303-core-xss-vulnerability.html?utm_source=feedburner&utm_medium=email
Project: Joomla!
SubProject: CMS
Severity: Moderate
Versions: 2.5.18 and earlier 2.5.x versions, 3.2.2 and earlier 3.x versions
Exploit type: XSS Vulnerability
Reported Date: 2014-March-05
Fixed Date: 2014-March-06
CVE Number: Pending
Description
Inadequate escaping leads to XSS vulnerability.
Affected Installs
Joomla! CMS versions 2.5.18 and earlier 2.5.x versions, 3.2.2 and earlier
3.x versions
Solution
Upgrade to version 2.5.19 or 3.2.3
Contact
The JSST at the Joomla! Security Center.
Reported By: JSST
///////////////////////////////////////////
[20140304] – Core – Unauthorised Logins
Posted: 06 Mar 2014 12:30 PM PST
http://feedproxy.google.com/~r/JoomlaSecurityNews/~3/mQFrPozIj9I/581-20140304-core-unauthorised-logins.html?utm_source=feedburner&utm_medium=email
Project: Joomla!
SubProject: CMS
Severity: Moderate
Versions: 2.5.18 and earlier 2.5.x versions, 3.2.2 and earlier 3.x versions
Exploit type: Unauthorised Logins
Reported Date: 2014-February-21
Fixed Date: 2014-March-06
CVE Number: Pending
Description
Inadequate checking allowed unauthorised logins via GMail authentication.
Affected Installs
Joomla! CMS versions 2.5.18 and earlier 2.5.x versions, 3.2.2 and earlier
3.x versions
Solution
Upgrade to version 2.5.19 or 3.2.3
Contact
The JSST at the Joomla! Security Center.
Reported By: Stefania Gaianigo
///////////////////////////////////////////
[20131103] Core XSS Vulnerability
Posted: 06 Nov 2013 10:47 AM PST
http://feedproxy.google.com/~r/JoomlaSecurityNews/~3/EJmy9rtDKJk/572-core-xss-20131103.html?utm_source=feedburner&utm_medium=email
Project: Joomla!
SubProject: All
Severity: Moderate
Versions: 2.5.14 and earlier 2.5.x versions. 3.1.5 and earlier 3.x versions.
Exploit type: XSS Vulnerability
Reported Date: 2013-October-26
Fixed Date: 2013-November-06
CVE Number:
Description
Inadequate filtering leads to XSS vulnerability in com_contact.
Affected Installs
Joomla! version 2.5.14 and earlier 2.5.x versions; and version 3.1.5 and
earlier 3.0.x versions.
Solution
Upgrade to version 2.5.16, 3.1.6 or 3.2.
Contact
The JSST at the Joomla! Security Center.
Reported By: Osanda Malith Jayathissa
///////////////////////////////////////////
[20131102] Core XSS Vulnerability
Posted: 06 Nov 2013 10:47 AM PST
http://feedproxy.google.com/~r/JoomlaSecurityNews/~3/AnSVmSKvtjU/571-core-xss-20131102.html?utm_source=feedburner&utm_medium=email
Project: Joomla!
SubProject: All
Severity: Moderate
Versions: 2.5.14 and earlier 2.5.x versions. 3.1.5 and earlier 3.x versions.
Exploit type: XSS Vulnerability
Reported Date: 2013-October-06
Fixed Date: 2013-November-06
CVE Number:
Description
Inadequate filtering leads to XSS vulnerability in com_contact,
com_weblinks, com_newsfeeds.
Affected Installs
Joomla! version 2.5.14 and earlier 2.5.x versions; and version 3.1.5 and
earlier 3.0.x versions.
Solution
Upgrade to version 2.5.16, 3.1.6 or 3.2.
Contact
The JSST at the Joomla! Security Center.
Reported By: Osanda Malith Jayathissa
///////////////////////////////////////////
[20131101] Core XSS Vulnerability
Posted: 06 Nov 2013 10:47 AM PST
http://feedproxy.google.com/~r/JoomlaSecurityNews/~3/QmY8h07_Mgk/570-core-xss-20131101.html?utm_source=feedburner&utm_medium=email
Project: Joomla!
SubProject: All
Severity: High
Versions: 2.5.14 and earlier 2.5.x versions. 3.1.5 and earlier 3.x versions.
Exploit type: XSS Vulnerability
Reported Date: 2013-October-25
Fixed Date: 2013-November-06
CVE Number:
Description
Inadequate filtering leads to XSS vulnerability in com_contact.
Affected Installs
Joomla! version 2.5.14 and earlier 2.5.x versions; and version 3.1.5 and
earlier 3.0.x versions.
Solution
Upgrade to version 2.5.16, 3.1.6 or 3.2.
Contact
The JSST at the Joomla! Security Center.
Reported By: Osanda Malith Jayathissa
—
You are subscribed to email updates from “Security Centre.”
To stop receiving these emails, you may unsubscribe now:
https://feedburner.google.com/fb/a/mailunsubscribe?k=klRMcgAuNv0B2qiOWTrkr13c6R0
Email delivery powered by Google.
Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, United
States
<!DOCTYPE html PUBLIC “-//W3C//DTD XHTML 1.0 Transitional//EN” “http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd”>
<html>
<head>
<META http-equiv=”Content-Type” content=”text/html; charset=UTF-8″>
<title>Security Centre</title>
</head>
<body>
<style type=”text/css”>
h1 a:hover {background-color:#888;color:#fff ! important;}
div#emailbody table#itemcontentlist tr td div ul {
list-style-type:square;
padding-left:1em;
}
div#emailbody table#itemcontentlist tr td div blockquote {
padding-left:6px;
border-left: 6px solid #dadada;
margin-left:1em;
}
div#emailbody table#itemcontentlist tr td div li {
margin-bottom:1em;
margin-left:1em;
}
table#itemcontentlist tr td a:link, table#itemcontentlist tr td a:visited, table#itemcontentlist tr td a:active, ul#summarylist li a {
color:#000099;
font-weight:bold;
text-decoration:none;
}
img {border:none;}
</style>
<div xmlns=”http://www.w3.org/1999/xhtml” id=”emailbody” style=”margin:0 2em;font-family:Arial, Helvetica, sans-serif;line-height:140%;font-size:9px;color:#000000;”>
<table style=”border:0;padding:0;margin:0;width:100%”>
<tr>
<td style=”vertical-align:top” width=”99%”>
<h1 style=”margin:0;padding-bottom:6px;”>
<a style=”color:#888;font-size:22px;font-family:Arial, Helvetica, sans-serif;font-weight:normal;text-decoration:none;” href=”http://developer.joomla.org/security-centre.html” title=”(http://developer.joomla.org/security-centre.html)”>Joomla! Security News</a>
</h1>
</td>
<td width=”1%” />
</tr>
</table>
<hr style=”border:1px solid #ccc;padding:0;margin:0″ />
<ul style=”clear:both;padding:0 0 0 1.2em;width:100%” id=”summarylist”>
<li>
<a href=”#1″>[20140904] – Core – Denial of Service</a>
</li>
<li>
<a href=”#2″>[20140903] – Core – Remote File Inclusion</a>
</li>
<li>
<a href=”#3″>[20140902] – Core – Unauthorised Logins</a>
</li>
<li>
<a href=”#4″>[20140901] – Core – XSS Vulnerability</a>
</li>
<li>
<a href=”#5″>[20140301] – Core – SQL Injection</a>
</li>
<li>
<a href=”#6″>[20140302] – Core – XSS Vulnerability</a>
</li>
<li>
<a href=”#7″>[20140303] – Core – XSS Vulnerability</a>
</li>
<li>
<a href=”#8″>[20140304] – Core – Unauthorised Logins</a>
</li>
<li>
<a href=”#9″>[20131103] Core XSS Vulnerability</a>
</li>
<li>
<a href=”#10″>[20131102] Core XSS Vulnerability</a>
</li>
<li>
<a href=”#11″>[20131101] Core XSS Vulnerability</a>
</li>
</ul>
<table id=”itemcontentlist”>
<tr xmlns=””>
<td style=”margin-bottom:0;line-height:1.4em;”>
<p style=”margin:1em 0 3px 0;”>
<a name=”1″ style=”font-family:Arial, Helvetica, sans-serif;font-size:9px;” href=”http://feedproxy.google.com/~r/JoomlaSecurityNews/~3/xAf88I1Zh_M/596-20140904-core-denial-of-service.html?utm_source=feedburner&utm_medium=email”>[20140904] – Core – Denial of Service</a>
</p>
<p style=”font-size:9px;color:#555;margin:9px 0 3px 0;font-family:Arial, Helvetica, sans-serif;line-height:140%;font-size:9px;”>
<span>Posted:</span> 30 Sep 2014 12:00 PM PDT</p>
<div style=”margin:0;font-family:Arial, Helvetica, sans-serif;line-height:140%;font-size:9px;color:#000000;”><ul>
<li>Project: Joomla!</li>
<li>SubProject: CMS</li>
<li>Severity: <span class=”label label-warning”>Low</span></li>
<li>Versions: 2.5.4 through 2.5.25, 3.2.5 and earlier 3.x versions, 3.3.0 through 3.3.4</li>
<li>Exploit type: Denial of Service</li>
<li>Reported Date: 2014-September-24</li>
<li>Fixed Date: 2014-September-30</li>
<li>CVE Number: <a href=”http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-7229″ target=”_blank”>CVE-2014-7229</a></li>
</ul>
<h3>Description</h3>
<p>Inadequate checking allowed the potential for a denial of service attack.</p>
<h3>Affected Installs</h3>
<p>Joomla! CMS versions 2.5.4 through 2.5.25, 3.2.5 and earlier 3.x versions, 3.3.0 through 3.3.4</p>
<h3>Solution</h3>
<p>Upgrade to version 2.5.26, 3.2.6, or 3.3.5</p>
<h3>Contact</h3>
<p>The JSST at the Joomla! Security Center.</p>
<div class=”alert alert-info”><strong>Reported By:</strong> Johannes Dahse</div><div class=”feedflare”>
<a href=”http://feeds.feedburner.com/~ff/JoomlaSecurityNews?a=xAf88I1Zh_M:7KiPZvCRrJo:yIl2AUoC8zA”><img src=”http://feeds.feedburner.com/~ff/JoomlaSecurityNews?d=yIl2AUoC8zA” border=”0″></img></a>
</div><img src=”http://feeds.feedburner.com/~r/JoomlaSecurityNews/~4/xAf88I1Zh_M?utm_source=feedburner&utm_medium=email” height=”1″ width=”1″ alt=””/></div>
</td>
</tr>
<tr>
<td style=”margin-bottom:0;line-height:1.4em;”>
<p style=”margin:1em 0 3px 0;”>
<a name=”2″ style=”font-family:Arial, Helvetica, sans-serif;font-size:9px;” href=”http://feedproxy.google.com/~r/JoomlaSecurityNews/~3/Prq6H6SqfxQ/595-20140903-core-remote-file-inclusion.html?utm_source=feedburner&utm_medium=email”>[20140903] – Core – Remote File Inclusion</a>
</p>
<p style=”font-size:9px;color:#555;margin:9px 0 3px 0;font-family:Arial, Helvetica, sans-serif;line-height:140%;font-size:9px;”>
<span>Posted:</span> 30 Sep 2014 12:00 PM PDT</p>
<div style=”margin:0;font-family:Arial, Helvetica, sans-serif;line-height:140%;font-size:9px;color:#000000;”><ul>
<li>Project: Joomla!</li>
<li>SubProject: CMS</li>
<li>Severity: <span class=”label label-warning”>Moderate</span></li>
<li>Versions: 2.5.4 through 2.5.25, 3.2.5 and earlier 3.x versions, 3.3.0 through 3.3.4</li>
<li>Exploit type: Remote File Inclusion</li>
<li>Reported Date: 2014-September-24</li>
<li>Fixed Date: 2014-September-30</li>
<li>CVE Number: <a href=”http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-7228″ target=”_blank”>CVE-2014-7228</a></li>
</ul>
<h3>Description</h3>
<p>Inadequate checking allowed the potential for remote files to be executed.</p>
<h3>Affected Installs</h3>
<p>Joomla! CMS versions 2.5.4 through 2.5.25, 3.2.5 and earlier 3.x versions, 3.3.0 through 3.3.4</p>
<h3>Solution</h3>
<p>Upgrade to version 2.5.26, 3.2.6, or 3.3.5</p>
<h3>Additional Details</h3>
<p>Please refer to <a href=”https://www.akeebabackup.com/home/news/1605-security-update-sep-2014.html” target=”_blank”>AkeebaBackup.com</a> for additional details.</p>
<h3>Contact</h3>
<p>The JSST at the Joomla! Security Center.</p>
<div class=”alert alert-info”><strong>Reported By:</strong> Johannes Dahse</div><div class=”feedflare”>
<a href=”http://feeds.feedburner.com/~ff/JoomlaSecurityNews?a=Prq6H6SqfxQ:CXWpLF6ggFU:yIl2AUoC8zA”><img src=”http://feeds.feedburner.com/~ff/JoomlaSecurityNews?d=yIl2AUoC8zA” border=”0″></img></a>
</div><img src=”http://feeds.feedburner.com/~r/JoomlaSecurityNews/~4/Prq6H6SqfxQ?utm_source=feedburner&utm_medium=email” height=”1″ width=”1″ alt=””/></div>
</td>
</tr>
<tr>
<td style=”margin-bottom:0;line-height:1.4em;”>
<p style=”margin:1em 0 3px 0;”>
<a name=”3″ style=”font-family:Arial, Helvetica, sans-serif;font-size:9px;” href=”http://feedproxy.google.com/~r/JoomlaSecurityNews/~3/0KkCNuKqbKs/594-20140902-core-unauthorised-logins.html?utm_source=feedburner&utm_medium=email”>[20140902] – Core – Unauthorised Logins</a>
</p>
<p style=”font-size:9px;color:#555;margin:9px 0 3px 0;font-family:Arial, Helvetica, sans-serif;line-height:140%;font-size:9px;”>
<span>Posted:</span> 23 Sep 2014 12:00 PM PDT</p>
<div style=”margin:0;font-family:Arial, Helvetica, sans-serif;line-height:140%;font-size:9px;color:#000000;”><ul>
<li>Project: Joomla!</li>
<li>SubProject: CMS</li>
<li>Severity: <span class=”label label-warning”>Moderate</span></li>
<li>Versions: 2.5.24 and earlier 2.5.x versions, 3.2.4 and earlier 3.x versions, 3.3.0 through 3.3.3</li>
<li>Exploit type: Unauthorised Logins</li>
<li>Reported Date: 2014-September-09</li>
<li>Fixed Date: 2014-September-23</li>
<li>CVE Number: <a href=”http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6632″ target=”_blank”>CVE-2014-6632</a></li>
</ul>
<h3>Description</h3>
<p>Inadequate checking allowed unauthorised logins via LDAP authentication.</p>
<h3>Affected Installs</h3>
<p>Joomla! CMS versions 2.5.24 and earlier 2.5.x versions, 3.2.4 and earlier 3.x versions, 3.3.0 through 3.3.3</p>
<h3>Solution</h3>
<p>Upgrade to version 2.5.25, 3.2.5, or 3.3.4</p>
<h3>Contact</h3>
<p>The JSST at the Joomla! Security Center.</p>
<div class=”alert alert-info”><strong>Reported By:</strong> Matthew Daley</div><div class=”feedflare”>
<a href=”http://feeds.feedburner.com/~ff/JoomlaSecurityNews?a=0KkCNuKqbKs:89OZao2VSMg:yIl2AUoC8zA”><img src=”http://feeds.feedburner.com/~ff/JoomlaSecurityNews?d=yIl2AUoC8zA” border=”0″></img></a>
</div><img src=”http://feeds.feedburner.com/~r/JoomlaSecurityNews/~4/0KkCNuKqbKs?utm_source=feedburner&utm_medium=email” height=”1″ width=”1″ alt=””/></div>
</td>
</tr>
<tr>
<td style=”margin-bottom:0;line-height:1.4em;”>
<p style=”margin:1em 0 3px 0;”>
<a name=”4″ style=”font-family:Arial, Helvetica, sans-serif;font-size:9px;” href=”http://feedproxy.google.com/~r/JoomlaSecurityNews/~3/it1CYBJfXWA/593-20140901-core-xss-vulnerability.html?utm_source=feedburner&utm_medium=email”>[20140901] – Core – XSS Vulnerability</a>
</p>
<p style=”font-size:9px;color:#555;margin:9px 0 3px 0;font-family:Arial, Helvetica, sans-serif;line-height:140%;font-size:9px;”>
<span>Posted:</span> 23 Sep 2014 12:00 PM PDT</p>
<div style=”margin:0;font-family:Arial, Helvetica, sans-serif;line-height:140%;font-size:9px;color:#000000;”><ul>
<li>Project: Joomla!</li>
<li>SubProject: CMS</li>
<li>Severity: <span class=”label label-warning”>Moderate</span></li>
<li>Versions: 3.2.0 through 3.2.4, 3.3.0 through 3.3.3</li>
<li>Exploit type: XSS Vulnerability</li>
<li>Reported Date: 2014-August-27</li>
<li>Fixed Date: 2014-September-23</li>
<li>CVE Number: <a href=”http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6631″ target=”_blank”>CVE-2014-6631</a></li>
</ul>
<h3>Description</h3>
<p>Inadequate escaping leads to XSS vulnerability in com_media.</p>
<h3>Affected Installs</h3>
<p>Joomla! CMS versions 3.2.0 through 3.2.4 and 3.3.0 through 3.3.3</p>
<h3>Solution</h3>
<p>Upgrade to version 3.2.5 or 3.3.4</p>
<h3>Contact</h3>
<p>The JSST at the Joomla! Security Center.</p>
<div class=”alert alert-info”><strong>Reported By:</strong> Dingjie (Daniel) Yang</div><div class=”feedflare”>
<a href=”http://feeds.feedburner.com/~ff/JoomlaSecurityNews?a=it1CYBJfXWA:E2Kxi4UQqIA:yIl2AUoC8zA”><img src=”http://feeds.feedburner.com/~ff/JoomlaSecurityNews?d=yIl2AUoC8zA” border=”0″></img></a>
</div><img src=”http://feeds.feedburner.com/~r/JoomlaSecurityNews/~4/it1CYBJfXWA?utm_source=feedburner&utm_medium=email” height=”1″ width=”1″ alt=””/></div>
</td>
</tr>
<tr>
<td style=”margin-bottom:0;line-height:1.4em;”>
<p style=”margin:1em 0 3px 0;”>
<a name=”5″ style=”font-family:Arial, Helvetica, sans-serif;font-size:9px;” href=”http://feedproxy.google.com/~r/JoomlaSecurityNews/~3/oRsKCmBBzEg/578-20140301-core-sql-injection.html?utm_source=feedburner&utm_medium=email”>[20140301] – Core – SQL Injection</a>
</p>
<p style=”font-size:9px;color:#555;margin:9px 0 3px 0;font-family:Arial, Helvetica, sans-serif;line-height:140%;font-size:9px;”>
<span>Posted:</span> 06 Mar 2014 12:30 PM PST</p>
<div style=”margin:0;font-family:Arial, Helvetica, sans-serif;line-height:140%;font-size:9px;color:#000000;”><ul>
<li>Project: Joomla!</li>
<li>SubProject: CMS</li>
<li>Severity: <span class=”label label-important”>High</span></li>
<li>Versions: 3.1.0 through 3.2.2</li>
<li>Exploit type: SQL Injection</li>
<li>Reported Date: 2014-February-06</li>
<li>Fixed Date: 2014-March-06</li>
<li>CVE Number: Pending</li>
</ul>
<h3>Description</h3>
<p>Inadequate escaping leads to SQL injection vulnerability.</p>
<h3>Affected Installs</h3>
<p>Joomla! CMS versions 3.1.0 through 3.2.2</p>
<h3>Solution</h3>
<p>Upgrade to version 3.2.3</p>
<h3>Contact</h3>
<p>The JSST at the Joomla! Security Center.</p>
<div class=”alert alert-info”><strong>Reported By:</strong> ??</div><div class=”feedflare”>
<a href=”http://feeds.feedburner.com/~ff/JoomlaSecurityNews?a=oRsKCmBBzEg:BpA7JiYPwCU:yIl2AUoC8zA”><img src=”http://feeds.feedburner.com/~ff/JoomlaSecurityNews?d=yIl2AUoC8zA” border=”0″></img></a>
</div><img src=”http://feeds.feedburner.com/~r/JoomlaSecurityNews/~4/oRsKCmBBzEg?utm_source=feedburner&utm_medium=email” height=”1″ width=”1″ alt=””/></div>
</td>
</tr>
<tr>
<td style=”margin-bottom:0;line-height:1.4em;”>
<p style=”margin:1em 0 3px 0;”>
<a name=”6″ style=”font-family:Arial, Helvetica, sans-serif;font-size:9px;” href=”http://feedproxy.google.com/~r/JoomlaSecurityNews/~3/mHcKoMgEhfA/579-20140302-core-xss-vulnerability.html?utm_source=feedburner&utm_medium=email”>[20140302] – Core – XSS Vulnerability</a>
</p>
<p style=”font-size:9px;color:#555;margin:9px 0 3px 0;font-family:Arial, Helvetica, sans-serif;line-height:140%;font-size:9px;”>
<span>Posted:</span> 06 Mar 2014 12:30 PM PST</p>
<div style=”margin:0;font-family:Arial, Helvetica, sans-serif;line-height:140%;font-size:9px;color:#000000;”><ul>
<li>Project: Joomla!</li>
<li>SubProject: CMS</li>
<li>Severity: <span class=”label label-warning”>Moderate</span></li>
<li>Versions: 3.1.2 through 3.2.2</li>
<li>Exploit type: XSS Vulnerability</li>
<li>Reported Date: 2014-March-04</li>
<li>Fixed Date: 2014-March-06</li>
<li>CVE Number: Pending</li>
</ul>
<h3>Description</h3>
<p>Inadequate escaping leads to XSS vulnerability in com_contact.</p>
<h3>Affected Installs</h3>
<p>Joomla! CMS versions 3.1.2 through 3.2.2</p>
<h3>Solution</h3>
<p>Upgrade to version 3.2.3</p>
<h3>Contact</h3>
<p>The JSST at the Joomla! Security Center.</p>
<div class=”alert alert-info”><strong>Reported By:</strong> ??</div><div class=”feedflare”>
<a href=”http://feeds.feedburner.com/~ff/JoomlaSecurityNews?a=mHcKoMgEhfA:4iup6HUOZng:yIl2AUoC8zA”><img src=”http://feeds.feedburner.com/~ff/JoomlaSecurityNews?d=yIl2AUoC8zA” border=”0″></img></a>
</div><img src=”http://feeds.feedburner.com/~r/JoomlaSecurityNews/~4/mHcKoMgEhfA?utm_source=feedburner&utm_medium=email” height=”1″ width=”1″ alt=””/></div>
</td>
</tr>
<tr>
<td style=”margin-bottom:0;line-height:1.4em;”>
<p style=”margin:1em 0 3px 0;”>
<a name=”7″ style=”font-family:Arial, Helvetica, sans-serif;font-size:9px;” href=”http://feedproxy.google.com/~r/JoomlaSecurityNews/~3/2v5VQvtBRqs/580-20140303-core-xss-vulnerability.html?utm_source=feedburner&utm_medium=email”>[20140303] – Core – XSS Vulnerability</a>
</p>
<p style=”font-size:9px;color:#555;margin:9px 0 3px 0;font-family:Arial, Helvetica, sans-serif;line-height:140%;font-size:9px;”>
<span>Posted:</span> 06 Mar 2014 12:30 PM PST</p>
<div style=”margin:0;font-family:Arial, Helvetica, sans-serif;line-height:140%;font-size:9px;color:#000000;”><ul>
<li>Project: Joomla!</li>
<li>SubProject: CMS</li>
<li>Severity: <span class=”label label-warning”>Moderate</span></li>
<li>Versions: 2.5.18 and earlier 2.5.x versions, 3.2.2 and earlier 3.x versions</li>
<li>Exploit type: XSS Vulnerability</li>
<li>Reported Date: 2014-March-05</li>
<li>Fixed Date: 2014-March-06</li>
<li>CVE Number: Pending</li>
</ul>
<h3>Description</h3>
<p>Inadequate escaping leads to XSS vulnerability.</p>
<h3>Affected Installs</h3>
<p>Joomla! CMS versions 2.5.18 and earlier 2.5.x versions, 3.2.2 and earlier 3.x versions</p>
<h3>Solution</h3>
<p>Upgrade to version 2.5.19 or 3.2.3</p>
<h3>Contact</h3>
<p>The JSST at the Joomla! Security Center.</p>
<div class=”alert alert-info”><strong>Reported By:</strong> JSST</div><div class=”feedflare”>
<a href=”http://feeds.feedburner.com/~ff/JoomlaSecurityNews?a=2v5VQvtBRqs:HXEdWqJlA3M:yIl2AUoC8zA”><img src=”http://feeds.feedburner.com/~ff/JoomlaSecurityNews?d=yIl2AUoC8zA” border=”0″></img></a>
</div><img src=”http://feeds.feedburner.com/~r/JoomlaSecurityNews/~4/2v5VQvtBRqs?utm_source=feedburner&utm_medium=email” height=”1″ width=”1″ alt=””/></div>
</td>
</tr>
<tr>
<td style=”margin-bottom:0;line-height:1.4em;”>
<p style=”margin:1em 0 3px 0;”>
<a name=”8″ style=”font-family:Arial, Helvetica, sans-serif;font-size:9px;” href=”http://feedproxy.google.com/~r/JoomlaSecurityNews/~3/mQFrPozIj9I/581-20140304-core-unauthorised-logins.html?utm_source=feedburner&utm_medium=email”>[20140304] – Core – Unauthorised Logins</a>
</p>
<p style=”font-size:9px;color:#555;margin:9px 0 3px 0;font-family:Arial, Helvetica, sans-serif;line-height:140%;font-size:9px;”>
<span>Posted:</span> 06 Mar 2014 12:30 PM PST</p>
<div style=”margin:0;font-family:Arial, Helvetica, sans-serif;line-height:140%;font-size:9px;color:#000000;”><ul>
<li>Project: Joomla!</li>
<li>SubProject: CMS</li>
<li>Severity: <span class=”label label-warning”>Moderate</span></li>
<li>Versions: 2.5.18 and earlier 2.5.x versions, 3.2.2 and earlier 3.x versions</li>
<li>Exploit type: Unauthorised Logins</li>
<li>Reported Date: 2014-February-21</li>
<li>Fixed Date: 2014-March-06</li>
<li>CVE Number: Pending</li>
</ul>
<h3>Description</h3>
<p>Inadequate checking allowed unauthorised logins via GMail authentication.</p>
<h3>Affected Installs</h3>
<p>Joomla! CMS versions 2.5.18 and earlier 2.5.x versions, 3.2.2 and earlier 3.x versions</p>
<h3>Solution</h3>
<p>Upgrade to version 2.5.19 or 3.2.3</p>
<h3>Contact</h3>
<p>The JSST at the Joomla! Security Center.</p>
<div class=”alert alert-info”><strong>Reported By:</strong> Stefania Gaianigo</div><div class=”feedflare”>
<a href=”http://feeds.feedburner.com/~ff/JoomlaSecurityNews?a=mQFrPozIj9I:256Om37X0lo:yIl2AUoC8zA”><img src=”http://feeds.feedburner.com/~ff/JoomlaSecurityNews?d=yIl2AUoC8zA” border=”0″></img></a>
</div><img src=”http://feeds.feedburner.com/~r/JoomlaSecurityNews/~4/mQFrPozIj9I?utm_source=feedburner&utm_medium=email” height=”1″ width=”1″ alt=””/></div>
</td>
</tr>
<tr>
<td style=”margin-bottom:0;line-height:1.4em;”>
<p style=”margin:1em 0 3px 0;”>
<a name=”9″ style=”font-family:Arial, Helvetica, sans-serif;font-size:9px;” href=”http://feedproxy.google.com/~r/JoomlaSecurityNews/~3/EJmy9rtDKJk/572-core-xss-20131103.html?utm_source=feedburner&utm_medium=email”>[20131103] Core XSS Vulnerability</a>
</p>
<p style=”font-size:9px;color:#555;margin:9px 0 3px 0;font-family:Arial, Helvetica, sans-serif;line-height:140%;font-size:9px;”>
<span>Posted:</span> 06 Nov 2013 10:47 AM PST</p>
<div style=”margin:0;font-family:Arial, Helvetica, sans-serif;line-height:140%;font-size:9px;color:#000000;”><ul>
<li>Project: Joomla!</li>
<li>SubProject: All</li>
<li>Severity: <span class=”label label-warning”>Moderate</span></li>
<li>Versions: 2.5.14 and earlier 2.5.x versions. 3.1.5 and earlier 3.x versions.</li>
<li>Exploit type: XSS Vulnerability</li>
<li>Reported Date: 2013-October-26</li>
<li>Fixed Date: 2013-November-06</li>
<li>CVE Number:</li>
</ul>
<h3>Description</h3>
<p>Inadequate filtering leads to XSS vulnerability in com_contact.</p>
<h3>Affected Installs</h3>
<p>Joomla! version 2.5.14 and earlier 2.5.x versions; and version 3.1.5 and earlier 3.0.x versions.</p>
<h3>Solution</h3>
<p>Upgrade to version 2.5.16, 3.1.6 or 3.2.</p>
<h3>Contact</h3>
<p>The JSST at the Joomla! Security Center.</p>
<div class=”alert alert-info”><strong>Reported By:</strong> Osanda Malith Jayathissa</div><div class=”feedflare”>
<a href=”http://feeds.feedburner.com/~ff/JoomlaSecurityNews?a=EJmy9rtDKJk:ACaII92QBFM:yIl2AUoC8zA”><img src=”http://feeds.feedburner.com/~ff/JoomlaSecurityNews?d=yIl2AUoC8zA” border=”0″></img></a>
</div><img src=”http://feeds.feedburner.com/~r/JoomlaSecurityNews/~4/EJmy9rtDKJk?utm_source=feedburner&utm_medium=email” height=”1″ width=”1″ alt=””/></div>
</td>
</tr>
<tr>
<td style=”margin-bottom:0;line-height:1.4em;”>
<p style=”margin:1em 0 3px 0;”>
<a name=”10″ style=”font-family:Arial, Helvetica, sans-serif;font-size:9px;” href=”http://feedproxy.google.com/~r/JoomlaSecurityNews/~3/AnSVmSKvtjU/571-core-xss-20131102.html?utm_source=feedburner&utm_medium=email”>[20131102] Core XSS Vulnerability</a>
</p>
<p style=”font-size:9px;color:#555;margin:9px 0 3px 0;font-family:Arial, Helvetica, sans-serif;line-height:140%;font-size:9px;”>
<span>Posted:</span> 06 Nov 2013 10:47 AM PST</p>
<div style=”margin:0;font-family:Arial, Helvetica, sans-serif;line-height:140%;font-size:9px;color:#000000;”><ul>
<li>Project: Joomla!</li>
<li>SubProject: All</li>
<li>Severity: <span class=”label label-warning”>Moderate</span></li>
<li>Versions: 2.5.14 and earlier 2.5.x versions. 3.1.5 and earlier 3.x versions.</li>
<li>Exploit type: XSS Vulnerability</li>
<li>Reported Date: 2013-October-06</li>
<li>Fixed Date: 2013-November-06</li>
<li>CVE Number:</li>
</ul>
<h3>Description</h3>
<p>Inadequate filtering leads to XSS vulnerability in com_contact, com_weblinks, com_newsfeeds.</p>
<h3>Affected Installs</h3>
<p>Joomla! version 2.5.14 and earlier 2.5.x versions; and version 3.1.5 and earlier 3.0.x versions.</p>
<h3>Solution</h3>
<p>Upgrade to version 2.5.16, 3.1.6 or 3.2.</p>
<h3>Contact</h3>
<p>The JSST at the Joomla! Security Center.</p>
<div class=”alert alert-info”><strong>Reported By:</strong> <span style=”line-height: 1.3em;”>Osanda Malith Jayathissa</span></div><div class=”feedflare”>
<a href=”http://feeds.feedburner.com/~ff/JoomlaSecurityNews?a=AnSVmSKvtjU:recwIPc-jYQ:yIl2AUoC8zA”><img src=”http://feeds.feedburner.com/~ff/JoomlaSecurityNews?d=yIl2AUoC8zA” border=”0″></img></a>
</div><img src=”http://feeds.feedburner.com/~r/JoomlaSecurityNews/~4/AnSVmSKvtjU?utm_source=feedburner&utm_medium=email” height=”1″ width=”1″ alt=””/></div>
</td>
</tr>
<tr>
<td style=”margin-bottom:0;line-height:1.4em;”>
<p style=”margin:1em 0 3px 0;”>
<a name=”11″ style=”font-family:Arial, Helvetica, sans-serif;font-size:9px;” href=”http://feedproxy.google.com/~r/JoomlaSecurityNews/~3/QmY8h07_Mgk/570-core-xss-20131101.html?utm_source=feedburner&utm_medium=email”>[20131101] Core XSS Vulnerability</a>
</p>
<p style=”font-size:9px;color:#555;margin:9px 0 3px 0;font-family:Arial, Helvetica, sans-serif;line-height:140%;font-size:9px;”>
<span>Posted:</span> 06 Nov 2013 10:47 AM PST</p>
<div style=”margin:0;font-family:Arial, Helvetica, sans-serif;line-height:140%;font-size:9px;color:#000000;”><ul>
<li>Project: Joomla!</li>
<li>SubProject: All</li>
<li>Severity: <span class=”label label-warning”>High</span></li>
<li>Versions: 2.5.14 and earlier 2.5.x versions. 3.1.5 and earlier 3.x versions.</li>
<li>Exploit type: XSS Vulnerability</li>
<li>Reported Date: 2013-October-25</li>
<li>Fixed Date: 2013-November-06</li>
<li>CVE Number:</li>
</ul>
<h3>Description</h3>
<p>Inadequate filtering leads to XSS vulnerability in com_contact.</p>
<h3>Affected Installs</h3>
<p>Joomla! version 2.5.14 and earlier 2.5.x versions; and version 3.1.5 and earlier 3.0.x versions.</p>
<h3>Solution</h3>
<p>Upgrade to version 2.5.16, 3.1.6 or 3.2.</p>
<h3>Contact</h3>
<p>The JSST at the Joomla! Security Center.</p>
<div class=”alert alert-info”><strong>Reported By:</strong> <span style=”line-height: 1.3em;”>Osanda Malith Jayathissa</span></div><div class=”feedflare”>
<a href=”http://feeds.feedburner.com/~ff/JoomlaSecurityNews?a=QmY8h07_Mgk:3hjPCmUrAYw:yIl2AUoC8zA”><img src=”http://feeds.feedburner.com/~ff/JoomlaSecurityNews?d=yIl2AUoC8zA” border=”0″></img></a>
</div><img src=”http://feeds.feedburner.com/~r/JoomlaSecurityNews/~4/QmY8h07_Mgk?utm_source=feedburner&utm_medium=email” height=”1″ width=”1″ alt=””/></div>
</td>
</tr>
</table>
<table style=”border-top:1px solid #999;padding-top:4px;margin-top:1.5em;width:100%” id=”footer”>
<tr>
<td style=”text-align:left;font-family:Helvetica,Arial,Sans-Serif;font-size:11px;margin:0 6px 1.2em 0;color:#333;”>You are subscribed to email updates from <a href=”http://developer.joomla.org/security-centre.html”>Security Centre</a>
<br />To stop receiving these emails, you may <a href=”https://feedburner.google.com/fb/a/mailunsubscribe?k=klRMcgAuNv0B2qiOWTrkr13c6R0″>unsubscribe now</a>.</td>
<td style=”font-family:Helvetica,Arial,Sans-Serif;font-size:11px;margin:0 6px 1.2em 0;color:#333;text-align:right;vertical-align:top”>Email delivery powered by Google</td>
</tr>
<tr>
<td colspan=”2″ style=”text-align:left;font-family:Helvetica,Arial,Sans-Serif;font-size:11px;margin:0 6px 1.2em 0;color:#333;”>Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, United States</td>
</tr>
</table>
</div>
</body>
</html>
7e