Joomla! Security

Verschiedenes
Home Security Announcements
Joomla! Security Announcements Drucken E-Mail

Joomla! Security Announcements

Auf dieser Seite können Sie die neuesten Security News von Joomla! lesen.
Der Content dieser Seite wird von Joomla.org zur Verfügung gestellt.

Sie können die Security News von folgender URL abonieren:
http://feeds.joomla.org/JoomlaSecurityNews

Current Feed Content
 
Joomla! Developer Network - Security News
Joomla! - the dynamic portal engine and content management system
  • [20111103] - Core - Password Change
    • Project: Joomla!
    • SubProject: All
    • Severity: High
    • Versions: 1.5.24 and all earlier 1.5 versions
    • Exploit type: Password Change
    • Reported Date: 2011-October-28
    • Fixed Date: 2011-November-14

    Description

    Weak random number generation during password reset leads to possibility of changing a user's password.

    Affected Installs

    Joomla! version 1.5.24 and all earlier 1.5 versions

    Solution

    Upgrade to the latest Joomla! 1.5 version (1.5.25 or later)

    Reported by Gregor Kopf and David Jardin

    Contact

    The JSST at the Joomla! Security Center.

  • [20111101] - Core - XSS Vulnerability
    • Project: Joomla!
    • SubProject: All
    • Severity: Medium
    • Versions: 1.7.2 and all 1.6.x versions
    • Exploit type: XSS
    • Reported Date: 2011-October-21
    • Fixed Date: 2011-November-14

    Description

    Inadequate filtering leads to XSS vulnerability in back end.

    Affected Installs

    Joomla! version 1.7.2 and all earlier 1.7.x and 1.6.x versions

    Solution

    Upgrade to the latest Joomla! version (1.7.3 or later)

    Reported by Corné Hannema

    Contact

    The JSST at the Joomla! Security Center.

  • [20111102] - Core - Password Change
    • Project: Joomla!
    • SubProject: All
    • Severity: High
    • Versions: 1.7.2 and all 1.6.x versions
    • Exploit type: Password Change
    • Reported Date: 2011-October-28
    • Fixed Date: 2011-November-14

    Description

    Weak random number generation during password reset leads to possibility of changing a user's password.

    Affected Installs

    Joomla! version 1.7.2 and all earlier 1.7.x and 1.6.x versions

    Solution

    Upgrade to the latest Joomla! version (1.7.3 or later)

    Reported by Gregor Kopf and David Jardin

    Contact

    The JSST at the Joomla! Security Center.