Joomla! Developer - Vulnerability News

Not only is Joomla! easy to use, but it is easy to add extra functionality through a flexible and powerful developer framework. The Joomla! Framework allows you to build exceptional extensions for Joomla! including components, modules, plugins, templates and language packs.

[20091103] - Core - Front-End Editor Issue Project: Joomla! SubProject: com_content Severity: Moderate Versions: 1.5.14 and all previous 1.5 releases Exploit type: Front-End Editing Reported Date: 2009-September-05 Fixed Date: 2009-November-03 Description When logged into the front end with Author access, it was possible to replace an article written by another user. Affected Installs All 1.5.x installs prior to and including 1.5.14 are affected. Solution Upgrade to latest Joomla! version (1.5.15 or newer). Reported by Hannes Papenberg Contact The JSST at the Joomla! Security Center. [20091103] - Core - XML File Read Issue Project: Joomla! SubProject: All Severity: Low Versions: 1.5.14 and all previous 1.5 releases Exploit type: Extension Version Disclosure Reported Date: 2009-October-13 Fixed Date: 2009-Nov-03 Description It is possible to read the contents of an extension's XML file and find the version number of the installed extension. This could allow people to exploit a known security flaws for a specific version of an extension. Affected Installs All 1.5.x installs prior to and including 1.5.14 are affected. Solution Turn on Apache mod_rewrite and configure your .htaccess file to filter out XML files. In the htaccess.txt file shipped with version 1.5.15, lines 35-39 contain example code that will deny access to XML files. You can incorporate this code (or similar code) into your .htaccess file. Be sure to test that it does not cause problems on your site. Reported by WHK and Gergő Erdősi Contact The JSST at the Joomla! Security Center. [20090722] - Core - Missing JEXEC Check Project: Joomla! SubProject: Framework Severity: Moderate Versions: 1.5.12 and all previous 1.5 releases Exploit type: Path Disclosure Reported Date: 2009-July-21 Fixed Date: 2009-July-22 Description Some files were missing the check for JEXEC. These scripts will then expose internal path information of the host. Affected Installs All 1.5.x installs prior to and including 1.5.12 are affected. Solution Upgrade to latest Joomla! version (1.5.13 or newer). Reported by Juan Galiana Lara (Internet Security Auditors) Contact The JSST at the Joomla! Security Center.

SecurityFocus Vulnerabilities

SecurityFocus is the most comprehensive and trusted source of security information on the Internet. We are a vendor-neutral site that provides objective, timely and comprehensive security information to all members of the security community, from end users, security hobbyists and network administrators to security consultants, IT Managers, CIOs and CSOs.

Vuln: MediaCoder Remote Buffer Overflow Vulnerability MediaCoder Remote Buffer Overflow Vulnerability Vuln: SAP MaxDB 'serv.exe' Unspecified Remote Code Execution Vulnerability SAP MaxDB 'serv.exe' Unspecified Remote Code Execution Vulnerability Vuln: PHP xmlrpc Extension Multiple Remote Denial of Service Vulnerabilities PHP xmlrpc Extension Multiple Remote Denial of Service Vulnerabilities Vuln: Mozilla Firefox and SeaMonkey NTLM Credential Reflection Authentication Bypass Vulnerability Mozilla Firefox and SeaMonkey NTLM Credential Reflection Authentication Bypass Vulnerability Bugtraq: Sahana 0.6.2.2 Authentication Bypass Sahana 0.6.2.2 Authentication Bypass

(Dân trí)- Ở tuổi bát tuần, sức khoẻ của GS Hoàng Tụy không còn dồi dào nhưng trí tuệ của ông vẫn sáng láng và trái tim ông vẫn ngùn ngụt cháy như thời trai trẻ, đặc biệt là thái độ của một trí thức yêu nước với các vấn đề quốc kế dân sinh và giáo dục.Dưới đây là cuộc trò chuyện của GS Hoàng Tuỵ - n…