Security
×

Nachricht

Failed loading XML... attributes construct error Couldn't find end of Start Tag rss line 1 Extra content at the end of the document
CMS Security

CMS Security (2)

Im Sinne der Aktualität sind diese News grösstenteils in englischer Sprache.

  • [20190601] - Core - CSV injection in com_actionlogs

    Security Announcements Jun 11, 2019 | 02:00 am

    Project: Joomla!SubProject: CMSImpact: LowSeverity: LowVersions: 3.9.0 through 3.9.6Exploit type: CSV InjectionReported Date: 2019-April-29Fixed Date: 2019-June-11CVE Number: CVE-2019-12765DescriptionThe CSV export of com_actionslogs is vulnerable to CSV injection.Affected InstallsJoomla! CMS versions 3.9.0 through 3.9.6SolutionUpgrade to version 3.9.7ContactThe JSST at the Joomla! Security[…]

    Read more...
  • [20190602] - Core - XSS in subform field

    Security Announcements Jun 11, 2019 | 02:00 am

    Project: Joomla!SubProject: CMSImpact: ModerateSeverity: LowVersions: 3.6.0 through 3.9.6Exploit type: XSSReported Date: 2019-January-01Fixed Date: 2019-June-11CVE Number: CVE-2019-12766DescriptionThe subform fieldtype does not sufficiently filter or validate input of subfields, this leads to XSS attack vectors.Affected InstallsJoomla! CMS versions 3.6.0 through 3.9.6SolutionUpgrade to[…]

    Read more...
  • [20190603] - Core - ACL hardening of com_joomlaupdate

    Security Announcements Jun 11, 2019 | 02:00 am

    Project: Joomla!SubProject: CMSImpact: LowSeverity: LowVersions: 3.8.13 through 3.9.6Exploit type: Incorrect Access ControlReported Date: 2019-April-10Fixed Date: 2019-June-11CVE Number: CVE-2019-12764DescriptionThe update server URL of com_joomlaupdate can be manipulated by non Super-Admin users.Affected InstallsJoomla! CMS versions 3.8.13 through 3.9.6SolutionUpgrade to version 3.9.7ContactThe JSST[…]

    Read more...
  • [20190502] - Core - By-passing protection of Phar Stream Wrapper Interceptor

    Security Announcements May 8, 2019 | 02:00 am

    Project: Joomla!SubProject: CMSImpact: LowSeverity: LowVersions: 3.9.3 through 3.9.5Exploit type: Object InjectionReported Date: 2019-March-27Fixed Date: 2019-May-07DescriptionIn Joomla 3.9.3, the vulnerability of insecure deserialization when executing Phar archives was addressed by removing the known attack vector in the Joomla core. In order[…]

    Read more...
  • [20190501] - Core - XSS in com_users ACL debug views

    Security Announcements May 7, 2019 | 17:00 pm

    Project: Joomla!SubProject: CMSImpact: ModerateSeverity: LowVersions: 1.7.0 through 3.9.5Exploit type: XSSReported Date: 2019-April-29Fixed Date: 2019-May-07CVE Number: CVE-2019-11809DescriptionThe debug views of com_users do not properly escape user supplied data, which leads to a potential XSS attack vector.Affected InstallsJoomla! CMS versions 1.7.0 through[…]

    Read more...
  • Simple Image Gallery Pro v3.6.6 released

    Blog - JoomlaWorks Apr 17, 2019 | 20:27 pm

    Simple Image Gallery Pro v3.6.6 released Simple Image Gallery Pro v3.6.6 has just been released. This is a maintenance release.Here's what's been added or changed in Simple Image Gallery Pro with the release of v3.6.6:Fixed modal URL in frontend editing that affected Joomla 3.x users under certain SEF/path setups.Updated frontend[…]

    Read more...
  • [20190401] - Core - Directory Traversal in com_media

    Security Announcements Apr 9, 2019 | 17:00 pm

    Project: Joomla!SubProject: CMSImpact: ModerateSeverity: LowVersions: 1.5.0 through 3.9.4Exploit type: Directory TraversalReported Date: 2019-March-13Fixed Date: 2019-April-08CVE Number: CVE-2019-10945DescriptionThe Media Manager component does not properly sanitise the folder parameter, allowing attackers to act outside the media manager root directory.Affected InstallsJoomla! CMS versions 1.5.0[…]

    Read more...
  • [20190402] - Core - Helpsites refresh endpoint callable for unauthenticated users

    Security Announcements Apr 9, 2019 | 17:00 pm

    Project: Joomla!SubProject: CMSImpact: LowSeverity: HighVersions: 3.2.0 through 3.9.4Exploit type: ACL ViolationReported Date: 2019-March-13Fixed Date: 2019-April-08CVE Number: CVE-2019-10946DescriptionThe "refresh list of helpsites" endpoint of com_users lacks access checks, allowing calls from unauthenticated users.Affected InstallsJoomla! CMS versions 3.2.0 through 3.9.4SolutionUpgrade to version[…]

    Read more...
  • [20190403] - Core - Object.prototype pollution in JQuery $.extend

    Security Announcements Apr 9, 2019 | 17:00 pm

    Project: Joomla!SubProject: CMSImpact: LowSeverity: ModerateVersions: 3.0.0 through 3.9.4Exploit type: XSSReported Date: 2019-March-25Fixed Date: 2019-April-09CVE Number: CVE-2019-11358DescriptionThe $.extend method of JQuery is vulnerable to Object.prototype pollution attacks.Affected InstallsJoomla! CMS versions 3.0.0 through 3.9.4SolutionUpgrade to version 3.9.5ContactThe JSST at the Joomla! Security[…]

    Read more...
  • SocialConnect v1.9.0 released

    Blog - JoomlaWorks Apr 8, 2019 | 18:29 pm

    SocialConnect v1.9.0 released SocialConnect v1.9.0 has just been released. It mainly improves compatibility with Twitter and LinkedIn API updates (either already in force or soon to be enforced).Here's what's been added or changed in SocialConnect with the release of v1.9.0:Updated for recent Twitter API changes that[…]

    Read more...
  • RadioWave v1.1.0 released

    Blog - JoomlaWorks Apr 3, 2019 | 19:12 pm

    RadioWave v1.1.0 released RadioWave v1.1.0 has just been released. This is a bugfix and feature-improvement release.Here's what's been added or changed in RadioWave with the release of v1.1.0:Lots of K2 related fixes/improvements: use the new K2 modal introduced in v2.9.0, remove Google+ sharing[…]

    Read more...
  • [20190303] - Core - XSS in media form field

    Security Announcements Mar 12, 2019 | 16:00 pm

    Project: Joomla!SubProject: CMSImpact: LowSeverity: LowVersions: 3.0.0 through 3.9.3Exploit type: XSSReported Date: 2019-February-25Fixed Date: 2019-March-12CVE Number: CVE-2019-9714DescriptionThe media form field lacks escaping, leading to a XSS vulnerability.Affected InstallsJoomla! CMS versions 3.2.0 through 3.9.3SolutionUpgrade to version 3.9.4ContactThe JSST at the Joomla! Security[…]

    Read more...
  • [20190304] - Core - Missing ACL check in sample data plugins

    Security Announcements Mar 12, 2019 | 16:00 pm

    Project: Joomla!SubProject: CMSImpact: ModerateSeverity: HighVersions: 3.8.0 through 3.9.3Exploit type: XSSReported Date: 2019-February-28Fixed Date: 2019-March-12CVE Number: CVE-2019-9713DescriptionThe sample data plugins lack ACL checks, allowing unauthorized access.Affected InstallsJoomla! CMS versions 3.8.0 through 3.9.3SolutionUpgrade to version 3.9.4ContactThe JSST at the Joomla! Security Centre.Reported[…]

    Read more...
  • Simple Image Gallery Pro v3.6.5 released

    Blog - JoomlaWorks Feb 25, 2019 | 13:39 pm

    Simple Image Gallery Pro v3.6.5 released Simple Image Gallery Pro v3.6.5 has just been released. This is a feature-improvement release.Here's what's been added or changed in Simple Image Gallery Pro with the release of v3.6.5:Added a new "File size limit per uploaded image" option in the component's[…]

    Read more...
  • New milestone for K2 translations & an important message to the translation teams!

    Blog - JoomlaWorks Feb 15, 2019 | 18:38 pm

    New milestone for K2 translations & an important message to the translation teams! Wow! K2 translations have reached a new milestone! There are now 89 active language teams (out of 114 in total) with 849 active translators (out of 964 registered). As we are nearing the launch of K2 v2.10, translation teams have[…]

    Read more...
  • Simple Image Gallery Pro v3.6.4 released

    Blog - JoomlaWorks Feb 8, 2019 | 17:13 pm

    Simple Image Gallery Pro v3.6.4 released Simple Image Gallery Pro v3.6.4 has just been released. This is both a bugfix and feature-improvement release.Here's what's been added or changed in Simple Image Gallery Pro with the release of v3.6.4:New galleries added directly via the gallery form will not[…]

    Read more...
  • Simple RSS Feed Reader v3.7.0 released

    Blog - JoomlaWorks Feb 2, 2019 | 18:15 pm

    Simple RSS Feed Reader v3.7.0 released Today we're releasing v3.7.0 of Simple RSS Feed Reader, one of the most popular feed reader modules in the Joomla community.Here's what's added or changed in Simple RSS Feed Reader with the release of v3.7.0:Better filtering for imported linksUpdate JoomlaWorks[…]

    Read more...
  • Simple Image Gallery Pro v3.6.3 released

    Blog - JoomlaWorks Jan 9, 2019 | 01:50 am

    Simple Image Gallery Pro v3.6.3 released Simple Image Gallery Pro v3.6.3 has just been released. This is a bugfix release addressing a JS issue when using Simple Image Gallery Pro in K2 frontend editing.Here's what's been added or changed in Simple Image Gallery Pro with the release[…]

    Read more...
  • Simple Image Gallery Pro v3.6.2 released

    Blog - JoomlaWorks Dec 21, 2018 | 18:57 pm

    Simple Image Gallery Pro v3.6.2 released Simple Image Gallery Pro v3.6.2 has just been released. This new version primarily resolves a regular expression based bug that was introduced in v3.6.1.Here's what's been added or changed in Simple Image Gallery Pro with the release of v3.6.2:Fixed regular expression[…]

    Read more...
  • Simple Image Gallery Pro v3.6.1 released

    Blog - JoomlaWorks Dec 14, 2018 | 17:54 pm

    Simple Image Gallery Pro v3.6.1 released Just a day after we released Simple Image Gallery Pro v3.6.0, we're issuing a bugfix update (v3.6.1). Well, this is what happens when you release on the 13th :)Here's what's been added or changed in Simple Image Gallery Pro with the[…]

    Read more...
  • K2 v2.9.0 released

    blog Sep 21, 2018 | 18:14 pm

    K2 v2.9.0 released K2 v2.9.0 is now available to download for Joomla 1.5 to 3.x. In short, this release improves compatibility with the latest releases of Joomla 3.8.x & improves frontend performance overall.To install K2 for the first time or update your existing[…]

    Read more...
  • Rapicode, Multiple Extensions, Back Door

    Live VEL Mar 30, 2018 | 20:30 pm

    Rapicode, nultiple extensions, current versions, back doorExtensions affected are:-Rapi Content TickerRapi Content CarouselRapi Cookie ConsentRapi CountdownRapi PreloaderRapi Loading Progress BarRapi Page AnimateAt the moment the back door seems to be loading mining code, it can be used to load arbitrary[…]

    Read more...
  • Google Map Landkarten,4.2.3,SQL Injection

    Live VEL Mar 15, 2018 | 23:48 pm

    Google Map Landkarten from joomla-24.de, versions 4.2.3 and previous, SQL Injection

    Read more...
  • Fastball, SQL Injection

    Live VEL Mar 8, 2018 | 18:25 pm

    Fastball by Fastball Productions, versions yet to be determined but probably all, SQL Injection

    Read more...
  • File Download Tracker,3.0,SQL Injection

    Live VEL Mar 8, 2018 | 06:41 am

    File Download Tracker by techsolsystem.com, 3.0, SQL Injection

    Read more...
  • Simple Calendar,3.1.9,SQL Injection

    Live VEL Mar 7, 2018 | 18:26 pm

    Simple Calendar by Fabrizio Albonico, versions 3.1.9 and previous, SQL Injection

    Read more...
  • SquadManagement,1.0.3,SQL Injection

    Live VEL Mar 7, 2018 | 18:04 pm

    SquadManagement by Lars Hildebrandt, versions 1.0.3 and previous, SQL Injection

    Read more...
  • JMS Music,1.1.1,SQL Injection

    Live VEL Mar 5, 2018 | 17:08 pm

    JMS Music by Joomasters, versions 1.1.1 and previous, SQL Injection

    Read more...
  • JS Autoz ,1.0.9,SQL Injection

    Live VEL Mar 3, 2018 | 20:14 pm

    JS Autoz by Joomsky.com, 1.0.9 and previous, SQL Injection

    Read more...
  • Realpin,1.5.04,SQL Injection

    Live VEL Mar 1, 2018 | 19:07 pm

    Realpin by Marcel Törpe, versions 1.5.04 and previous, SQL Injection

    Read more...
  • Joomla! Pinterest Clone Social Pinboard,2.0,SQL Injection

    Live VEL Feb 28, 2018 | 19:37 pm

    Joomla! Pinterest Clone Social Pinboard from apptha.com, 2.0, multiple SQL Injection vulnerabilities

    Read more...
  • K2 v2.8.0 released

    blog Aug 18, 2017 | 14:59 pm

    K2 v2.8.0 released K2 v2.8.0 is now available to download for Joomla 1.5 to 3.x. This release improves the content management workflow and UI, is fully compatible with PHP 7.x and the latest Joomla 3.7.x, while at the same time addressing various issues from[…]

    Read more...
  • K2 v2.7.1 released

    blog Aug 4, 2016 | 03:12 am

    K2 v2.7.1 released K2 v2.7.1 is now available to download for Joomla 1.5 to 3.x. This is a minor release addressing various issues from performance to UI, to bug fixes and security.To install K2 for the first time or update your existing K2[…]

    Read more...
  • K2 Plugin for sh404SEF

    Updated Extensions - JoomlaWorks Mar 29, 2016 | 15:34 pm

    K2 Plugin for sh404SEF A plugin for supporting K2 in sh404SEF.Use the plugin to configure K2 URLs when using sh404SEF in a multitude of options.Unlike the previous built-in implementation for sh404SEF, this new plugin provides new URL manipulation options and it has dual compatibility[…]

    Read more...
  • K2 v2.7.0 released

    blog Mar 18, 2016 | 06:26 am

    K2 v2.7.0 released Start your update engines! K2 v2.7.0 is now available to download for Joomla 1.5 to 3.x. With a new improved user interface for the component in the Joomla backend, updated and now responsive-friendly default HTML overrides, Joomla 3.5 support, PHP[…]

    Read more...
  • K2 v3 to be presented in JoomlaDay Brasil 2015

    blog Aug 31, 2015 | 18:14 pm

    K2 v3 to be presented in JoomlaDay Brasil 2015 (originally posted in the JoomlaWorks blog) It's been a while, I know. You see, Joomla is not the only organization undergoing changes. So are we :)Part of this change is the introduction of new awesome products for Joomla including new templates,[…]

    Read more...
  • Video course on K2 for Joomla 3

    blog Mar 10, 2015 | 18:59 pm

    Video course on K2 for Joomla 3 Hi everyone. I'm Antonio Mercurio from Italy. I'm passioned about opensource software such as Joomla, Drupal, Wordpress and many others. I made a video course on K2 for Joomla 3 in Italian on the Udemy platform. The video course is[…]

    Read more...
  • Videocorso sul componente K2 versione 2.6.9 per Joomla 3

    blog Mar 10, 2015 | 18:50 pm

    Videocorso sul componente K2 versione 2.6.9 per Joomla 3 Ciao a tutti. Sono Antonio Mercurio dall'Italia. Per passione mi occupo di realizzare guide in formato e-book disponibili su Amazon e Google Play Store e di videoguide su youtube. Volevo informare la comunità di K2 che ho realizzato un videocorso[…]

    Read more...
  • K2 v2.6.9 released

    blog Dec 8, 2014 | 22:36 pm

    K2 v2.6.9 released K2 version 2.6.9 is now available to download. This is a quick maintenance release which addresses the item time problem introduced from changes in the Joomla API in the latest Joomla 3.3.x releases. The creation/modified time in K2 items would[…]

    Read more...
  • Update of the K2 Import / Export tool

    blog Sep 14, 2014 | 21:39 pm

    Update of the K2 Import / Export tool The tool to export data from K2 to a CSV file and to import data from a CSV file to K2 just got updated. 2.1 for Joomla 3.x changes: small bugfixesbetter date checksimport/export Hints + Item Parameters 1.3 for Joomla[…]

    Read more...
  • First beta of K2 version 3 is here

    blog Jul 22, 2014 | 00:51 am

    First beta of K2 version 3 is here Wow! What a ride!The first public beta release of K2 version 3 is finally here!It's been more than a year's work so far designing the application and actually building it, and now we're just a few months away from the[…]

    Read more...
  • SocialConnect

    Updated Extensions - JoomlaWorks Jan 23, 2013 | 15:06 pm

    SocialConnect SocialConnect allows your visitors to easily connect to your Joomla site using their favorite social network. But it's not just that - it brings a whole new meaning to the word "community" for Joomla and it's a perfect companion to[…]

    Read more...
  • K2

    Updated Extensions - JoomlaWorks Nov 5, 2012 | 23:00 pm

    K2 K2 is the popular powerful content extension for Joomla with CCK-like features. It provides an out-of-the box integrated solution featuring rich content forms for items (think of Joomla articles with additional fields for article images, videos, image galleries and attachments),[…]

    Read more...
  • Disqus Comments (for Joomla)

    Updated Extensions - JoomlaWorks Jul 25, 2012 | 23:00 pm

    Disqus Comments (for Joomla) Disqus Comments (for Joomla) integrates the Disqus comments system & service into any Joomla based website. Disqus (pronounced 'discuss') is a service and tool for web comments and discussions - currently the most popular comments-as-a-service provider worldwide. It makes commenting[…]

    Read more...
  • AllVideos

    Updated Extensions - JoomlaWorks Jul 11, 2012 | 23:00 pm

    AllVideos AllVideos (by JoomlaWorks) is truely THE all-in-one media management solution for Joomla. You can use the plugin to easily embed videos hosted on popular services like YouTube, Metacafe, Vimeo (and many more) inside your Joomla articles (content items). Additionally, it[…]

    Read more...
  • Simple Image Gallery

    Updated Extensions - JoomlaWorks Jul 11, 2012 | 23:00 pm

    Simple Image Gallery Adding image galleries inside your Joomla articles is now super-easy and simple, using the magical "Simple Image Gallery" plugin for Joomla. The plugin can turn any folder of images located inside your Joomla website into a grid-style image gallery with[…]

    Read more...
  • Frontpage SlideShow

    Updated Extensions - JoomlaWorks Jul 11, 2012 | 23:00 pm

    Frontpage SlideShow NEW VERSION 3.12 released in Oct 2018! Now fully responsive & Joomla 1.5 - 3.x compatible! Frontpage SlideShow is the easiest & most eye-catching way to display your featured articles or products in your Joomla website. It creates an uber[…]

    Read more...
  • Simple RSS Feed Reader

    Updated Extensions - JoomlaWorks Jul 11, 2012 | 23:00 pm

    Simple RSS Feed Reader Adding RSS/Atom syndicated content inside your Joomla website is now super-easy and simple with the 'Simple RSS Feed Reader' module from JoomlaWorks. All you have to do is add a few feeds to the module parameters, publish the module in[…]

    Read more...
  • Simple Image Gallery Pro

    Updated Extensions - JoomlaWorks Jul 11, 2012 | 23:00 pm

    Simple Image Gallery Pro NEW VERSION 3.6.6 released in April 2019!Adding image galleries inside your Joomla articles has never been easier! Using the "Simple Image Gallery PRO" extension from JoomlaWorks you can quickly display a folder of images on your server as a stylish[…]

    Read more...

Share This

Follow Us

Zum Seitenanfang