Search

Advanced Search

Search Only:



Total: 44 results found.
Search Keyword vulnerability
Page 1 of 3
«StartPrev123NextEnd»
1.
(Code/Joomla!)
Joomla! versions before 3.5.0, including the 2.5.x series (likely all the way back to 1.6.0, no regression testing done) are vulnerable to reflective XSS: Joomla! 3.5.0 Reflective XSS ============================ http://[joomla ...
2.
(Comments/All)
... don't think about the consequences. Alan says 'don't shoot the messenger', well, I don't shoot the first messenger, but I do shoot the second one. Alan says "the vulnerability is Joomla's responsibility, ...
3.
(Comments/All)
Obviously Tijn has never heard the phrase "don't shoot the messenger". Let's be clear about this, the vulnerability is Joomla's responsibility, not Jeff's. As a member of the project, and the security ...
4.
(Code/Joomla!)
Joomla! 1.6.x/1.7.x/2.5.0-2.5.2 suffers from a privilege escalation vulnerability that allows users to be registered into any group not having 'core.admin' privileges. In order to be exploited, an ...
5.
(Code/Joomla!)
... lead to exploitation. Versions 1.5 through 1.7.1 are affected. Sites running unpatched versions of PHP already vulnerable to the "SplObjectStorage Deserialization Use-After-Free Vulnerability" ...
6.
(Code/Joomla!)
Back in February, I reported an issue with TinyMCE to the Joomla! Security Strike Team. Since then, they "fixed" it in 1.6.1, but failed to do so for 1.5.23. Joomla! 1.5.x ships with a script that is supposed ...
7.
(Code/Joomla!)
Now that 1.6.1 is officially released, I figured I'd go ahead and publish a few of the "sensitive" bugs I found in 1.6.0. So without further ado... Persistent XSS http://developer.joomla.org/security/news/331-20110204-core-xss-vulnerabilities Log ...
8.
(Code/Joomla!)
... Strike Team (JSST) <security@joomla.org> To: me@jeffchannell.com Thank you for your email regarding a new vulnerability. We will investigate this as quickly as we can to verify and confirm ...
9.
(Code/Joomla!)
Moset's Tree <= 2.1.6 for Joomla! does not use anti-CSRF tokens in its admin forms. Successful exploitation of this exploit requires the admin to be logged in & visit a malicious URL. <?php /**  ...
10.
(Code/Joomla!)
SOBI2's admin panel doesn't explicitly check for _POST requests, nor does it have a nonce. http://[victim]/administrator/index.php?stpl=default&returnTask=editTemplate&task=saveConfig&option=com_sobi2&editing=config&templateContent=[URL-Encoded ...
11.
(Code/Joomla!)
There is a file upload vulnerability in version 1.8.8 and earlier of JomSocial, the popular community extension for Joomla!. Successful exploitation of this exploit requires the site to be configured ...
12.
(Comments/All)
This has been addressed in the coming v2.4. Additionally, the above vulnerability is only possible only if you allow comment editing permissions to members in your site, usually "trusted" people.  ...
13.
(Code/Joomla!)
Mosets Tree suffers from a shell upload vulnerabilty caused by improperly checking the filetype of uploaded images. Tools used: Firefox web browser Firebug extension GIMP image editor Steps ...
14.
(Code/Joomla!)
K2 v2.3, the popular Joomla! CCK extension, suffers from persistent XSS vulnerabilities in its comment facility. Comment "Name" Field Persistent XSS " style="position:absolute;top:0px;left:0px;width:99em;height:99em" ...
15.
(Code/Joomla!)
JComments 2.2.0.0 suffers from a persistent XSS vulnerability in the way it handles certain BBCodes. If [url] and [img] tags are available, the following malformed BBCode will result in code execution: ...
16.
(Code/Joomla!)
Since the CompojoomComment Hacking Contest is now over, and I was the only winner, I figured I'd go ahead and share my winning entries. These vulnerabilities are present in CompojoomComment 4.1.5, and ...
17.
(Code/Joomla!)
Compojoom, developers of CompojoomComment, opened up a contest to hack their comment component. After being alerted to the contest by my good friend Lafrance, I took a peek and had a working XSS exploit ...
18.
(Code/Joomla!)
The Joomla component Lyften Bloggie was recently exposed to suffer from an SQL Injection vulnerability. Since I had a current client that was running this software, with no fix in sight, I decided to take ...
19.
(Code/Joomla!)
The Joomla component Ninjaboard 0.5.0beta suffers from multiple persistent XSS vulnerabilities in its BBCode implementation, as well as a minor CSRF vulnerability and a minor Path Disclosure vulnerability. ...
20.
(Code/Joomla!)
webee 1.1.1, a Joomla commenting plugin, suffers from multiple vulnerabilities. SQL Injection The 'articleId' is not sanitized. index2.php?option=com_webeecomment&task=default&articleId=999 union ...
Page 1 of 3
«StartPrev123NextEnd»

The Joomla!® name is used under a limited license from Open Source Matters in the United States and other countries. Jeff Channell is not affiliated with or endorsed by Open Source Matters or the Joomla!® Project.

Santorum
Joomla Extensions