• Avviso sicurezza: [20170901] - Core - Information Disclosure
    • Project: Joomla!
    • SubProject: CMS
    • Severity: Low
    • Versions: 3.7.0 through 3.7.5
    • Exploit type: Information Disclosure
    • Reported Date: 2017-August-4
    • Fixed Date: 2017-September-19
    • CVE Number: CVE-2017-14595

    Description

    A logic bug in a SQL query could lead to the disclosure of article intro texts when these articles are in the archived state.

    Affected Installs

    Joomla! CMS versions 3.7.0 through 3.7.5

    Solution

    Upgrade to version 3.8.0

    Contact

    The JSST at the Joomla! Security Centre.

    Reported By: Michal Prochaczek

  • Avviso sicurezza: [20170902] - Core - LDAP Information Disclosure
    • Project: Joomla!
    • SubProject: CMS
    • Severity: Medium
    • Versions: 1.5.0 through 3.7.5
    • Exploit type: Information Disclosure
    • Reported Date: 2017-July-27
    • Fixed Date: 2017-September-19
    • CVE Number: CVE-2017-14596

    Description

    Inadequate escaping in the LDAP authentication plugin can result into a disclosure of username and password.

    Affected Installs

    Joomla! CMS versions 1.5.0 through 3.7.5

    Solution

    Upgrade to version 3.8.0

    Contact

    The JSST at the Joomla! Security Centre.

    Reported By: Dr. Johannes Dahse, RIPS Technologies GmbH

  • Avviso sicurezza: [20170704] - Core - Installer: Lack of Ownership Verification
    • Project: Joomla!
    • SubProject: CMS Installer
    • Severity: High
    • Versions: 1.0.0 through 3.7.3
    • Exploit type: Lack of Ownership Verification
    • Reported Date: 2017-Apr-06
    • Fixed Date: 2017-July-25
    • CVE Number: CVE-2017-11364

    Description

    The CMS installer application lacked a process to verify the users ownership of a webspace, potentially allowing users to gain control.

    Please note: Already installed sites are not affected, as this issue is limited to the installer application!

    Affected Installs

    Joomla! CMS versions 1.0.0 through 3.7.3

    Solution

    Upgrade to version 3.7.4

    Contact

    The JSST at the Joomla! Security Centre.

    Reported By: Hanno Böck

  • Avviso sicurezza: [20170705] - Core - XSS Vulnerability
    • Project: Joomla!
    • SubProject: CMS
    • Severity: Low
    • Versions: 1.5.0 through 3.7.3
    • Exploit type: XSS
    • Reported Date: 2017-April-26
    • Fixed Date: 2017-July-25
    • CVE Number: CVE-2017-11612

    Description

    Inadequate filtering of potentially malicious HTML tags leads to XSS vulnerabilities in various components.

    Affected Installs

    Joomla! CMS versions 1.5.0 through 3.7.3

    Solution

    Upgrade to version 3.7.4

    Contact

    The JSST at the Joomla! Security Centre.

    Reported By: Beat B, JSST

  • Avviso sicurezza: [20170701] - Core - Information Disclosure
    • Project: Joomla!
    • SubProject: CMS
    • Severity: High
    • Versions: 1.7.3 - 3.7.2
    • Exploit type: Information Disclosure
    • Reported Date: 2016-Feb-05
    • Fixed Date: 2017-July-04
    • CVE Number: CVE-2017-9933

    Description

    Improper cache invalidation leads to disclosure of form contents.

    Affected Installs

    Joomla! CMS versions 1.7.3-3.7.2

    Solution

    Upgrade to version 3.7.3

    Contact

    The JSST at the Joomla! Security Centre.

    Reported By: Jeff Channell

  • Avviso sicurezza: [20170702] - Core - XSS Vulnerability
    • Project: Joomla!
    • SubProject: CMS
    • Severity: High
    • Versions: 1.7.3 - 3.7.2
    • Exploit type: XSS
    • Reported Date: 2017-June-04
    • Fixed Date: 2017-July-04
    • CVE Number: CVE-2017-9934

    Description

    Missing CSRF token checks and improper input validation lead to an XSS vulnerability.

    Affected Installs

    Joomla! CMS versions 1.7.3-3.7.2

    Solution

    Upgrade to version 3.7.3

    Contact

    The JSST at the Joomla! Security Centre.

    Reported By: Envo

  • Avviso sicurezza: [20170703] - Core - XSS Vulnerability
    • Project: Joomla!
    • SubProject: CMS
    • Severity: Low
    • Versions: 1.5.0 through 3.7.2
    • Exploit type: XSS
    • Reported Date: 2017-June-22
    • Fixed Date: 2017-July-04
    • CVE Number: CVE-2017-7985

    Description

    Inadequate filtering of multibyte characters leads to XSS vulnerabilities in various components.

    Affected Installs

    Joomla! CMS versions 1.5.0 through 3.6.5

    Solution

    Upgrade to version 3.7.3

    Contact

    The JSST at the Joomla! Security Centre.

    Reported By: Fortinet's FortiGuard Labs

  • Avviso sicurezza: [20170501] - Core - SQL Injection
    • Project: Joomla!
    • SubProject: CMS
    • Severity: High
    • Versions: 3.7.0
    • Exploit type: SQL Injection
    • Reported Date: 2017-May-11
    • Fixed Date: 2017-May-17
    • CVE Number: CVE-2017-8917

    Description

    Inadequate filtering of request data leads to a SQL Injection vulnerability.

    Affected Installs

    Joomla! CMS versions 3.7.0

    Solution

    Upgrade to version 3.7.1

    Contact

    The JSST at the Joomla! Security Centre.

    Reported By: Marc-Alexandre Montpas / sucuri.net

  • Avviso sicurezza: [20170408] - Core - Information Disclosure
    • Project: Joomla!
    • SubProject: CMS
    • Severity: Low
    • Versions: 3.4.0 through 3.6.5
    • Exploit type: Information Disclosure
    • Reported Date: 2016-Feb-06
    • Fixed Date: 2017-April-25
    • CVE Number: CVE-2017-8057

    Description

    Multiple files caused full path disclosures on systems with enabled error reporting.

    Affected Installs

    Joomla! CMS versions 3.4.0 through 3.6.5

    Solution

    Upgrade to version 3.7.0

    Contact

    The JSST at the Joomla! Security Centre.

    Reported By: Sim of tencent security

  • Avviso sicurezza: [20170407] - Core - ACL Violations
    • Project: Joomla!
    • SubProject: CMS
    • Severity: Low
    • Versions: 3.2.0 through 3.6.5
    • Exploit type: ACL Violation
    • Reported Date: 2017-March-01
    • Fixed Date: 2017-April-25
    • CVE Number: CVE-2017-7989

    Description

    Inadequate mime type checks allowed low-privilege users to upload swf files even if they were explicitly forbidden.

    Affected Installs

    Joomla! CMS versions 3.2.0 through 3.6.5

    Solution

    Upgrade to version 3.7.0

    Contact

    The JSST at the Joomla! Security Centre.

    Reported By: Abdullah Hussam

Informazioni

Benvenuto nel tuo Pannello Admin.

Da queste pagine puoi facilmente accedere alle varie sezioni di amministrazione del tuo dominio e della tua Posta Elettronica.

Dal top menu scegli se accedere alla sezione PLESK o alla Web Mail e poi clicca sulle immagini per aprire la pagina desiderata.

Puoi anche accedere alla pagina di monitoraggio server, così da visualizzare i grafici sullo stato del server dove si trova residente il tuo dominio, oppure nella pagina di informazioni sulla configurazione PHP del tuo dominio..

Nella pagina "Notizie" troverai una selezione di link ad articoli riguardanti CSM, Internet e Software; nella sezione "Sicurezza" saranno visualizzati link ad articoli sulle vulnerabiltà scoperte nei principali CMS (Joomla, Wordpress, Drupal, PhpBB, ecc.).