• Avviso sicurezza: [20171103] - Core - Information Disclosure
    • Project: Joomla!
    • SubProject: CMS
    • Severity: Low
    • Versions: 3.7.0 through 3.8.1
    • Exploit type: Information Disclosure
    • Reported Date: 2017-May-17
    • Fixed Date: 2017-November-07
    • CVE Number: CVE-2017-16633

    Description

    A logic bug in com_fields exposed read-only information about a site's custom fields to unauthorized users.

    Affected Installs

    Joomla! CMS versions 3.7.0 through 3.8.1

    Solution

    Upgrade to version 3.8.2

    Contact

    The JSST at the Joomla! Security Centre.

    Reported By: Internal JSST audit

  • Avviso sicurezza: [20171102] - Core - 2-factor-authentication bypass
    • Project: Joomla!
    • SubProject: CMS
    • Severity: Medium
    • Versions: 3.2.0 through 3.8.1
    • Exploit type: 
    • Reported Date: 2017-October-31
    • Fixed Date: 2017-November-07
    • CVE Number: CVE-2017-16634

    Description

    A bug allowed third parties to bypass a user's 2-factor-authentication method.

    Affected Installs

    Joomla! CMS versions 3.2.0 through 3.8.1

    Solution

    Upgrade to version 3.8.2

    Contact

    The JSST at the Joomla! Security Centre.

    Reported By: Yarince

  • Avviso sicurezza: [20171101] - Core - LDAP Information Disclosure
    • Project: Joomla!
    • SubProject: CMS
    • Severity: Medium
    • Versions: 1.5.0 through 3.8.1
    • Exploit type: Information Disclosure
    • Reported Date: 2017-October-06
    • Fixed Date: 2017-November-07
    • CVE Number: CVE-2017-14596

    Description

    Inadequate escaping in the LDAP authentication plugin can result in disclosure of username and password.

    Affected Installs

    Joomla! CMS versions 1.5.0 through 3.8.1

    Solution

    Upgrade to version 3.8.2

    Contact

    The JSST at the Joomla! Security Centre.

    Reported By: Dr. Johannes Dahse, RIPS Technologies GmbH

  • Avviso sicurezza: [20170901] - Core - Information Disclosure
    • Project: Joomla!
    • SubProject: CMS
    • Severity: Low
    • Versions: 3.7.0 through 3.7.5
    • Exploit type: Information Disclosure
    • Reported Date: 2017-August-4
    • Fixed Date: 2017-September-19
    • CVE Number: CVE-2017-14595

    Description

    A logic bug in a SQL query could lead to the disclosure of article intro texts when these articles are in the archived state.

    Affected Installs

    Joomla! CMS versions 3.7.0 through 3.7.5

    Solution

    Upgrade to version 3.8.0

    Contact

    The JSST at the Joomla! Security Centre.

    Reported By: Michal Prochaczek

  • Avviso sicurezza: [20170902] - Core - LDAP Information Disclosure
    • Project: Joomla!
    • SubProject: CMS
    • Severity: Medium
    • Versions: 1.5.0 through 3.7.5
    • Exploit type: Information Disclosure
    • Reported Date: 2017-July-27
    • Fixed Date: 2017-September-19
    • CVE Number: CVE-2017-14596

    Description

    Inadequate escaping in the LDAP authentication plugin can result into a disclosure of username and password.

    Affected Installs

    Joomla! CMS versions 1.5.0 through 3.7.5

    Solution

    Upgrade to version 3.8.0

    Contact

    The JSST at the Joomla! Security Centre.

    Reported By: Dr. Johannes Dahse, RIPS Technologies GmbH

  • Avviso sicurezza: [20170704] - Core - Installer: Lack of Ownership Verification
    • Project: Joomla!
    • SubProject: CMS Installer
    • Severity: High
    • Versions: 1.0.0 through 3.7.3
    • Exploit type: Lack of Ownership Verification
    • Reported Date: 2017-Apr-06
    • Fixed Date: 2017-July-25
    • CVE Number: CVE-2017-11364

    Description

    The CMS installer application lacked a process to verify the users ownership of a webspace, potentially allowing users to gain control.

    Please note: Already installed sites are not affected, as this issue is limited to the installer application!

    Affected Installs

    Joomla! CMS versions 1.0.0 through 3.7.3

    Solution

    Upgrade to version 3.7.4

    Contact

    The JSST at the Joomla! Security Centre.

    Reported By: Hanno Böck

  • Avviso sicurezza: [20170705] - Core - XSS Vulnerability
    • Project: Joomla!
    • SubProject: CMS
    • Severity: Low
    • Versions: 1.5.0 through 3.7.3
    • Exploit type: XSS
    • Reported Date: 2017-April-26
    • Fixed Date: 2017-July-25
    • CVE Number: CVE-2017-11612

    Description

    Inadequate filtering of potentially malicious HTML tags leads to XSS vulnerabilities in various components.

    Affected Installs

    Joomla! CMS versions 1.5.0 through 3.7.3

    Solution

    Upgrade to version 3.7.4

    Contact

    The JSST at the Joomla! Security Centre.

    Reported By: Beat B, JSST

  • Avviso sicurezza: [20170701] - Core - Information Disclosure
    • Project: Joomla!
    • SubProject: CMS
    • Severity: High
    • Versions: 1.7.3 - 3.7.2
    • Exploit type: Information Disclosure
    • Reported Date: 2016-Feb-05
    • Fixed Date: 2017-July-04
    • CVE Number: CVE-2017-9933

    Description

    Improper cache invalidation leads to disclosure of form contents.

    Affected Installs

    Joomla! CMS versions 1.7.3-3.7.2

    Solution

    Upgrade to version 3.7.3

    Contact

    The JSST at the Joomla! Security Centre.

    Reported By: Jeff Channell

  • Avviso sicurezza: [20170702] - Core - XSS Vulnerability
    • Project: Joomla!
    • SubProject: CMS
    • Severity: High
    • Versions: 1.7.3 - 3.7.2
    • Exploit type: XSS
    • Reported Date: 2017-June-04
    • Fixed Date: 2017-July-04
    • CVE Number: CVE-2017-9934

    Description

    Missing CSRF token checks and improper input validation lead to an XSS vulnerability.

    Affected Installs

    Joomla! CMS versions 1.7.3-3.7.2

    Solution

    Upgrade to version 3.7.3

    Contact

    The JSST at the Joomla! Security Centre.

    Reported By: Envo

  • Avviso sicurezza: [20170703] - Core - XSS Vulnerability
    • Project: Joomla!
    • SubProject: CMS
    • Severity: Low
    • Versions: 1.5.0 through 3.7.2
    • Exploit type: XSS
    • Reported Date: 2017-June-22
    • Fixed Date: 2017-July-04
    • CVE Number: CVE-2017-7985

    Description

    Inadequate filtering of multibyte characters leads to XSS vulnerabilities in various components.

    Affected Installs

    Joomla! CMS versions 1.5.0 through 3.6.5

    Solution

    Upgrade to version 3.7.3

    Contact

    The JSST at the Joomla! Security Centre.

    Reported By: Fortinet's FortiGuard Labs

Informazioni

Benvenuto nel tuo Pannello Admin.

Da queste pagine puoi facilmente accedere alle varie sezioni di amministrazione del tuo dominio e della tua Posta Elettronica.

Dal top menu scegli se accedere alla sezione PLESK o alla Web Mail e poi clicca sulle immagini per aprire la pagina desiderata.

Puoi anche accedere alla pagina di monitoraggio server, così da visualizzare i grafici sullo stato del server dove si trova residente il tuo dominio, oppure nella pagina di informazioni sulla configurazione PHP del tuo dominio..

Nella pagina "Notizie" troverai una selezione di link ad articoli riguardanti CSM, Internet e Software; nella sezione "Sicurezza" saranno visualizzati link ad articoli sulle vulnerabiltà scoperte nei principali CMS (Joomla, Wordpress, Drupal, PhpBB, ecc.).