Following issues found in Joomla. Please upgrade your Joomla site to Version 3.7.0 as soon as possible.
[20170408] - Core - Information Disclosure
Posted: 25 Apr 2017 08:30 AM PDT
- Project: Joomla!
- SubProject: CMS
- Severity: Low
- Versions: 3.4.0 through 3.6.5
- Exploit type: Information Disclosure
- Reported Date: 2016-Feb-06
- Fixed Date: 2017-April-25
- CVE Number: CVE-2017-8057
Description
Multiple files caused full path disclosures on systems with enabled error reporting.
Affected Installs
Joomla! CMS versions 3.4.0 through 3.6.5
Solution
Upgrade to version 3.7.0
Contact
The JSST at the Joomla! Security Centre.
|
[20170407] - Core - ACL Violations Posted: 25 Apr 2017 08:30 AM PDT
DescriptionInadequate mime type checks allowed low-privilege users to upload swf files even if they were explicitly forbidden. Affected InstallsJoomla! CMS versions 3.2.0 through 3.6.5 SolutionUpgrade to version 3.7.0 ContactThe JSST at the Joomla! Security Centre. Reported By: Abdullah Hussam
 |
|
[20170406] - Core - ACL Violations Posted: 25 Apr 2017 08:30 AM PDT
DescriptionInadequate filtering of form contents lead allow to overwrite the author of an article. Affected InstallsJoomla! CMS versions 1.6.0 through 3.6.5 SolutionUpgrade to version 3.7.0 ContactThe JSST at the Joomla! Security Centre. Reported By: T-Systems Multimedia Solutions
 |
|
[20170405] - Core - XSS Vulnerability Posted: 25 Apr 2017 08:30 AM PDT
DescriptionInadequate escaping of file and folder names leads to XSS vulnerabilites in the template manager component. Affected InstallsJoomla! CMS versions 3.2.0 through 3.6.5 SolutionUpgrade to version 3.7.0 ContactThe JSST at the Joomla! Security Centre. Reported By: David Jardin
 |
|
[20170404] - Core - XSS Vulnerability Posted: 25 Apr 2017 08:30 AM PDT
DescriptionInadequate filtering of specific HTML attributes leads to XSS vulnerabilites in various components. Affected InstallsJoomla! CMS versions 1.5.0 through 3.6.5 SolutionUpgrade to version 3.7.0 ContactThe JSST at the Joomla! Security Centre. Reported By: Fortinet's FortiGuard Labs
 |
|
[20170403] - Core - XSS Vulnerability Posted: 25 Apr 2017 08:30 AM PDT
DescriptionInadequate filtering of multibyte characters leads to XSS vulnerabilites in various components. Affected InstallsJoomla! CMS versions 1.5.0 through 3.6.5 SolutionUpgrade to version 3.7.0 ContactThe JSST at the Joomla! Security Centre. Reported By: Fortinet's FortiGuard Labs
 |
|
[20170402] - Core - XSS Vulnerability Posted: 25 Apr 2017 08:30 AM PDT
DescriptionInadequate filtering leads to XSS in the template manager component. Affected InstallsJoomla! CMS versions 3.2.0 through 3.6.5 SolutionUpgrade to version 3.7.0 ContactThe JSST at the Joomla! Security Centre. Reported By: Chen Ruiqi
 |
|
[20170401] - Core - Information Disclosure Posted: 25 Apr 2017 08:30 AM PDT
DescriptionMail sent using the JMail API leaked the used PHPMailer version in the mail headers. Affected InstallsJoomla! CMS versions 1.5.0 through 3.6.5 SolutionUpgrade to version 3.7.0 ContactThe JSST at the Joomla! Security Centre. Reported By: Conor McKnight
|
