Secunia Advisory SA53202

Category: Joomla

Description

Multiple vulnerabilities have been reported in Joomla!, which can be exploited by malicious users to bypass certain security restrictions and by malicious people to conduct cross-site scripting attacks and potentially cause a DoS (Denial of Service).

1) The application does not properly verify authorisation when deleting private messages. This can be exploited to e.g. delete otherwise inaccessible private messages.

2) The application does not properly verify authorisation when viewing permissions. This can be exploited to e.g. disclose otherwise inaccessible permission settings.

3) Certain unspecified input is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site.

4) Certain unspecified input related to the Flash-based file uploader is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site.

5) Certain unspecified input related to the Voting plugin is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site.

6) An unspecified error related to the "unserialize()" function can be exploited to potentially cause a DoS (Denial of Service).

7) Certain unspecified input related to the Highlighter plugin is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site.

The vulnerabilities are reported in versions prior to 2.5.10 and 3.1.0.

View original post here:
Secunia Advisory SA53202

Joomla 1.5 - Upload An Image To Media Manager - Video - March 11th, 2014 [March 11th, 2014]
Curso Joomla! 3.2 Bootstrap and Blank Template (parte 4) - Video - March 11th, 2014 [March 11th, 2014]
How to Install Joomla 2.5 Manually or Browser Installation - Video - March 11th, 2014 [March 11th, 2014]
Joomla Tutorial: 012 Create Survey's and Polls - Video - March 11th, 2014 [March 11th, 2014]
Joomla Tutrial: 008 Make Web Pages Show up in Joomla - Video - March 11th, 2014 [March 11th, 2014]
Joomla receives patches for zero-day SQL injection vulnerability, other flaws - March 11th, 2014 [March 11th, 2014]
Joomla receives patches for zero-day SQL injection vulnerability - March 11th, 2014 [March 11th, 2014]
9.- Webmastertool y extensiones joomla - Video - March 10th, 2014 [March 10th, 2014]
Responsive Music Player With Playlist Joomla Module - Video - March 10th, 2014 [March 10th, 2014]
js jobs joomla 3.0 - Video - March 10th, 2014 [March 10th, 2014]
Joomla Virtuemart new 2 version Stock Products category Placing How To place products Virtuemart - Video - March 10th, 2014 [March 10th, 2014]
How To Upload Shell in Joomla! Site - Video - March 10th, 2014 [March 10th, 2014]
Best Parallax Joomla Template 2014 - Video - March 10th, 2014 [March 10th, 2014]
Video tutorial how to increase search charaters in joomla 2 5 - Video - March 10th, 2014 [March 10th, 2014]
T-Download Store Overview - Video - March 10th, 2014 [March 10th, 2014]
Demo of Joomla Platform mobilefriendly app 405 - Video - March 9th, 2014 [March 9th, 2014]
Pastor 2 - Video - March 9th, 2014 [March 9th, 2014]
Joomla Marketing - Video - March 9th, 2014 [March 9th, 2014]
Joomla 3.x. How to manage Komento component integrations - Video - March 8th, 2014 [March 8th, 2014]
1.- Introduccin curso joomla 3x - Video - March 8th, 2014 [March 8th, 2014]
Curso de Joomla! 3.2 - Template Blank e Bootstrap (parte 1) - Video - March 8th, 2014 [March 8th, 2014]
T3 Framework - Admin area overview - General settings - Video - March 8th, 2014 [March 8th, 2014]
Curso de Joomla! 3.2 - Bootstrap e Blank Template (parte 3) - Video - March 8th, 2014 [March 8th, 2014]
Joomla! Resource Directory Unveiled at JoomlaDay Boston 2014 - March 8th, 2014 [March 8th, 2014]
Stock Photo OG-RAC-2012: Joomla - Video - March 6th, 2014 [March 6th, 2014]
Template Joomla! - Vida Yootheme Slideshow, Menu e Sidebar - Video - March 6th, 2014 [March 6th, 2014]
Curso de Joomla! 3.2 - vdeo-tutorial Blank Template (parte3) - Video - March 6th, 2014 [March 6th, 2014]
Curso de Joomla! 3.2 - vdeo-tutorial Blank Template (parte 5) - Video - March 6th, 2014 [March 6th, 2014]
Curso de Joomla! 3.2 - vdeo-tutorial Blank Template (parte 6) - Video - March 6th, 2014 [March 6th, 2014]
Curso de Joomla! 3.2 - Vdeo-tutorial Template Blank (parte 7) - Video - March 6th, 2014 [March 6th, 2014]
Sql Joomla By Root Devil - Video - March 6th, 2014 [March 6th, 2014]
How to Recover your Username and Password in Joomla 3 - Video - March 6th, 2014 [March 6th, 2014]
Preview Fashion Design School Joomla Template TMT - Video - March 6th, 2014 [March 6th, 2014]
How To Blog With Joomla - March 5 Joomla Detroit Meetup - Video - March 6th, 2014 [March 6th, 2014]
Joomla extension tutorial - JA Extension Manager Component - Video - March 5th, 2014 [March 5th, 2014]
The Best Free Responsive Joomla template ever - Purity III - Video - March 5th, 2014 [March 5th, 2014]
Not a drop in the bucket: More than 1 million websites now use Drupal - March 5th, 2014 [March 5th, 2014]
Joomla 2.5 - Configuracin global - Video - March 4th, 2014 [March 4th, 2014]
Setting External Links in Joomla 3 using JCE - Video - March 4th, 2014 [March 4th, 2014]
joomla 3.2 video tutorials for beginners, joomla 3.2 video tutorials step by step, - Video - March 4th, 2014 [March 4th, 2014]
The New CMS - March 4th, 2014 [March 4th, 2014]
Joomla! 3.2 - Publicando site no servidor com Akeeba Backup - Video - March 3rd, 2014 [March 3rd, 2014]
Best Hosting Video | How to add RSS Newsfeeds in Joomla 2.5 - Video - March 3rd, 2014 [March 3rd, 2014]
Joomla! 3.2 publicao do site com akeeba (parte 3) - Video - March 3rd, 2014 [March 3rd, 2014]
Joomla! 3.2 publicando site com akeeba (parte2) - Video - March 3rd, 2014 [March 3rd, 2014]
[SEMINARIO] Come creare un sito Joomla! in pochi passi - Video - March 3rd, 2014 [March 3rd, 2014]
Joomla extension tutorials - JA Multilingual Component - Video - March 3rd, 2014 [March 3rd, 2014]
Exploit Joomla site by JCE Editor using PHP Script and google dork - Video - March 3rd, 2014 [March 3rd, 2014]
Joomla! 3.2 vde-tutorial Blank Template (parte2) - Video - March 3rd, 2014 [March 3rd, 2014]
Preview Magnificent Beer Pub Joomla Template TMT - Video - March 2nd, 2014 [March 2nd, 2014]
Best Hosting Video | How to create a database backup of Joomla 2.5 using phpMyAdmin - Video - March 2nd, 2014 [March 2nd, 2014]
joomla installation step by step - Video - March 2nd, 2014 [March 2nd, 2014]
Preview University Responsive Joomla Template TMT - Video - March 2nd, 2014 [March 2nd, 2014]
how to install joomla 3-2-2 on localhost windows 7 easy 8 min - Video - February 28th, 2014 [February 28th, 2014]
Joomla! User Group Toronto Steering Committee Meeting 2014/02/26 - Video - February 28th, 2014 [February 28th, 2014]
Security Patch Joomla 1.5 - Video - February 28th, 2014 [February 28th, 2014]
NetHosting Adds Unprecedented Web Maintenance Service to Product Lineup - February 28th, 2014 [February 28th, 2014]
63 Agency - A Pro Joomla 2.5 / 3.0 Responsive Template - Video - February 27th, 2014 [February 27th, 2014]
joomla tutorial, joomla tutorials video, Joomla 3.2 Video Tutorials - Video - February 27th, 2014 [February 27th, 2014]
Joomla Destination Container - Video - February 27th, 2014 [February 27th, 2014]
Joomla! Framework Licensing Debate & Explaination - Video - February 27th, 2014 [February 27th, 2014]
Preview White Apparel Joomla Template by Jade TMT - Video - February 27th, 2014 [February 27th, 2014]
Best Hosting Video | How to create Featured (Front page) Articles in Joomla 2.5 - Video - February 27th, 2014 [February 27th, 2014]
Best Hosting Video | How to block or delete a Super Administrator in Joomla 2.5 - Video - February 27th, 2014 [February 27th, 2014]
Best Hosting Video | How to use Private Messaging in Joomla 2.5 - Video - February 27th, 2014 [February 27th, 2014]
Best Hosting Video | How to manage Weblinks in Joomla 2.5 - Video - February 27th, 2014 [February 27th, 2014]
Best Hosting Video | How to manage Languages in Joomla 2.5 - Video - February 27th, 2014 [February 27th, 2014]
Best Hosting Video | How to create a Login module in Joomla 2.5 - Video - February 27th, 2014 [February 27th, 2014]
ACL no Joomla! 3.2 - Video - February 25th, 2014 [February 25th, 2014]
Joomla! 3.2 Autenticao com TwoFactor - Video - February 25th, 2014 [February 25th, 2014]
JOOMLA 2.5 TUTORIAL LESSON 1 - Video - February 25th, 2014 [February 25th, 2014]
Buzzflash.com Launches a New Joomla Portal for Truthout News Organization - February 25th, 2014 [February 25th, 2014]
How to set user permissions in J!Extranet 5.0 and Joomla 2.5 - Video - February 25th, 2014 [February 25th, 2014]
View different folder permissions in J!Extranet 5.0 and Joomla 2.5 - Video - February 25th, 2014 [February 25th, 2014]
View user logs in J!Extranet 5.0 and Joomla 3.x - Video - February 25th, 2014 [February 25th, 2014]
How to upload files, delete files, create folders in J!Extranet 5.0 Extended version and Joomla 2.5 - Video - February 25th, 2014 [February 25th, 2014]
How to use My Vault in J!Extranet 5.0 and Joomla 3.x - Video - February 25th, 2014 [February 25th, 2014]
How to remove front-end menu items in J!Extranet 5.0 and Joomla 3.x - Video - February 25th, 2014 [February 25th, 2014]
How to set user permissions in J!Extranet 5.0 and Joomla 3.x - Video - February 25th, 2014 [February 25th, 2014]
How to move folders in J!Extranet 5.0 and Joomla 3.x - Video - February 25th, 2014 [February 25th, 2014]

April 25th, 2013

No comments yet

Comments are closed.

Mediaboss Marketing

Secunia Advisory SA53202

About

Pages

Categories

Media Sites

Recommended Sites

Archives