Májusi Joomla biztonsági hibák
2010, május 31, hétfő | Szerző:

Ez úton közöljük az összegyűjtött májusi Joomla biztonsági hibákat, a már megszokott méretekkel rendelkezik:

2010.05.28.-2010.05.31.

  • Joomla Medi-QnA Component “controller” File Inclusion Vulnerability
  • Joomla “search” Cross-Site Scripting Vulnerability Input passed to the “search” parameter in administrator/index.php (when “option” is set to “com_users”, “com_trash”, “com_content”, “com_sections”, “com_categories”, “com_frontpage”, “com_messages”, “com_banners”, “com_contact”, “com_menus” when “task” is set to “view”, “com_newsfeeds”, “com_poll”, “com_weblinks”, “com_modules”, or “com_plugins”) is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user’s browser session in context of an affected site.
  • Joomla BF Quiz Component “catid” SQL Injection Vulnerability
  • Joomla My Car Component Two Vulnerabilities
  • Joomla com_quran SQL Injection vulnerability
  • Joomla Component com_g2bridge LFI vulnerability

2010.05.19.-2010.05.27.

  • Joomla Percha Multicategory Article Component “controller” File Inclusion
  • Joomla com_qpersonel SQL Injection Remote Exploit

2010.05.13.-2010.05.18.

  • Joomla Component FDione Form Wizard lfi vulnerability
  • Joomla Component Seber Cart (getPic.php) Local File Disclosure Vulnerability
  • Joomla Component advertising (com_aardvertiser) V2.0 Local File Inclusion Vulnerability
  • Joomla Component com_konsultasi (sid) SQL Injection Vulnerability
  • Joomla Component com_jequoteform – Local File Inclusion
  • Joomla Component JE Job Local File Inclusion Vulnerability
  • Joomla Component com_camp SQL Injection Vulnerability
  • Joomla Component MS Comment LFI Vulnerability
  • Joomla Component simpledownload LFI Vulnerability
  • Joomla Tárhely Component com_event another sql injection Vulnerability
  • Joomla Component com_event Multiple Vulnerabilities
  • Joomla Component com_crowdsource SQL Injection
  • Joomla Component com_packages SQL Injection Vulnerability
  • Joomla 3D Users Cloud Module “tagcloud” Cross-Site Scripting Vulnerability
  • Joomla JE Job Component Two Vulnerabilities
  • Joomla JE Ajax Event Calendar Component “view” File Inclusion Vulnerability
  • Joomla JE Quotation Form Component “view” File Inclusion Vulnerability

2010.05.07.-2010.05.12.

  • Joomla Module Camp26 Visitor Data 1.1 Remote code Execution
  • Joomla Custom PHP Pages Component com_php LFI Vulnerability
  • Joomla Camp26 VisitorData Module Shell Command Injection Vulnerability