WIRKLICH FIXED: RSS feeds abonnieren!!!
A vulnerability was found in Huge-IT Joomla Slider Extension 1.0.9 and classified as critical. Affected by this issue is some unknown functionality. The manipulation leads to sql injection. This vulnerability is handled as CVE-2016-1000122. The attack may be launched remotely. There is no exploit available....
MMD-0052-2016 - SkidDDOS ELF infection Jan-Feb 2016
vom 1286.87 Punkte
Background These are the statistic comprehensional data for the infection of the ELF malware DDOS-er which its source codes we snagged and reported in previous MalwareMustDie blog post [link: MMD-0044-2015]. Some codes just slight obfuscated or silly crypted but is crack-able and you can figure it easily using the codes
MMD-0052-2016 - SkidDDOS ELF infection Jan-Feb 2016
vom 1286.87 Punkte
Background These are the statistic comprehensional data for the infection of the ELF malware DDOS-er which its source codes we snagged and reported in previous MalwareMustDie blog post [link: MMD-0044-2015]. Some codes just slight obfuscated or silly crypted but is crack-able and you can figure it easily using the codes
[20220301] - Core - Zip Slip within the Tar extractor
vom 1182.34 Punkte
Extracting a specifically crafted tar package could write files outside of the intended path. [CVE-2022-23793]
This vulnerability affects the following application versions:
Joomla 2.5.0
Joomla 2.5.1
Joo
[20220306] - Core - Inadequate validation of internal URLs
vom 1182.34 Punkte
Inadequate validation of URLs could result into an invalid check whether an redirect URL is internal or not [CVE-2022-23798].
This vulnerability affects the following application versions:
Joomla 2.5.0
Joomla 2.5.1
[20210703] Lack of enforced session termination
vom 1073.55 Punkte
Various CMS functions did not properly terminate existing user sessions when a user's password was changed or the user was blocked.
This vulnerability affects the following application versions:
Joomla 2.5.0
Joomla 2.5.1
[20210704] Privilege escalation through com_installer
vom 1073.55 Punkte
Install action in com_installer lacked the required hardcoded ACL checks for superusers, lead to various potential attack vectors. A default system wasn't affected, because by default com_installer is limited to super users already.
This vulnerabi
[20210701] XSS in JForm Rules field
vom 1073.55 Punkte
Inadequate escaping in the Rules field of the JForm API was leading to a XSS vulnerability.
This vulnerability affects the following application versions:
Joomla 2.5.0
Joomla 2.5.1
Joomla 2.5.2
[20210503] CSRF in data download endpoints
vom 1066.79 Punkte
A missing token check caused a CSRF vulnerability in data download endpoints in com_banners and com_sysinfo.
This vulnerability affects the following application versions:
Joomla 2.5.0
Joomla 2.5.1
Joo
[20210402] Inadequate filters on module layout settings
vom 1061.58 Punkte
Inadequate filters on module layout settings could lead to a LFI (Local File Inclusion).
CVE Number: CVE-2021-26031
This vulnerability affects the following application versions:
Joomla 2.5.0
Joomla 2.5.1
[20210309] Inadequate filtering of form contents could allow to overwrite the author field
vom 1054.06 Punkte
Inadequate filtering of form contents could allow to overwrite the author field. The affected core components were com_fields, com_categories, com_banners, com_contact, com_newsfeeds and com_tags.
CVE-2021-26029
This vulnerability affects the follo
[20210307] ACL violation within com_content frontend editing
vom 1054.06 Punkte
Incorrect ACL checks could allow unauthorized change of the category for an article.
CVE-2021-26027
This vulnerability affects the following application versions:
Joomla 2.5.0
Joomla 2.5.1
[20210306] com_media Allowed paths that were not intended for image uploads
vom 1054.06 Punkte
com_media allowed paths that were not intended for image uploads.
CVE-2021-23132
This vulnerability affects the following application versions:
Joomla 2.5.0
Joomla 2.5.1
Joomla 2.5.