PHPDeveloper.org: Secunia.com: Joomla! Multiple Vulnerabilities

	News Feed
	Jobs Feed

Sections

Tutorials

Books

Events

Talks

Jobs

Recent Jobs

Job Posting: Vermont Information Processing Seeks Senior/Lead PHP Developer (Burlington, VT)

Job Posting: Mediware Blood Center Technologies Seeks PHP Software Developer (Jacksonville, FL)

PHP Zone: Can Learning Drupal Get You a Job?

Job Posting: Tilllate Media Seeks Senior PHP Developer (Glasgow, UK)

Job Posting: Agency Matrix Seeks Senior Application Developer (Addison, TX)

Job Posting: HUGE Seeks Freelance Zend/WordPress Developer (Brooklyn, NY)

Job Posting: Abbott Laboratories Seeks PHP Developer (Irving, TX)

Job Posting: BetFair Seeks Lead Software Engineer (Web)

Job Posting: Uplifting Innovations Seeks Lead PHP Developer (Portland, OR)

Job Posting: Ganz Seeks PHP Developer (Toronto, Ontario)

News Archive

Matthew Weier O'Phinney's Blog: Module Bootstraps in Zend Framework: Do's and Don'ts

Pablo Viquez's Blog: Zend Framework Documentation

Johannes Schluter's Blog: Future of PHP 6

Ian Christian's Blog: Handling Uploaded file in symfony's admin generator

Jani Hartikainen's Blog: Should a failed function return a value or throw an exception?

Brian Swan's Blog: MSSQL vs. SQLSRV: What's the Difference? (Part 2)

Phil Sturgeon's Blog: CodeIgniter 2.0: Everything you need to know

Site News: Popular Posts for the Week of 03.12.2010

php|architect: Programming: you're doing it wrong

Brian Moon's Blog: PHP command line progress bar

Secunia.com:
Joomla! Multiple Vulnerabilities

by Chris Cornutt July 30, 2007 @ 10:26:00

Secunia.com reports that multiple vulnerabilities have been found in the Joomla! content management system:

Some vulnerabilities have been reported in Joomla!, which can be exploited by malicious people to conduct session fixation attacks, cross-site scripting attacks or HTTP response splitting attacks.

The issues are marked as "less critical" but users should still update to the latest version to avoid these issues:

Certain unspecified input passed in com_search, com_content and mod_login is not properly sanitised before being returned to a user
Input passed to the "url" parameter is not properly sanitised before being returned to the user. This can be exploited to insert arbitrary HTTP headers.
An error exists in the handling of sessions and can be exploited to hijack another user's session by tricking the user into logging in after following a specially crafted link.

See the original advisory post here.

0 comments voice your opinion now!
joomla content management cms vulnerability secunia joomla content management cms vulnerability secunia

Similar Posts

Community News: DreamStats "rootpath" File Inclusion Vulnerability Identified

Sitecritic.net: Simple Content Management in PHP Without Database Access

NewsForge: New kid on the blog: A look at Serendipity 1.0

Aaron Wormus' Blog: PHP CMS Historical Notes

Hardened-PHP Project: phpMyAdmin - error.php XSS Vulnerability

Community Events

Don't see your event here?
Let us know!

All content copyright, 2010 PHPDeveloper.org :: info@phpdeveloper.org - Powered by the Solar PHP Framework