Knowledge Sharing » Update http://blog.danigunawan.com "Say it... although a word..." Wed, 25 Jan 2012 00:14:12 +0000 en hourly 1 http://wordpress.org/?v=3.3.1 Joomla 1.5.13 Security Release http://blog.danigunawan.com/cms-joomla/joomla-1-5-13-security-release/ http://blog.danigunawan.com/cms-joomla/joomla-1-5-13-security-release/#comments Fri, 24 Jul 2009 03:11:05 +0000 Dagu http://blog.danigunawan.com/?p=567
  • New Release of Joomla 1.5.12
  • Improved Performance on the Release of Joomla 2.5
  • Joomla in the Future
    • ]]>     If you are a Joomla user, please upgrade your web immediately. From Joomla Official website: This is a security release and users are strongly encouraged to upgrade immediately.

    Joomla! Developer Vulnerability News

    [20090722] – Core – Missing JEXEC Check

    Posted: 22 Jul 2009 04:36 PM PDT

    • Project: Joomla!
    • SubProject: Framework
    • Severity: Moderate
    • Versions: 1.5.12 and all previous 1.5 releases
    • Exploit type: XSS
    • Reported Date: 2009-July-21
    • Fixed Date: 2009-July-22

    Description

    Some files were missing the check for JEXEC.  These scripts will then expose internal path information of the host.

    Affected Installs

    All 1.5.x installs prior to and including 1.5.12 are affected.

    Solution

    Upgrade to latest Joomla! version (1.5.13 or newer).

    Reported by Juan Galiana Lara (Internet Security Auditors)

    Contact

    The JSST at the Joomla! Security Center.

    [20090722] – Core – File Upload

    Posted: 22 Jul 2009 04:17 PM PDT

    • Project: Joomla!
    • SubProject: TinyMCE editor
    • Severity: Critical
    • Versions: 1.5.12
    • Exploit type: Image File upload
    • Reported Date: 2009-July-22
    • Fixed Date: 2009-July-22

    Description

    Tiny browser included with TinyMCE 3.0 editor allowed files to be uploaded and removed without logging in.

    Affected Installs

    Version 1.5.12 only

    Solution

    Upgrade to latest Joomla! version (1.5.13 or newer).

    Reported by Patrice Lazareff.

    Contact

    The JSST at the Joomla! Security Center.

    Download here

    Click here to download Joomla 1.5.13 (Full package)
    Click here to find an update package

    Related posts:

    1. New Release of Joomla 1.5.12
    2. Improved Performance on the Release of Joomla 2.5
    3. Joomla in the Future

    ]]>     http://blog.danigunawan.com/cms-joomla/joomla-1-5-13-security-release/feed/ 1     New Release of Joomla 1.5.12 http://blog.danigunawan.com/web/new-release-of-joomla-1-5-12/ http://blog.danigunawan.com/web/new-release-of-joomla-1-5-12/#comments Fri, 03 Jul 2009 12:38:36 +0000 Dagu http://blog.danigunawan.com/?p=561
  • Joomla 1.5.13 Security Release
  • Improved Performance on the Release of Joomla 2.5
  • Joomla in the Future
    • ]]>     From the Joomla Security newsletter, I know that there’s a new version of Joomla. But, my email provider sent it to spam folder. I just don’t know why.. huff.. :(

    From the official Joomla website:

    The Joomla Project is pleased to announce the immediate availability of Joomla 1.5.12 [Wojmamni Ama Woi]. This release contains a number of bug fixes and three moderate-level security fixes. It has been less than a month since Joomla 1.5.11 was released on June 3, 2009.

    This release marks an important milestone for the Joomla Project due to the upgrade of the PEAR library to the new BSD licensed version, which brings the codebase into full compliance with the GPL. In addition, this release contains an important upgrade to TinyMCE v 3.2.4.1.

    The Production Working Group’s goal is to continue to provide regular, frequent updates to the Joomla community.

    Download Joomla 1.5.12 (Full package)
    Download Joomla 1.5.11 > 1.5.12 update package
    All 1.5.12 Packages

    Related posts:

    1. Joomla 1.5.13 Security Release
    2. Improved Performance on the Release of Joomla 2.5
    3. Joomla in the Future

    ]]>     http://blog.danigunawan.com/web/new-release-of-joomla-1-5-12/feed/ 0