JH Shop - 'The ULTIMATE shopping cart solution for Joomla' - stable, reliable, feature-packed Joomla e-commerce. Sell online in minutes with JHShop, the definitive Virtuemart alternative for the serious Joomla e-commerce retailer. - Joomla Framework - JH Shop - 'The ULTIMATE shopping cart solution for Joomla' - stable, reliable, feature-packed Joomla e-commerce. Sell online in minutes with JHShop, the definitive Virtuemart alternative for the serious Joomla e-commerce retailer.

What our clients are saying about JHShop!

"I had been looking for a cart that would allow me to use vendors as well as to sell downloadable products. I tried using Virtuemart but with various complications. JHShop is by far the most useful system I have used for Joomla without having to bridge multiple scripts (which was my only other option)." Flashway

Joomla Framework

[20090723] - Core - com_mailto Timeout Issue

Joomla Framework

Tuesday, 01 December 2009 04:30

Project: Joomla!
SubProject: com_mailto
Severity: Low
Versions: 1.5.13 and all previous 1.5 releases
Exploit type: Email
Reported Date: 2009-July-28
Fixed Date: 2009-July-30

Description

In com_mailto, it was possible to bypass timeout protection against sending automated emails.

Affected Installs

All 1.5.x installs prior to and including 1.5.13 are affected.

Solution

Upgrade to latest Joomla! version (1.5.14 or newer).

Reported by WHK and Gerg? Erd?si

Contact

The JSST at the Joomla! Security Center.

Add new comment

Share This

[20090722] - Core - File Upload

Joomla Framework

Tuesday, 01 December 2009 04:30

Project: Joomla!
SubProject: TinyMCE editor
Severity: Critical
Versions: 1.5.12
Exploit type: Image File upload
Reported Date: 2009-July-22
Fixed Date: 2009-July-22

Description

Tiny browser included with TinyMCE 3.0 editor allowed files to be uploaded and removed without logging in.

Affected Installs

Version 1.5.12 only

Solution

Upgrade to latest Joomla! version (1.5.13 or newer).

Reported by Patrice Lazareff.

Contact

The JSST at the Joomla! Security Center.

Add new comment

Share This

[20090606] - Core - Missing JEXEC Check

Joomla Framework

Tuesday, 01 December 2009 04:30

Project: Joomla!
SubProject: Admin client
Severity: Moderate
Versions: 1.5.11 and all previous 1.5 releases
Exploit type: XSS
Reported Date: 2009-June-22
Fixed Date: 2009-June-30

Description

Some files were missing the check for JEXEC. These scripts will then expose internal path information of the host.

Affected Installs

All 1.5.x installs prior to and including 1.5.11 are affected.

Solution

Upgrade to latest Joomla! version (1.5.12 or newer).

Contact

The JSST at the Joomla! Security Center.

Add new comment

Share This

[20090605] - Core - Frontend XSS - PHP_SELF not properly filtered

Joomla Framework

Tuesday, 01 December 2009 04:30

Project: Joomla!
SubProject: Site client
Severity: Moderate
Versions: 1.5.11 and all previous 1.5 releases
Exploit type: XSS
Reported Date: 2009-June-03
Fixed Date: 2009-June-30

Description

An attacker can inject JavaScript code in a URL that will be executed in the context of targeted user browser.

Affected Installs

All 1.5.x installs prior to and including 1.5.11 are affected.

Solution

Upgrade to latest Joomla! version (1.5.12 or newer).

Reported By Paul Boekholt (Byte Internet)

Contact

The JSST at the Joomla! Security Center.

Add new comment

Share This

[20090604] - Core - Frontend XSS - HTTP_REFERER not properly filtered

Joomla Framework

Tuesday, 01 December 2009 04:30

Project: Joomla!
SubProject: Site client
Severity: Moderate
Versions: 1.5.11 and all previous 1.5 releases
Exploit type: XSS
Reported Date: 2009-June-30
Fixed Date: 2009-June-30

Description

An attacker can inject JavaScript or DHTML code that will be executed in the context of targeted user browser, allowing the attacker to steal cookies. HTTP_REFERER variable is not properly parsed.

Affected Installs

All 1.5.x installs prior to and including 1.5.11 are affected.

Solution

Upgrade to latest Joomla! version (1.5.12 or newer).

Reported by Juan Galiana Lara (Internet Security Auditors)

Contact

The JSST at the Joomla! Security Center.

Add new comment

Share This

<< Start < Prev 441 442 Next > End >>

Page 442 of 442

The Joomla ecommerce revolution has begun!

Turn your website into a revenue generating asset with the most powerful, affordable and easy-to-use Joomla ecommerce component on the market. Get JHShop for 50% less (promotion ends 23 October 2010). Find out why those who know JHShop, LOVE JHShop. From only $15.95...GET IT NOW!

Blog Categories

Latest Tags

What our clients are saying about JHShop!

Tags

Description

Affected Installs

Solution

Contact

Description

Affected Installs

Solution

Contact

Description

Affected Installs

Solution

Contact

Description

Affected Installs

Solution

Contact

Description

Affected Installs

Solution

Contact

Join our mailing list

Please fill the form below:
Your Name:
Your Email: