Rumah Belajar Indonesia

Using Extensions

! Developer Network - Security News

! - the dynamic portal engine and content management system
  1. [20120307] - Core - Information Disclosure
    • Project: !
    • SubProject: All
    • Severity: Low
    • Versions: 2.5.3 and all earlier 2.5.x versions
    • Exploit type: Information Disclosure
    • Reported Date: 2012-January-7
    • Fixed Date: 2012-April-2

    Description

    Inadequate permission checking allows unauthorised viewing of some administrative back end information.

    Affected Installs

    ! versions 2.5.3 and all earlier 2.5.x versions

    Solution

    Upgrade to version 2.5.4

    Reported by Cyrille Barthelemy

    Contact

    The JSST at the ! Security Center.

  2. [20120308] - Core - XSS Vulnerability
    • Project: !
    • SubProject: All
    • Severity: Low
    • Versions: 2.5.3 and all earlier 2.5.x versions
    • Exploit type: XSS Vulnerability
    • Reported Date: 2012-February-3
    • Fixed Date: 2012-April-2

    Description

    Inadequate filtering in update manager leads to XSS vulnerability.

    Affected Installs

    ! versions 2.5.3 and all earlier 2.5.x versions

    Solution

    Upgrade to version 2.5.4

    Reported by Alex Andreae

    Contact

    The JSST at the ! Security Center.

  3. [20120305] - Core - Password Change
    • Project: !
    • SubProject: All
    • Severity: High
    • Versions: 1.5.25 and all earlier 1.5.x versions
    • Exploit type: Password Change
    • Reported Date: 2012-March-8
    • Fixed Date: 2012-March-27

    Description

    Insufficient randomness leads to password reset vulnerability.

    Affected Installs

    ! versions 1.5.25 and all earlier 1.5.x versions

    Solution

    Upgrade to version 1.5.26

    Reported by George Argyros and Aggelos Kiayias

    Contact

    The JSST at the ! Security Center.

  4. [20120306] - Core - Information Disclosure
    • Project: !
    • SubProject: All
    • Severity: Low
    • Versions: 1.5.25 and all earlier 1.5.x versions
    • Exploit type: Information Disclosure
    • Reported Date: 2012-January-7
    • Fixed Date: 2012-March-27

    Description

    Inadequate permission checking allows unauthorised viewing of administrative back end information.

    Affected Installs

    ! versions 1.5.25 and all earlier 1.5.x versions

    Solution

    Upgrade to version 1.5.26

    Reported by Cyrille Barthelemy

    Contact

    The JSST at the ! Security Center.

  5. [20120304] - Core - Password Change
    • Project: !
    • SubProject: All
    • Severity: High
    • Versions: 2.5.2, 2.5.1, 2.5.0, and all 1.7.x and 1.6.x releases
    • Exploit type: Password Change
    • Reported Date: 2012-March-8
    • Fixed Date: 2012-March-15

    Description

    Insufficient randomness leads to password reset vulnerability.

    Affected Installs

    ! versions 2.5.2, 2.5.1, 2.5.0, and all 1.7.x and 1.6.x versions

    Solution

    Upgrade to version 2.5.3

    Reported by George Argyros and Aggelos Kiayias

    Contact

    The JSST at the ! Security Center.

 
 
You are here: Home enc-user rambo es