Skip to content
  • Home
  • About
  • Services
    • Vulnerability and Threat Intelligence
    • Threat Modeling and Risk Assessment
    • Penetration Testing
    • Source Code Review
    • Security Research
    • Security Consulting
  • Training
    • Kernel exploitation
      • Training – November 2019 – CLOSED
    • Kernel development
    • Userland exploitation
  • Labs
    • Exploits
    • Publications
    • Security Alerts
      • Latest Security Alerts
      • Latest Modified Security Alerts
      • Latest Ordered Security Alerts
      • Search Security Alert
  • Blog
  • Contact
  • Language
    • English
    • Português

Allele Security Intelligence

Efficient information security services

Tag: Joomla

ASA-2019-00136 – Joomla: Missing ACL check in sample data plugins

Posted on March 14, 2019March 14, 2019 by Allele Security Intelligence in Alerts

The sample data plugins lack ACL checks, allowing unauthorized access.

Tagged ASA-2019-00136, CVE-2019-9713, Joomla, Missing ACL

ASA-2019-00135 – Joomla: Cross-Site Scripting (XSS) in media form field

Posted on March 14, 2019March 14, 2019 by Allele Security Intelligence in Alerts

The media form field lacks escaping, leading to a Cross-Site Scripting (XSS) vulnerability.

Tagged ASA-2019-00135, Cross-Site Scripting, Cross-Site Scripting (XSS), CVE-2019-9714, Joomla

ASA-2019-00134 – Joomla: Cross-Site Scripting (XSS) in item_title layout

Posted on March 14, 2019March 14, 2019 by Allele Security Intelligence in Alerts

The item_title layout in edit views lacks escaping, leading to a Cross-Site Scripting XSS vulnerability.

Tagged ASA-2019-00134, Cross-Site Scripting, Cross-Site Scripting (XSS), CVE-2019-9711, Joomla

ASA-2019-00133 – Joomla: Cross-Site Scripting (XSS) in com_config JSON handler

Posted on March 14, 2019March 14, 2019 by Allele Security Intelligence in Alerts

The JSON handler in com_config lacks input validation, leading to XSS vulnerability.

Tagged ASA-2019-00133, Cross-Site Scripting, Cross-Site Scripting (XSS), CVE-2019-9712, Joomla

ASA-2019-00081 – Joomla: Implement the TYPO3 PHAR stream wrapper

Posted on February 13, 2019February 13, 2019 by Allele Security Intelligence in Alerts

The phar:// stream wrapper can be used for objection injection attacks. We now disallow usage of the phar:// handler for non .phar-files within the CMS globally by implementing the TYPO3 PHAR stream wrapper.

Tagged ASA-2019-00081, CVE-2019-7743, Joomla, object injection

ASA-2019-00080 – Joomla: XSS Issue in core.js writeDynaList

Posted on February 13, 2019February 13, 2019 by Allele Security Intelligence in Alerts

Inadequate parameter handling in JS code could lead to an XSS attack vector.

Tagged ASA-2019-00080, Cross-Site Scripting (XSS), CVE-2019-7740, Joomla

ASA-2019-00079 – Joomla: Stored XSS issue in the Global Configuration help url

Posted on February 13, 2019February 13, 2019 by Allele Security Intelligence in Alerts

Inadequate checks at the Global Configuration helpurl settings allowed a stored XSS.

Tagged ASA-2019-00079, Cross-Site Scripting, CVE-2019-7741, Joomla

ASA-2019-00078 – Joomla: Additional warning in the Global Configuration textfilter settings

Posted on February 13, 2019February 13, 2019 by Allele Security Intelligence in Alerts

"No Filtering" textfilter overrides child settings in the Global Configuration. This is intended behavior but might be unexpected for the user. An additional message is now shown in the configuration dialog.

Tagged ASA-2019-00078, Cross-Site Scripting, CVE-2019-7739, Joomla

Posts navigation

Older posts
  • Twitter
  • Facebook
  • Github
  • Linkedin
  • RSS

Services

Vulnerability and Threat Intelligence

Threat Modeling and Risk Assessment

Penetration Testing

Source Code Review

Security Research

Security Consulting

Training

Kernel exploitation

Kernel development

Userland exploitation

Publications

Redução da superfície de ataque ao kernel do Linux – SEMCOMP 2019

Introdução à pesquisa em vulnerabilidades no núcleo do Linux – EnSI 2018

Introdução à pesquisa em vulnerabilidades no núcleo do Linux – RoadSec Salvador 2018

Rootkits em kernel space – Redshift, um rootkit para o kernel do FreeBSD

Public proofs of concept

CVE-2012-0217

CVE-2012-4576

latest security alerts

  • ASA-2020-00051 – Linux kernel: vsyscall page refcounting error September 16, 2020
  • ASA-2020-00050 – Linux kernel: Use-after-free vulnerability in cgroup BPF component September 16, 2020
  • ASA-2020-00049 – Linux kernel: Kernel stack information leak on s390/s390x platform September 12, 2020

Subscribe to our Blog

Enter your email address to subscribe to this blog and receive notifications of new posts by email.

© 2020 Allele Security Intelligence.
All rights reserved. Privacy Policy.