By Eduard Kovacs on October 22, 2015
The developers of the popular content management systems (CMSs) Joomla and Drupal have released updates that address various types of security vulnerabilities.
Drupal 7.41, released on Wednesday, patches an open redirect flaw that has been rated “less critical.” The security hole, which exists in the Overlay module of the Drupal core, affects all 7.x versions of the CMS prior to 7.41.
The developers of Joomla announced on Thursday the availability of version 3.4.5, which addresses several vulnerabilities and brings security improvements to the UploadShield system.
Full Article
Security Flaws Patched in Joomla, Drupal
Userlevel 7
+54
Userlevel 7
Joomla! Releases Security Update for CMS
Original release date: October 23, 2015 | Last revised: October 24, 2015
Joomla! has released version 3.4.5 of its Content Management System (CMS) software to address multiple vulnerabilities. Exploitation of some of these vulnerabilities may allow a remote attacker to take control of an affected website.
US-CERT encourages users and administrators to review the Joomla! Release News and US-CERT's Alert on Content Management Systems Security and Associated Risks and apply the necessary update.
Source: https://www.us-cert.gov/ncas/current-activity/2015/10/23/Joomla-Releases-Security-Update-CMS
Original release date: October 23, 2015 | Last revised: October 24, 2015
Joomla! has released version 3.4.5 of its Content Management System (CMS) software to address multiple vulnerabilities. Exploitation of some of these vulnerabilities may allow a remote attacker to take control of an affected website.
US-CERT encourages users and administrators to review the Joomla! Release News and US-CERT's Alert on Content Management Systems Security and Associated Risks and apply the necessary update.
Source: https://www.us-cert.gov/ncas/current-activity/2015/10/23/Joomla-Releases-Security-Update-CMS
Userlevel 7
+54
IF you have not patched Joomla it is time you did.
By Eduard Kovacs on October 27, 2015
Within 24 hours of disclosure, Sucuri observed exploitation attempts against all the websites on its network. Researchers noticed two types of requests: ones designed to check if the website was running Joomla, and ones designed to exploit the SQL injection in an effort to obtain a valid admin user from the targeted site’s database. Many of these malicious requests came from the Tor anonymity network, experts noted.
The number of attempts detected by Sucuri increased considerably since the flaw was disclosed, reaching more than 12,000 daily hits by Monday. After a while, the attackers started sending out requests designed to determine if websites were running vulnerable versions of Joomla, most likely in an effort to increase chances of successful exploitation.
Full Article
By Eduard Kovacs on October 27, 2015
Within 24 hours of disclosure, Sucuri observed exploitation attempts against all the websites on its network. Researchers noticed two types of requests: ones designed to check if the website was running Joomla, and ones designed to exploit the SQL injection in an effort to obtain a valid admin user from the targeted site’s database. Many of these malicious requests came from the Tor anonymity network, experts noted.
The number of attempts detected by Sucuri increased considerably since the flaw was disclosed, reaching more than 12,000 daily hits by Monday. After a while, the attackers started sending out requests designed to determine if websites were running vulnerable versions of Joomla, most likely in an effort to increase chances of successful exploitation.
Full Article
Reply
Login to the community
No account yet? Create an account
Enter your username or e-mail address. We'll send you an e-mail with instructions to reset your password.