[20130405] – Core – XSS Vulnerability
Project: Joomla! SubProject: All Severity: Low Versions: 2.5.9 and earlier 2.5.x versions. 3.0.3 and earlier 3.0.x versions. Exploit type: XSS Vulnerability Reported Date: 2013-February-26 Fixed Date: 2013-April-24 CVE Number: CVE-2013-3059 Description Inadequate filtering leads to XSS vulnerability in Voting plugin. Affected Installs Joomla! version 2.5.9 and earlier 2.5.x versions; and version 3.0.2 and earlier 3.0.x versions. Solution Upgrade to version 2.5.10, 3.1.0 or 3.0.4. Contact The JSST at the Joomla! Security Center. Reported By: Yannick Gaultier and Jeff Channell
Read more from the original source:
[20130405] – Core – XSS Vulnerability
[20130403] – Core – XSS Vulnerability
Project: Joomla! SubProject: All Severity: Moderate Versions: 2.5.9 and earlier 2.5.x versions. 3.0.3 and earlier 3.0.x versions. Exploit type: XSS Vulnerability Reported Date: 2013-March-9 Fixed Date: 2013-April-24 CVE Number: CVE-2013-3058 Description Inadequate filtering allows possibility of XSS exploit in some circumstances. Affected Installs Joomla! version 2.5.9 and earlier 2.5.x versions; and version 3.0.2 and earlier 3.0.x versions. Solution Upgrade to version 2.5.10, 3.1.0 or 3.0.4. Contact The JSST at the Joomla! Security Center. Reported By: James Kettle
Continued here:
[20130403] – Core – XSS Vulnerability
[20130404] – Core – XSS Vulnerability
Project: Joomla! SubProject: All Severity: Low Versions: 2.5.9 and earlier 2.5.x versions. 3.0.3 and earlier 3.0.x versions. Exploit type: XSS Vulnerability Reported Date: 2013-February-15 Fixed Date: 2013-April-24 CVE Number: None Description Use of old version of Flash-based file uploader leads to XSS vulnerability. Affected Installs Joomla! version 2.5.9 and earlier 2.5.x versions; and version 3.0.2 and earlier 3.0.x versions. Solution Upgrade to version 2.5.10, 3.1.0 or 3.0.4. Contact The JSST at the Joomla! Security Center. Reported By: Reginaldo Silva
See more here:
[20130404] – Core – XSS Vulnerability
[20130406] – Core – DOS Vulnerability
Project: Joomla! SubProject: All Severity: Moderate Versions: 2.5.9 and earlier 2.5.x versions. 3.0.3 and earlier 3.0.x versions. Exploit type: Denial of service vulnerability Reported Date: 2013-February-18 Fixed Date: 2013-April-24 CVE Number: CVE-2013-3242 Description Object unserialize method leads to possible denial of service vulnerability. Affected Installs Joomla! version 2.5.9 and earlier 2.5.x versions; and version 3.0.2 and earlier 3.0.x versions. Solution Upgrade to version 2.5.10, 3.1.0 or 3.0.4. Contact The JSST at the Joomla! Security Center. Reported By: Egidio Romano
Original post:
[20130406] – Core – DOS Vulnerability
[20130407] – Core – XSS Vulnerability
Project: Joomla! SubProject: All Severity: Low Versions: 2.5.9 and earlier 2.5.x versions. 3.0.3 and earlier 3.0.x versions. Exploit type: XSS Vulnerability Reported Date: 2013-April-17 Fixed Date: 2013-April-24 CVE Number: CVE-2013-3267 Description Inadequate filtering leads to XSS vulnerability in highlighter plugin. Affected Installs Joomla! version 2.5.9 and earlier 2.5.x versions; and version 3.0.2 and earlier 3.0.x versions. Solution Upgrade to version 2.5.10, 3.1.0 or 3.0.4. Contact The JSST at the Joomla! Security Center. Reported By: Vertical Pigeon
Read the original post:
[20130407] – Core – XSS Vulnerability
IP Mapping
This extension displays IP address locations within Google Map(s). It takes the ideas from a Joomla 1.5 extension Visitors Google Map Lite by Serdar Gokkus and builds upon the capability in a number of ways. It provides full Joomla 2.5 compatibility and implements a fully functional back end component. It is possible to store IP addresses against specified ‘reasons’ and display these upon a Google Map based upon the specified reasons. The developer uses it to display ’spam’ and ‘invalid logon’ attempts on the site to better understand the source of the ‘attacks’. The components displays the information upon Google Maps accessed through a configurable mapper module on the front end of the site. Multiple instances of the module can be used on the site. It uses Google Map API V3 and the IP geolocation API of IPInfoDB. In some circumstances the IPInfoDB information is not available and in these instances it obtains the IP geolocation from Geobytes as a backup. There are three distinct means of deriving the IP addresses to map: 1. Manual entry of an IP address. 2. Obtain IP addresses from Akeeba Admin Tools Pro Web Application Firewall log. 3. IP addresses of site visitors. Site visitor information can be captured by a ‘visitor agent’ module and stored within the component database table. These entries are dynamically controlled to ensure that the visitor IP addresses are only stored for the required time before being removed from the database table. Features of the component: 1. Google Map API V3 is used so no Google API KEY is required. 2. Clustering of existing markers. 3. Multiple map displays can be presented upon a single web page. 4. Size of maps are configurable. 5. Ability to load IP addresses from Akeeba Admin Tools Pro Web Application Firewall log. 6. Manual entry of IP addresses. 7. Private IP address ranges excluded from the search of the Geolocation sources. This extension comprises of a Joomla administrator compoment and two modules. com_ipmapping: This component provides control over the contents of the database tables and permits addition and modification of entries. mod_ipmapping_mapper: This module is responsible for the display of the Google Map(s) in the desired module position(s). It also makes use of the Google Closure compiler. mod_ipmapping_visitoragent: This module is responsible for the updating visitors information in the component database table.
Excerpt from:
IP Mapping
The New Joomla Framework
Over the last few months, the Platform team of maintainers and developers have been talking about future directions. One of our goals for this year is to introduce namespacing. This has been a very large undertaking and as work has progressed, it became obvious that backward compatibility was going to be a constant battle. One of the negative side-effects of this would be that the Joomla CMS wouldn’t be able to use the planned 13.1 release of the Platform for some time if we introduced namespacing in that version. After a lot of discussion both internally and with other developers in the community, in order to address the problem, as well as to take advantage of some new opportunities, we’ve decided to make some changes to the Platform.
Original post:
The New Joomla Framework
AutoTweetNG for EasyBlog
AutoTweetNG for EasyBlog posts from Joomla to social channels like Twitter, Facebook, LinkedIn and more. AutoTweetNG plugin for EasyBlog publishes your articles to social networks via AutoTweet NG. The plugin requires AutoTweetNG. AutoTweetNG product series posts title, text, images and url for new Joomla articles, forum posts etc. automatically as status messages to Twitter, Facebook and E-Mail accounts. AutoTweet is a great hub to integrate your blog with the world. We’ve developed this extension to integrate EasyBlog and AutoTweetNG. Features * New or updated articles from your blog are published to Facebook, Twitter, LinkedIn, etc. * Comments from your article are published to Facebook, Twitter, LinkedIn, etc. * Also, reaplies can be posted. * Autopublish / Manual approval * Comment and Reply templates * Numbers of characters restriction * Message Format: Title, and Image * Show URL * Show categories * Show categories as hashtag * Use title or text * Advanced: Source for title/text, Metakey/Tag count, Static text, and Position for text. * Filters by Categories (Included/Excluded) or User Change Log *** Version 6.4.0 – B1 *** – First compatible version for “Joomla 2.5/3″ — Version 6.3.0 — Initial Release
Read the original here:
AutoTweetNG for EasyBlog
PLT Meeting Notes – February 2013
Following are the meeting notes from the Production Leadership Team meeting held in February 2013.
Read more:
PLT Meeting Notes – February 2013
Joomla Platform LGPL Survey
The Joomla Platform Maintainers would like your feedback about whether, as a community, we want to change the license under which the Joomla Platform is released to the LGPL. It is felt that in moving to the LGPL, we will be able to allow more people to integrate the Joomla Platform with their software solutions, and that will translate to an increase in support for the Joomla project overall. Please give your feedback via the Joomla Platform LGPL Survey . This survey will remain open until the 2 January 2013. After the feedback is collected and reviewed, we will publish the results in a consolidated form and make a determination about what the next steps, if any, will be. Please note, the feedback relates only to the license of the Joomla Platform. There is no proposal to change the license of the Joomla CMS. The Joomla Platform Maintainers thank you in advance for your valued feedback.
Read more:
Joomla Platform LGPL Survey