Browsing tag
Joomla, one of the most popular Open-source content management systems (CMS), last week announced a new data breach impacting 2,700 users who have an account with its resources directory (JRD) website, i.e., resources.joomla.org. The breach exposed affected users’ personal information, such as full names, business addresses, email addresses, phone numbers, and encrypted passwords. The company […]
A vulnerability testing specialist just revealed a zero-day vulnerability in versions of Joomla, the popular content management system (CMS) launched between September 2012 and December 2015. The vulnerability could reportedly pose a severe risk to thousands of websites worldwide. This flaw may seem too old, but in the case of Joomla! this might be irrelevant, […]
Vulnerability testing specialists have reported the presence of an unpatched zero-day vulnerability in the software of phpMyAdmin, one of the world’s most widely used MySQL and MariaDB database management applications. In addition to reporting the vulnerability, the experts published some details of the proof-of-concept for its exploitation. As mentioned before, phpMyAdmin is a free and […]
Web application security testing experts report that sites running Drupal, Joomla or TYPO3 are exposed to multiple variants of cyberattacks due to a vulnerability that hackers might exploit to run malicious code; patches to fix this bug have just been released, so web site administrators are encouraged to install corrections immediately. The vulnerability lies in PharStreamWrapper, an […]
Apparently, the malware attack is carried out by Russian speaking hackers. The IT security researchers at Zscaler have discovered a sophisticated malware campaign targeting websites based on WordPress and Joomla content management system (CMS). The campaign works in such a way that hackers take advantage of a hidden directory on HTTPS and exploit vulnerabilities in extensions, plugins, and themes […]
Since the web 2.0 development has become the common way to present a website to users these days, the manual programming of websites has been now old school. Most websites use a Content Management System backend to manage the publishing of the website’s frontend. One such mainstream CMS is Joomla, which has slowly but surely […]
Scan WordPress, Drupal, Joomla, vBulletin websites for Security issues. CMSScan provides a centralized Security Dashboard for CMS Security scans. It is powered by wpscan, droopescan, vbscan and joomscan. It supports both on demand and scheduled scans and has the ability to sent email reports. Install # Requires ruby, ruby-dev, gem, python3 and git git clone […]
Tool to identify if a domain is a CMS such as WordPress, Moodle, Joomla, Drupal or Prestashop. Use python cmssc4n.py -h _____ __ __ _____ _ _ / ____| / |/ ____| | || | | | | / | (___ ___ ___| || |_ _ __ | | | |/| |___ / __|/ __|__ […]
Researchers at RIPS Technologies discovered a login page vulnerability affecting Joomla versions between 1.5 and 3.7.5 that exposes admin credentials. Experts at RIPS Technologies discovered a login page flaw affecting Joomla versions between 1.5 and 3.7.5 that exposes admin credentials. The flaw affects Joomla installs when using Lightweight Directory Access Protocol (LDAP) authentication. Joomla implements LDAP access via TCP/IP […]
A critical SQL Injection Vulnerability( CVE-2017-8917) with Joomla! 3.7, if you are Joomla user it’s you need to update immediately. Joomla! is a content management system (CMS), that allows you to make websites and powerful on-line applications. A content management system software that keeps track of each piece of content on your internet site, very like […]
Latest Joomla Security Update Joomla Security Update 3.7.1 is now available. this is a security release for the 3.x series of Joomla! Which addresses one crucial safety flaw and several worm fixes. Joomla is a unfastened and open-source content management machine (CMS) for publishing internet content material. it is built on a version–view–controller internet application framework […]
Based on statistical data gathered by Sucuri from 7,937 compromised websites, WordPress, Joomla, and Magento, in this order, continued to be the most hacked CMS platforms in the third quarter of 2016 (months of July, August, and September). Among all hacked websites, 74% ran WordPress, which isn’t surprising if we take into account the CMS’ […]
The Joomla Project released version 3.6.5 of the Joomla CMS that addresses three security bugs, of which one can allow attackers to take over vulnerable sites. If this wasn’t bad enough, this vulnerability, tracked as CVE-2016-9838, affects all Joomla versions released in the past five years. More accurately, CVE-2016-9838 affects all sites running Joomla 1.6.0 […]
Patch to drop 1400 UTC, Tuesday. And the haste of its release suggests this is scary. The world’s second-favourite content management system, Joomla!, is warning of a critical security hole so bad its developers aren’t saying what it fixes. The Register understands a patch for the mystery hole will take the name of version 3.6.4 […]
Wave of attacks grows. Researchers advise sites to install just-released patch. Attackers are actively exploiting a critical remote command-execution vulnerability that has plagued the Joomla content management system for almost eight years, security researchers said. A patch for the vulnerability, which affects versions 1.5 through 3.4.5, was released Monday morning. It was too late: the bug […]
Our Remediation and Research teams are in constant communication and collaboration. It’s how we stay ahead of the latest threats, but it also presents an opportunity to identify interesting threats that aren’t new but may be reoccuring. Such as today’s post, in which we explore a case we shared close to two years ago where […]
Joomla on Thursday released a new version of its content management system, 3,4,5, that addresses a critical SQL injection vulnerability that could have let attackers gain access to data in the backend of any site running on the platform. The bug existed in versions 3.2 to 4.4.4 of the CMS, and would have to be combined […]