Blog

[20200706] – Core – System Information screen could expose redis or proxy credentials

Project: Joomla!
SubProject: CMS
Impact: Low
Severity: Low
Versions: 3.0.0-3.9.19
Exploit type: Information Disclosure
Reported Date: 2020-Jun-17
Fixed Date: 2020-July-14
CVE Number: CVE-2020-15698

Description
Inadequate filtering in the system infor…


July 14, 2020 0

[20200705] – Core – Escape mod_random_image link

Project: Joomla!
SubProject: CMS
Impact: Low
Severity: Low
Versions: 3.0.0-3.9.19
Exploit type: XSS
Reported Date: 2020-Jun-08
Fixed Date: 2020-July-14
CVE Number: CVE-2020-15696

Description
Lack of input filtering and escaping allows XSS attacks in …


July 14, 2020 0

[20200704] – Core – Variable tampering via user table class

Project: Joomla!
SubProject: CMS
Impact: Low
Severity: Low
Versions: 3.0.0-3.9.19
Exploit type: Incorrect Access Control
Reported Date: 2020-Jun-02
Fixed Date: 2020-July-14
CVE Number: CVE-2020-15697

Description
Internal read-only fields in the User …


July 14, 2020 0

[20200703] – Core – CSRF in com_privacy remove-request feature

Project: Joomla!
SubProject: CMS
Impact: Low
Severity: Low
Versions: 3.9.0-3.9.19
Exploit type: CSRF
Reported Date: 2020-May-07
Fixed Date: 2020-July-14
CVE Number: CVE-2020-15695

Description
A missing token check in the remove request section of com…


July 14, 2020 0

[20200702] – Core – Missing checks can lead to a broken usergroups table record

Project: Joomla!
SubProject: CMS
Impact: Moderate
Severity: Low
Versions: 2.5.0-3.9.19
Exploit type: Incorrect Access Control
Reported Date: 2020-April-04
Fixed Date: 2020-July-14
CVE Number: CVE-2020-15699

Description
Missing validation checks at th…


July 14, 2020 0

[20200701] – Core – CSRF in com_installer ajax_install endpoint

Project: Joomla!
SubProject: CMS
Impact: Low
Severity: Low
Versions: 3.7.0-3.9.19
Exploit type: CSRF
Reported Date: 2020-May-07
Fixed Date: 2020-July-14
CVE Number: CVE-2020-XXXXX

Description
A missing token check in the ajax_install endpoint com_ins…


July 14, 2020 0

[local] Windscribe 1.83 – ‘WindscribeService’ Unquoted Service Path

Windscribe 1.83 – ‘WindscribeService’ Unquoted Service Path


June 26, 2020 0

[local] KiteService 1.2020.618.0 – Unquoted Service Path

KiteService 1.2020.618.0 – Unquoted Service Path


June 26, 2020 0

[webapps] OpenEMR 5.0.1 – ‘controller’ Remote Code Execution

OpenEMR 5.0.1 – ‘controller’ Remote Code Execution


June 26, 2020 0

[remote] mySCADA myPRO 7 – Hardcoded Credentials

mySCADA myPRO 7 – Hardcoded Credentials


June 25, 2020 0