The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a database and tools to fix them.

Computer vulnerabilities of Joomla! Core

vulnerability announce CVE-2018-6376 CVE-2018-6377 CVE-2018-6379

Joomla Core: four vulnerabilities

Synthesis of the vulnerability

An attacker can use several vulnerabilities of Joomla Core.
Impacted products: Joomla! Core.
Severity: 2/4.
Consequences: client access/rights, data reading, data creation/edition, data deletion.
Provenance: document.
Number of vulnerabilities in this bulletin: 4.
Creation date: 30/01/2018.
Identifiers: CVE-2018-6376, CVE-2018-6377, CVE-2018-6379, CVE-2018-6380, VIGILANCE-VUL-25182.

Description of the vulnerability

An attacker can use several vulnerabilities of Joomla Core.
Full Vigil@nce bulletin... (Free trial)

vulnerability alert CVE-2017-14596 CVE-2017-16633 CVE-2017-16634

Joomla Core: three vulnerabilities

Synthesis of the vulnerability

An attacker can use several vulnerabilities of Joomla Core.
Impacted products: Joomla! Core.
Severity: 2/4.
Consequences: user access/rights, data reading.
Provenance: document.
Number of vulnerabilities in this bulletin: 3.
Creation date: 07/11/2017.
Identifiers: CERTFR-2017-AVI-396, CVE-2017-14596, CVE-2017-16633, CVE-2017-16634, VIGILANCE-VUL-24371.

Description of the vulnerability

An attacker can use several vulnerabilities of Joomla Core.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability CVE-2017-14595 CVE-2017-14596

Joomla Core: two vulnerabilities

Synthesis of the vulnerability

An attacker can use several vulnerabilities of Joomla Core.
Impacted products: Joomla! Core, Synology DSM, Synology DS***, Synology RS***.
Severity: 2/4.
Consequences: data reading.
Provenance: internet client.
Number of vulnerabilities in this bulletin: 2.
Creation date: 19/09/2017.
Identifiers: CERTFR-2017-AVI-315, CVE-2017-14595, CVE-2017-14596, Synology-SA-17:55, VIGILANCE-VUL-23875.

Description of the vulnerability

Several vulnerabilities were announced in Joomla Core.

An attacker can bypass security features via Intro Text, in order to obtain sensitive information. [severity:2/4; CVE-2017-14595]

An attacker can bypass security features via Username/Password, in order to obtain sensitive information. [severity:2/4; CVE-2017-14596]
Full Vigil@nce bulletin... (Free trial)

computer vulnerability alert CVE-2017-11364 CVE-2017-11612

Joomla Core: two vulnerabilities

Synthesis of the vulnerability

An attacker can use several vulnerabilities of Joomla Core.
Impacted products: Joomla! Core.
Severity: 2/4.
Consequences: privileged access/rights, client access/rights.
Provenance: document.
Number of vulnerabilities in this bulletin: 2.
Creation date: 26/07/2017.
Identifiers: CERTFR-2017-AVI-235, CVE-2017-11364, CVE-2017-11612, VIGILANCE-VUL-23366.

Description of the vulnerability

Several vulnerabilities were announced in Joomla Core.

An attacker can bypass security features via Installer, in order to escalate his privileges. [severity:2/4; CVE-2017-11364]

An attacker can trigger a Cross Site Scripting via HTML Tags, in order to run JavaScript code in the context of the web site. [severity:2/4; CVE-2017-11612]
Full Vigil@nce bulletin... (Free trial)

vulnerability CVE-2017-7985 CVE-2017-9933 CVE-2017-9934

Joomla: three vulnerabilities

Synthesis of the vulnerability

An attacker can use several vulnerabilities of Joomla.
Impacted products: Joomla! Core.
Severity: 2/4.
Consequences: client access/rights, data reading.
Provenance: document.
Number of vulnerabilities in this bulletin: 3.
Creation date: 04/07/2017.
Identifiers: CERTFR-2017-AVI-201, CVE-2017-7985, CVE-2017-9933, CVE-2017-9934, VIGILANCE-VUL-23130.

Description of the vulnerability

Several vulnerabilities were announced in Joomla.

An attacker can bypass security features via Form Contents, in order to obtain sensitive information. [severity:2/4; CVE-2017-9933]

An attacker can trigger a Cross Site Scripting, in order to run JavaScript code in the context of the web site. [severity:2/4; CVE-2017-9934]

An attacker can trigger a Cross Site Scripting via Multibyte Characters, in order to run JavaScript code in the context of the web site. [severity:2/4; CVE-2017-7985]
Full Vigil@nce bulletin... (Free trial)

computer vulnerability announce CVE-2017-8917

Joomla Core: SQL injection

Synthesis of the vulnerability

An attacker can use a SQL injection of Joomla Core, in order to read or alter data.
Impacted products: Joomla! Core.
Severity: 2/4.
Consequences: data reading, data creation/edition, data deletion.
Provenance: internet client.
Creation date: 18/05/2017.
Revision date: 22/05/2017.
Identifiers: CERTFR-2017-AVI-159, CVE-2017-8917, VIGILANCE-VUL-22757.

Description of the vulnerability

The Joomla Core product uses a database.

However, user's data are directly inserted in a SQL query.

An attacker can therefore use a SQL injection of Joomla Core, in order to read or alter data.
Full Vigil@nce bulletin... (Free trial)

vulnerability announce CVE-2017-7983 CVE-2017-7984 CVE-2017-7985

Joomla Core: eight vulnerabilities

Synthesis of the vulnerability

An attacker can use several vulnerabilities of Joomla Core.
Impacted products: Joomla! Core.
Severity: 2/4.
Consequences: client access/rights, data reading, data creation/edition.
Provenance: document.
Number of vulnerabilities in this bulletin: 8.
Creation date: 26/04/2017.
Identifiers: CERTFR-2017-AVI-201, CVE-2017-7983, CVE-2017-7984, CVE-2017-7985, CVE-2017-7986, CVE-2017-7987, CVE-2017-7988, CVE-2017-7989, CVE-2017-8057, VIGILANCE-VUL-22562.

Description of the vulnerability

Several vulnerabilities were announced in Joomla Core.

An attacker can bypass security features via PHPMailer Version, in order to obtain sensitive information. [severity:1/4; CVE-2017-7983]

An attacker can trigger a Cross Site Scripting via Template Manager Component, in order to run JavaScript code in the context of the web site. [severity:2/4; CVE-2017-7984]

An attacker can trigger a Cross Site Scripting via Multibyte Characters, in order to run JavaScript code in the context of the web site. [severity:2/4; CVE-2017-7985]

An attacker can trigger a Cross Site Scripting via HTML Attributes, in order to run JavaScript code in the context of the web site. [severity:2/4; CVE-2017-7986]

An attacker can trigger a Cross Site Scripting via Template Manager, in order to run JavaScript code in the context of the web site. [severity:2/4; CVE-2017-7987]

An attacker can bypass security features via ACL Violations, in order to escalate his privileges. [severity:2/4; CVE-2017-7988]

An attacker can bypass security features via ACL Violations, in order to escalate his privileges. [severity:1/4; CVE-2017-7989]

An attacker can bypass security features via Full Path, in order to obtain sensitive information. [severity:2/4; CVE-2017-8057]
Full Vigil@nce bulletin... (Free trial)

vulnerability bulletin CVE-2016-10033

PHPMailer: code execution

Synthesis of the vulnerability

An attacker can use a vulnerability of PHPMailer, in order to run code.
Impacted products: Debian, Drupal Modules ~ not comprehensive, BIG-IP Hardware, TMOS, Fedora, Joomla! Core, Joomla Extensions ~ not comprehensive, Synology DSM, Synology DS***, Synology RS***, Unix (platform) ~ not comprehensive, WordPress Core.
Severity: 3/4.
Consequences: user access/rights.
Provenance: internet client.
Creation date: 29/12/2016.
Revision date: 27/01/2017.
Identifiers: CVE-2016-10033, DLA-770-1, DLA-770-2, DRUPAL-SA-CONTRIB-2017-005, DRUPAL-SA-PSA-2016-004, DSA-3750-1, DSA-3750-2, FEDORA-2016-6941d25875, FEDORA-2017-c3dc97e1e1, K74977440, VIGILANCE-VUL-21463.

Description of the vulnerability

An attacker can use a vulnerability of PHPMailer, in order to run code.
Full Vigil@nce bulletin... (Free trial)

vulnerability announce CVE-2016-10045

PHPMailer: code execution

Synthesis of the vulnerability

An attacker can use a vulnerability of PHPMailer, in order to run code.
Impacted products: BIG-IP Hardware, TMOS, Fedora, Joomla! Core, Joomla Extensions ~ not comprehensive, Synology DSM, Synology DS***, Synology RS***, TYPO3 Extensions ~ not comprehensive, Unix (platform) ~ not comprehensive.
Severity: 3/4.
Consequences: user access/rights.
Provenance: internet client.
Creation date: 29/12/2016.
Revision date: 04/01/2017.
Identifiers: CVE-2016-10045, FEDORA-2016-6941d25875, FEDORA-2017-c3dc97e1e1, K73926196, TYPO3-EXT-SA-2017-004, TYPO3-EXT-SA-2017-005, TYPO3-EXT-SA-2017-006, VIGILANCE-VUL-21482.

Description of the vulnerability

An attacker can use a vulnerability of PHPMailer, in order to run code.
Full Vigil@nce bulletin... (Free trial)

vulnerability announce CVE-2016-9837 CVE-2016-9838

Joomla Core: three vulnerabilities

Synthesis of the vulnerability

An attacker can use several vulnerabilities of Joomla Core.
Impacted products: Joomla! Core.
Severity: 3/4.
Consequences: privileged access/rights, user access/rights, data reading, data creation/edition.
Provenance: internet client.
Number of vulnerabilities in this bulletin: 3.
Creation date: 14/12/2016.
Identifiers: CERTFR-2016-AVI-419, CVE-2016-9837, CVE-2016-9838, VIGILANCE-VUL-21382.

Description of the vulnerability

Several vulnerabilities were announced in Joomla Core.

An attacker can bypass security features via Session Data, in order to escalate his privileges. [severity:3/4; CVE-2016-9838]

An attacker can bypass security features via Beez3 com_content, in order to obtain sensitive information. [severity:2/4; CVE-2016-9837]

An attacker can bypass security features, in order to escalate his privileges. [severity:1/4]
Full Vigil@nce bulletin... (Free trial)
Our database contains other pages. You can request a free trial to read them.

Display information about Joomla! Core: