If you use the com object below and you can upgrade your site in one click and it will monitor Joomla for the latest and greatest.
Warning : If you hacked any core it will be overwritten. com_joomlaupdaterv1.4.0.zip Ozzie On Sat, Jan 10, 2009 at 9:19 AM, Donna Marie Vincent <[email protected]> wrote: > > ----- Forwarded Message ---- > From: Joomla! Developer - Vulnerability News <[email protected]> > To: [email protected] > Sent: Saturday, January 10, 2009 8:42:43 AM > Subject: Joomla! Security News > > Joomla! Security News > > [20090102] - Core - plg_xstandard Directory Traversal > > Posted: 09 Jan 2009 08:22 AM PST > > Project: Joomla! > SubProject: plg_xstandard > Severity: High > Versions: 1.5.8 and all previous 1.5 releases > Exploit type: Directory Traversal > Reported Date: 2009-January-7 > Fixed Date: 2009-January-9 > > Description > > A crafted request can cause disclosure of the directory structure on the > server (including any directory that php has access to). > > Affected Installs > > All 1.5.x installs prior to and including 1.5.8 are affected. > > Solution > > Upgrade to latest Joomla! version (1.5.9 or newer). > > Contact > > The JSST at the Joomla! Security Center. > > [20090101] - Core - JSession SSL Session Disclosure > > Posted: 09 Jan 2009 08:12 AM PST > > Project: Joomla! > SubProject: framework > Severity: Low > Versions: 1.5.8 and all previous 1.5 releases > Exploit type: Session Hijacking/ > Reported Date: 2008-November-20 > Fixed Date: 2009-January-9 > > Description > > When running a site under SSL ONLY (the entire site is forced to be under > ssl), Joomla! does not set the SSL flag on the cookie. This can allow > someone monitoring the network to find the cookie related to the session. > Please note that all data is still transferred securely. > > Affected Installs > > 1.5.8 and lower installs which are run with SSL only (no non-ssl access). > > Solution > > Upgrade to latest Joomla! version (1.5.8 or newer), and set force_ssl in > global configuration. Alternatively, the php setting session.secure_cookie > can be set in .htaccess or php.ini. Joomla! (all versions) will respect > this setting. > > Reported By Hanno Boeck > > Contact > > The JSST at the Joomla! Security Center. > > You are subscribed to email updates from Joomla! Developer - Vulnerability > News > To stop receiving these emails, you may unsubscribe now.Email delivery > powered by Google > Inbox too full? Subscribe to the feed version of Joomla! Developer - > Vulnerability News in a feed reader. > If you prefer to unsubscribe via postal mail, write to: Joomla! Developer - > Vulnerability News, c/o Google, 20 W Kinzie, Chicago IL USA 60610 > _______________________________________________ > New York PHP SIG: Joomla! Mailing List > http://lists.nyphp.org/mailman/listinfo/joomla > > NYPHPCon 2006 Presentations Online > http://www.nyphpcon.com > > Show Your Participation in New York PHP > http://www.nyphp.org/show_participation.php > _______________________________________________ New York PHP SIG: Joomla! Mailing List http://lists.nyphp.org/mailman/listinfo/joomla NYPHPCon 2006 Presentations Online http://www.nyphpcon.com Show Your Participation in New York PHP http://www.nyphp.org/show_participation.php
