HelpSites

  • Subscribe to our RSS feed.
  • Twitter
  • StumbleUpon
  • Reddit
  • Facebook
  • Digg

Wednesday, August 13, 2008

Joomla! Password Reset/Remind Functionality vulnerability - update asap!

Posted on 5:43 AM by Unknown
There was a serious security vulnerability found in the popular CMS-software Joomla! (1.5.x, including 1.5.5).
The vulnerability/bug resides in the 'com_user/models/reset.php' where It allows an attacker to remotely change your Joomla administration password since it can reset the password for the first enabled user (admin user).



The exploit can be found here. It already affected a lot of Joomla! users. Example.
So if you are running Joomla! (1.5.x, including 1.5.5) then you should update asap to version 1.5.6 or newer.

More info here
Email ThisBlogThis!Share to XShare to Facebook
Posted in Exploits, hacks | No comments
Newer Post Older Post Home

0 comments:

Post a Comment

Subscribe to: Post Comments (Atom)

Popular Posts

  • 3 stubborn PC problems you can fix
    Copy from retired Microsoft at Work website (retired June 30, 2013), Copyright Microsoft.  3 stubborn PC problems you can fix Ever notice h...
  • Reminder for Forum owners
    This post is actually a reminder to my previous blog post http://miekiemoes.blogspot.com/2008/04/forum-owners-take-your-responsability.html ...
  • Forum owners - Take your responsibility!!
    After we had this , with a little update here , I'm still amazed how many website owners don't take responsibility. I was researchin...
  • Email-Worm.Win32.Locksky - new stubborn variant
    I was helping a user the other day where his computer was crippled with malware. We could successfully delete all other files, registry keys...
  • Beware Telenet.be users - Telenet.be phishing scam going around
    First of all - WOW! It has been ages I have blogged here ! I really should start to blog more often again. Work & life has kept me real ...
  • Miekiemoes rules ?? Yeah right...
    This is about the Searchengine Hijack I blogged about a couple of months ago. Files responsible for this hijack are sysaudio.sys or wdmaud...
  • Friendship
    The source of these images is unknown. They were in one of those forwarded emails -- you know, the type your friends are sure you will love...
  • Fake sysaudio.sys causes Searchengine Hijack
    What is this infection about... It actually loads a script, so searchengine results are loaded within a script. For example, when you resear...
  • 10 tips to help improve your wireless network
    Copy from the retired "Microsoft at Home" website (retired 30June2013), copyright Microsoft. 10 tips to help improve your wireless...
  • Joomla! Password Reset/Remind Functionality vulnerability - update asap!
    There was a serious security vulnerability found in the popular CMS-software Joomla! (1.5.x, including 1.5.5). The vulnerability/bug resides...

Categories

  • BlogTools
  • Compromised
  • databases
  • dogs
  • email
  • Exploits
  • Firefox
  • forums
  • Funny
  • hacks
  • Internet Explorer
  • Malware
  • Me
  • Mobile
  • Online Tools
  • Other
  • phish
  • Popups
  • Prevention
  • Rant
  • Recipe
  • Registry
  • Rogue
  • scam
  • Security Products
  • Slow computer
  • Software
  • spam
  • websites
  • Windows
  • Windows Update
  • Windows Vista

Blog Archive

  • ►  2013 (11)
    • ►  June (9)
    • ►  April (1)
    • ►  February (1)
  • ►  2012 (4)
    • ►  December (1)
    • ►  November (1)
    • ►  August (1)
    • ►  January (1)
  • ►  2011 (2)
    • ►  November (2)
  • ►  2010 (3)
    • ►  November (1)
    • ►  October (1)
    • ►  April (1)
  • ►  2009 (13)
    • ►  November (2)
    • ►  July (1)
    • ►  June (1)
    • ►  May (2)
    • ►  March (2)
    • ►  February (2)
    • ►  January (3)
  • ▼  2008 (71)
    • ►  December (1)
    • ►  November (8)
    • ►  October (5)
    • ►  September (5)
    • ▼  August (7)
      • Andromeda AV and AntiVirus PRO 2008 - new Rogue sc...
      • The Lists have moved
      • Your illegal internet activities are being logged
      • Joomla! Password Reset/Remind Functionality vulner...
      • Beware of fake email from Microsoft!
      • I don't use an Antivirus, because I have never bee...
      • In between message...
    • ►  July (5)
    • ►  June (12)
    • ►  May (8)
    • ►  April (6)
    • ►  March (5)
    • ►  February (9)
Powered by Blogger.

About Me

Unknown
View my complete profile