Cartika Company and Application News

Joomla Security Bulletin - February 1, 2012

Fri, 03 Feb 2012 16:56:43 +0000

Joomla! Security News

[20120201] - Core - Information Disclosure
[20120202] - Core - Information Disclosure
[20120203] - Core - Information Disclosure

[20120201] - Core - Information Disclosure
Posted: 01 Feb 2012 09:25 PM PST

2]Project: Joomla!

2]SubProject: All

2]Severity: Low

2]Versions: 2.5.0 and 1.7.0 - 1.7.4

2]Exploit type: Information Disclosure

2]Reported Date: 2012-January-29

2]Fixed Date: 2012-February-02

Description

Inadequate validation leads to information disclosure in administrator.
Affected Installs

Joomla! version 2.5.0, 1.7.4, and all earlier 1.7.x versions
Solution

Upgrade to version 1.7.5 or 2.5.1 or higher
Reported by Jakub Galczyk
Contact

The JSST at the Joomla! Security Center.
[20120202] - Core - Information Disclosure
Posted: 01 Feb 2012 09:25 PM PST

2]Project: Joomla!

2]SubProject: All

2]Severity: Moderate

2]Versions: 1.7.4 and all earlier 1.7.x versions

2]Exploit type: Information Disclosure

2]Reported Date: 2012-January-06

2]Fixed Date: 2012-February-02

Description

On some servers the error log could be read by unauthorised users.
Affected Installs

Joomla! version 1.7.4 and all earlier 1.7.x versions
Solution

Upgrade to version 2.5.1 or 1.7.5 or higher
Reported by Alain Rivest
Contact

The JSST at the Joomla! Security Center.
[20120203] - Core - Information Disclosure
Posted: 01 Feb 2012 09:25 PM PST

2]Project: Joomla!

2]SubProject: All

2]Severity: Low

2]Versions: 2.5.0 and 1.7.0 - 1.7.4

2]Exploit type: Information Disclosure

2]Reported Date: 2012-January-29

2]Fixed Date: 2012-February-02

Description

Inadequate validation leads to path disclosure in administrator.
Affected Installs

Joomla! version 2.5.0, 1.7.4, and all earlier 1.7.x versions
Solution

Upgrade to version 2.5.1 or 1.7.5 or higher
Reported by Jakub Galczyk
Contact

The JSST at the Joomla! Security Center.

Joomla Security Bulletin - January 25, 2012

Wed, 25 Jan 2012 15:40:59 +0000

[20120101] - Core - Information Disclosure
[20120102] - Core - XSS Vulnerability
[20120103] - Core - Information Disclosure
[20120104] - Core - XSS Vulnerability

[20120101] - Core - Information Disclosure

Posted: 23 Jan 2012 01:45 AM PST
Project: Joomla! SubProject: All Severity: Low Versions: 1.7.3 and all earlier 1.7 and 1.6 versions Exploit type: Information Disclosure Reported Date: 2012-January-07 Fixed Date: 2012-January-24 Description Inadequate filtering leads to information disclosure. Affected Installs Joomla! version 1.7.3 and all earlier versions Solution Upgrade to version 1.7.4 or 2.5.0 or higher Reported by Cyrille Barthelemy Contact The JSST at the Joomla! Security Center.

[20120102] - Core - XSS Vulnerability
Posted: 23 Jan 2012 01:45 AM PST
Project: Joomla! SubProject: All Severity: Moderate Versions: 1.7.3 and all earlier 1.7 and 1.6 versions Exploit type: XSS Vulnerability Reported Date: 2011-November-16 Fixed Date: 2012-January-24 Description Inadequate filtering leads to XSS vulnerability. Affected Installs Joomla! version 1.7.3 and all earlier versions Solution Upgrade to version 1.7.4 or 2.5.0 or higher Reported by Ankita Kapadia Contact The JSST at the Joomla! Security Center.

[20120103] - Core - Information Disclosure
Posted: 23 Jan 2012 01:45 AM PST
Project: Joomla! SubProject: All Severity: Low Versions: 1.7.3 and all earlier 1.7 and 1.6 versions Exploit type: Information Disclosure Reported Date: 2011-December-19 Fixed Date: 2012-January-24 Description Inadequate filtering leads to information disclosure. Affected Installs Joomla! version 1.7.3 and all earlier versions Solution Upgrade to version 1.7.4 or 2.5.0 or higher Reported by Jean-Marie Simonet Contact The JSST at the Joomla! Security Center.

[20120104] - Core - XSS Vulnerability
Posted: 23 Jan 2012 01:45 AM PST
Project: Joomla! SubProject: All Severity: Moderate Versions: 1.7.3 and all earlier versions Exploit type: XSS Vulnerability Reported Date: 2012-January-22 Fixed Date: 2012-January-24 Description Inadequate filtering leads to XSS vulnerability. Affected Installs Joomla! version 1.7.3 and all earlier 1.7 and 1.6 versions Solution Upgrade to version 1.7.4 or 2.5.0 or higher Reported by David Jardin Contact The JSST at the Joomla! Security Center.

Joomla Security Bulletin - November 14, 2011

Mon, 14 Nov 2011 15:48:51 +0000

[20111102] - Core - Password Change
[20111103] - Core - Password Change
[20111101] - Core - XSS Vulnerability

[20111102] - Core - Password Change

Posted: 14 Nov 2011 08:33 PM PST

Project: Joomla!
SubProject: All
Severity: High
Versions: 1.7.2 and all 1.6.x versions
Exploit type: Password Change
Reported Date: 2011-October-28
Fixed Date: 2011-November-14

Description

Weak random number generation during password reset leads to possibility of changing a user's password.
Affected Installs

Joomla! version 1.7.2 and all earlier 1.7.x and 1.6.x versions
Solution

Upgrade to the latest Joomla! version (1.7.3 or later)
Reported by David Jardin
Contact

The JSST at the Joomla! Security Center.
[20111103] - Core - Password Change
Posted: 14 Nov 2011 08:33 PM PST

Project: Joomla!
SubProject: All
Severity: High
Versions: 1.5.24 and all earlier 1.5 versions
Exploit type: Password Change
Reported Date: 2011-October-28
Fixed Date: 2011-November-14

Description

Weak random number generation during password reset leads to possibility of changing a user's password.
Affected Installs

Joomla! version 1.5.24 and all earlier 1.5 versions
Solution

Upgrade to the latest Joomla! 1.5 version (1.5.25 or later)
Reported by David Jardin
Contact

The JSST at the Joomla! Security Center.
[20111101] - Core - XSS Vulnerability
Posted: 14 Nov 2011 08:33 PM PST

Project: Joomla!
SubProject: All
Severity: Medium
Versions: 1.7.2 and all 1.6.x versions
Exploit type: XSS
Reported Date: 2011-October-21
Fixed Date: 2011-November-14

Description

Inadequate filtering leads to XSS vulnerability in back end.
Affected Installs

Joomla! version 1.7.2 and all earlier 1.7.x and 1.6.x versions
Solution

Upgrade to the latest Joomla! version (1.7.3 or later)
Reported by Corné Hannema
Contact

The JSST at the Joomla! Security Center.

Joomla Security Bulletin - October 17, 2011

Tue, 18 Oct 2011 14:12:52 +0000

[20111001] - Core - Information Disclosure
[20111002] - Core - Information Disclosure
[20111003] - Core - Information Disclosure

[20111001] - Core - Information Disclosure

Posted: 17 Oct 2011 01:59 PM PDT
Project: Joomla!
SubProject: All
Severity: Moderate
Versions: 1.7.1
Exploit type: Information Disclosure
Reported Date: 2011-September-09
Fixed Date: 2011-October-17
Description

Weak encryption causes potential information disclosure.
Affected Installs

Joomla! version 1.7.1 and earlier
Solution

Upgrade to the latest Joomla! version (1.7.2 or later)
Reported by Jeff Channell
Contact

The JSST at the Joomla! Security Center.http://feeds.feedbur...tm_medium=email
[20111002] - Core - Information Disclosure
Posted: 17 Oct 2011 01:59 PM PDT
Project: Joomla!
SubProject: All
Severity: Low
Versions: 1.7.1
Exploit type: Information Disclosure
Reported Date: 2011-August-02
Fixed Date: 2011-October-17
Description

Inadequate error checking causes potential information disclosure.

Affected Installs

Joomla! version 1.7.1 and earlier
Solution

Upgrade to the latest Joomla! version (1.7.2 or later)
Reported by Aung Khant, YGN Ethical Hacker Group
Contact

The JSST at the Joomla! Security Center.
[20111003] - Core - Information Disclosure
Posted: 17 Oct 2011 01:59 PM PDT
Project: Joomla!
SubProject: All
Severity: Moderate
Versions: 1.5.23 and earlier
Exploit type: Information Disclosure
Reported Date: 2011-September-09
Fixed Date: 2011-October-17
Description

Weak encryption causes potential information disclosure.

Affected Installs
Joomla! version 1.5.23 and earlier
Solution

Upgrade to the latest Joomla! version (1.5.24 or later)
Reported by Jeff Channell
Contact

The JSST at the Joomla! Security Center.

Spamexperts releases a Press release naming Cartika as a key strategic partner

Mon, 17 Oct 2011 16:16:29 +0000

SpamExperts and Cartika IT Solutions team up under the SpamExperts' Hosting Partner Program

Amsterdam – October 11, 2011 – SpamExperts, the leading provider of e-mail security products from Amsterdam, happily announced today that Cartika has joined their Hosting Partner Program (HPP). Cartika, founded in Toronto, has established itself as a leader in Application Hosting and Hosting Technologies. As their home grown solutions and several appliances did not solve the predicaments caused by spam emails, Cartika implemented SpamExperts' centralized solutions which seamlessly integrated into their existing systems.

SpamExperts concentrates specifically on providing professional email security solutions for ISPs and webhosts. With over 6 years experience and determination, SpamExperts is safeguarding more than 50 million inboxes and is filtering more than 1.2 million domains worldwide. SpamExperts' services entail Incoming -and Outgoing Email Filtering and Email Archiving, which are available in the cloud or on premises.

According to Andrew Rouchotas, CEO of Cartika Inc., SpamExperts is very intriguing for webhosts. „The Spamexperts product is a very intriguing one for service providers. It is delivered in a manner which demonstrates their understanding of this market. Key value adds such as high
availability between our facilities, ability to install this solution on our existing hardware standards, a massive API to allow seamless integration into our systems and IPv6 support make this solution a no brainer for the service provider industry.“

„We are happy to join forces with such an innovative company such as Cartika.“ says Sam Renkema, CEO of SpamExperts. „Cartika shares our dedication to value creation for our clients. We both clearly understand our market which makes it very favorable for us to work together in order to increase the satisfaction of Cartika's clients. We expect that our joint partnership with Cartika will be one to last for many more years.“

About the HPP
The benefits of participating in SpamExperts' HPP are manifold. As a SpamExperts Hosting Partner your business will receive first class marketing support, multiple bulk discounts, joint press releases and publicity, lead referrals for smaller clients and assistance in roll out and customer adoption. Who wouldn't want that? And yes, it is 100% free.
Interested customers can visit the following link for more information to become a SpamExperts partner: http://partners.spamexperts.com

About Cartika
Founded in Toronto, Canada in May 2000, Cartika Inc. has established itself as a leader in Application Hosting and Hosting Technologies. Advanced web hosting facilities and technologies, combined with intricate knowledge in several best of breed Open Source and Commercial Applications, Cartika can web enable your core business processes.

About SpamExperts
SpamExperts delivers managed email security in the cloud or on premises, tailored for webhosts: Incoming -, outgoing email filtering, and email archiving. Reduce churn, increase revenue, be 100% secure! Full API & standard integration and automation plugins for cPanel, Parallels products, DirectAdmin; Redundant, synchronized, and scalable; 4-Tier controlpanel; multi-level branding options; 24/7 support & SLAs; Fast release cycles and frequent updates! For more information about Spamexperts visit: www.spamexperts.com