| Media Search: |
Joomla Tutorial: 012 Create Survey #39;s and Polls
Learn how to Create Survey #39;s and Polls in Joomla.
By: Siddique Hassan
Read more here:
Joomla Tutorial: 012 Create Survey's and Polls - Video
Recently released security updates for the popular Joomla content management system (CMS) address a SQL injection vulnerability that poses a high risk and can be exploited to extract information from the databases of Joomla-based sites.
The Joomla Project released versions 3.2.3 and 2.5.19 of the open-source CMS Thursday. Both updates address two cross-site scripting (XSS) vulnerabilities in core components, but version 3.2.3 also patches a SQL injection flaw, publicly disclosed in early February, and an unauthorized log-in flaw in the Gmail-based authentication plug-in.
The Joomla advisory for the SQL injection vulnerability is lacking technical details. It only notes that the flaw, whose severity is rated as high, stems from inadequate escaping and affects Joomla CMS versions 3.1.0 through 3.2.2.
However, security researchers from Web security firm Sucuri have linked the patch to a zero-day exploit that was published on the Internet on Feb. 6 and targets the weblinks-categories id parameter.
I actually had one of our developers investigate [the patched vulnerability] for us and the flaw is the same one that was publicly released a month ago on exploit-db [an exploit listing website], said Daniel Cid, Sucuris CTO, Monday via email. What really shocked us is that Joomla took almost a month to release a patch for it.
The Joomla Project did not immediately respond to a request for comment.
Successful exploitation of this vulnerability requires the affected site to use the Similar Tags module, researchers from vulnerability intelligence firm Secunia said in a security advisory. According to the official Joomla documentation, Similar Tags is one of the modules shipped by default with the CMS.
SQL injection is one of the most common types of flaws exploited by attackers to compromise websites. Depending on their specific technical details, these vulnerabilities allow attackers to inject rogue code into sites or steal sensitive data from their databases.
The SQL injection vulnerability recently patched by Joomla does not appear to allow code injection, just the manipulation of SELECT calls to extract information from the database, including user names and password hashes, Cid said.
This might explain why widespread attacks targeting the flaw have not been reported so far, even though an exploit for it has been available for over a month.
See the rest here:
Joomla receives patches for zero-day SQL injection vulnerability, other flaws
Recently released security updates for the popular Joomla CMS (content management system) address a SQL injection vulnerability that poses a high risk and can be exploited to extract information from the databases of Joomla-based sites.
The Joomla Project released versions 3.2.3 and 2.5.19 of the open-source CMS Thursday. Both updates address two cross-site scripting (XSS) vulnerabilities in core components, but version 3.2.3 also patches a SQL injection flaw, publicly disclosed in early February, and an unauthorized log-in flaw in the Gmail-based authentication plug-in.
[ Discover what's new in business applications with InfoWorld's Technology: Applications newsletter. | Get the latest insight on the tech news that matters from InfoWorld's Tech Watch blog. ]
The Joomla advisory for the SQL injection vulnerability is lacking technical details. It only notes that the flaw, whose severity is rated as high, stems from "inadequate escaping" and affects Joomla CMS versions 3.1.0 through 3.2.2.
However, security researchers from Web security firm Sucuri have linked the patch to a zero-day exploit that was published on the Internet on Feb. 6 and targets the weblinks-categories id parameter.
"I actually had one of our developers investigate [the patched vulnerability] for us and the flaw is the same one that was publicly released a month ago on exploit-db [an exploit listing website]," said Daniel Cid, Sucuri's CTO, Monday via email. "What really shocked us is that Joomla took almost a month to release a patch for it."
The Joomla Project did not immediately respond to a request for comment.
Successful exploitation of this vulnerability requires the affected site to use the Similar Tags module, researchers from vulnerability intelligence firm Secunia said in a security advisory. According to the official Joomla documentation, Similar Tags is one of the modules shipped by default with the CMS.
SQL injection is one of the most common types of flaws exploited by attackers to compromise websites. Depending on their specific technical details, these vulnerabilities allow attackers to inject rogue code into sites or steal sensitive data from their databases.
The SQL injection vulnerability recently patched by Joomla does not appear to allow code injection, just the manipulation of SELECT calls to extract information from the database, including user names and password hashes, Cid said.
Link:
Joomla receives patches for zero-day SQL injection vulnerability
BEIJING The anguished hours had turned into a day and a half. Fed up with awaiting word on the missing Malaysia Airlines plane, relatives of passengers in Beijing lashed out at the carrier with a handwritten ultimatum and an impromptu news conference.
From a room set aside at a hotel near the Beijing airport, a man with a black shirt emerged with a statement signed by about 100 of the relatives, saying that unless the carrier could give them some clarity, they would take their complaints to the Malaysian Embassy.
"We don't believe Malaysia Airlines anymore. Sorry everyone, we just don't believe them anymore," the man, who refused to give his name, told a crowd of reporters Sunday.
By this time, the airline already had dispatched dozens of caregivers to Beijing and assigned one to each family, provided accommodation, food, transport and financial assistance. It said it was providing regular updates despite a lack of information about the plane, which disappeared from radar while heading from Kuala Lumpur to Beijing.
But the initial disorder of Malaysia Airlines' response Saturday, and its lack of official contact with relatives in the early going set the tone for the ensuing hours of waiting.
"One of the most important things to remember here," said Frank Taylor, director of an aviation safety center at Cranfield University in Britain, "is that it's much easier to stand down staff after an initial over-reaction than to play catch-up after an initial under-reaction."
The relatives had expected the plane's arrival at 6:30 a.m. Saturday. About four hours later, a handwritten note was posted on a white board in the arrival hall advising relatives to use a shuttle service to go to the Lido Hotel to await information. "It can't be good," said one weeping woman aboard the first bus.
But when the family members got there, they wandered around lost and distressed before hotel staff apparently unprepared escorted them into a private area. It was several more hours before an airline spokesman made a brief statement to reporters, providing little information.
Faced with an emergency, the airline said it was doing all it can. The uncertainty over the plane's whereabouts was frustrating relatives, but also hindering the carrier's ability to respond: It's difficult to deliver a clear message with so much still unclear.
"We're literally trying to find out what happened and until you actually find the aircraft you have no way of knowing what actually went on there," the airline's commercial director Hugh Dunleavy told The Associated Press on Sunday. "Our main focus has been to come here, meet the families, give them as much information as we can but without raising false hopes."
Continue reading here:
Malaysia Airlines' lack of early word on missing plane angers many Beijing relatives
DGAP-News: Ekotechnika GmbH / Key word(s): Bond Ekotechnika GmbH: Creditreform adjusts rating outlook to 'watch'
10.03.2014 / 12:00
=--------------------------------------------------------------------
Ekotechnika GmbH: Creditreform adjusts rating outlook to "watch"
Walldorf, 10 March 2014 - In view of the ongoing crisis in Crimea, the Ukrainian peninsula, Creditreform Rating AG has adjusted the rating of Ekotechnika GmbH from B (outlook: stable) to B (outlook: watch). Such adjustments were made for several companies which, like Ekotechnika, are active in Russia or Ukraine and which may be affected by potential sanctions or exchange rate affects resulting from the crisis.
From Ekotechnika's point of view, the current political crisis in Crimea has so far not had any material impact on sales of international agricultural machinery. As explained in the press release dated 6 March 2014 - which was published on the occasion of Creditreform's regular adjustment of Ekotechnika's rating -, a depreciation of the rouble has both positive and negative impacts on the figures of Ekotechnika. The risk of trade barriers for foreign agricultural equipment is considered to be low at present. As a precautionary measure, however, the company has discussed measures with all major suppliers to maintain adequate inventories on the one hand and to be prepared for a possible drop in demand on the other hand. Above and beyond this, the current crisis has led to the Russian government attaching even greater importance to a functioning agricultural sector. At the end of 2013, German national Stefan Drr, majority shareholder of Ekotechnika, was additionally granted Russian nationality by the President in recognition of his achievements for Russia's agricultural industry. He maintains a regular exchange with political and economic decision-makers in order to secure positive conditions for the company's business activities.
About Ekotechnika
Walldorf-based Ekotechnika GmbH is the German holding company of the Ekoniva-Technika Group, the largest distributor of agriculture equipment in Russia. The company's single most important supplier is John Deere & Co., the world's leading manufacturer in this field. In addition, Ekotechnika sells equipment from another 11 market-leading manufacturers. Its main business is in selling new equipment such as tractors but also milking equipment and precision farming technology. In addition, the company sells spare parts and provides service and maintenance. Ekotechnika's founder and main shareholder is Stefan Drr, who has been active in the Russian farming sector since the late eighties and has been instrumental in its modernisation over the past two decades. In 2011 the equipment business was separated from the farming business, which now operates independently under the name Ekosem-Agrar. Operating 12 locations in attractive Russian farming regions, Ekotechnika today employs 625 people and generates sales of EUR 212 million.
Contact
Ekotechnika GmbH // Johann-Jakob-Astor-Str. 49 // 69190 Walldorf // P: +49 (0) 6227 3 58 59 60 // E: presse@ekotechnika.de // http://www.ekotechnika.de
Read more from the original source:
PRESS RELEASE: Ekotechnika GmbH: Creditreform adjusts rating outlook to 'watch'