Zero-day vulnerabilities discovered: 2
Remote PHP code execution
The vulnerability allows a remote attacker to execute arbitrary PHP code on the target system.
The vulnerability exists due to insufficient filtration of HTTP User-Agent header and filter-search HTTP POST parameter before storing them into database. A remote unauthenticated attacker can permanently inject and execute arbitrary PHP code on the target system with privileges of the web server.
Successful exploitation of this vulnerability will allow a remote attacker to gain complete control over the vulnerable web application and execute arbitrary PHP code on the target system.
Note: this is a zero-day vulnerability and it is being exploited in the wild.
The vulnerability was used to compromise vulnerable websites for 16000 (sometimes - 20000) times per day.
Software: Joomla!
Links:
https://developer.joomla.org/security-centre/630-20151214-core-remote-code-execution-vulnerability.h...
https://www.trustwave.com/Resources/SpiderLabs-Blog/Joomla-0-Day-Exploited-In-the-Wild-(CVE-2015-856...
https://www.masergy.com/blog/joomla-remote-code-execution-vulnerability-cve-2015-8562
http://securityaffairs.co/wordpress/43108/cyber-crime/cve-2015-8562-joomla-flaw.html
https://www.liquidweb.com/kb/protecting-joomla-sites-against-cve-2015-8562/
https://security.berkeley.edu/news/joomla-core-150-345-remote-code-execution-cve-2015-8562
http://www.webhostingtalk.com/showthread.php?t=1536679
http://jaitsec.blogspot.com/2015/12/testing-joomla-for-cve-2015-8562.html
http://www.securityweek.com/vulnerable-joomla-servers-see-16000-daily-attacks
http://blogs.quickheal.com/joomla-exploit-cve-2015-8562-still-at-large/
http://news.softpedia.com/news/latest-joomla-vulnerability-targeted-by-attackers-16-600-times-per-da...
Arbitrary file upload
The vulnerability allows a remote attacker to execute arbitrary PHP code on the target system.The weakness was disclosed 08/01/2013 by Jens Hinrichsen.
Software: Joomla!
Links:
https://developer.joomla.org/security/563-20130801-core-unauthorised-uploads.html
http://www.cso.com.au/article/523528/joomla_patches_file_manager_vulnerability_responsible_hijacked_...
http://www.kb.cert.org/vuls/id/639620
http://niiconsulting.com/checkmate/2013/08/critical-joomla-file-upload-vulnerability/
https://blog.sucuri.net/2013/08/joomla-media-manager-attacks-in-the-wild.html
http://holisticinfosec.blogspot.com/2013/10/joomla-vulnerabilities-responsible.htm