Zero-day vulnerabilities discovered: 1
Arbitrary file upload
The vulnerability allows a remote attacker to execute arbitrary PHP code on the target system.The weakness was disclosed 08/01/2013 by Jens Hinrichsen.
Software: Joomla!
Links:
https://developer.joomla.org/security/563-20130801-core-unauthorised-uploads.html
http://www.cso.com.au/article/523528/joomla_patches_file_manager_vulnerability_responsible_hijacked_...
http://www.kb.cert.org/vuls/id/639620
http://niiconsulting.com/checkmate/2013/08/critical-joomla-file-upload-vulnerability/
https://blog.sucuri.net/2013/08/joomla-media-manager-attacks-in-the-wild.html
http://holisticinfosec.blogspot.com/2013/10/joomla-vulnerabilities-responsible.htm