Author: Cyberthreat Blog

IBM Domino 8.5.3, and 9.0 is vulnerable to a stack based overflow in the IMAP service that could allow an authenticated attacker to execute arbitrary code by specifying a large mailbox name. IBM X-Force ID: 124749.

In Joomla! 1.5.0 through 3.6.5 (fixed in 3.7.0), inadequate filtering of multibyte characters leads to XSS vulnerabilities in various components.

In Joomla! 3.4.0 through 3.6.5 (fixed in 3.7.0), multiple files caused full path disclosures on systems with enabled error reporting.

In Joomla! 3.2.0 through 3.6.5 (fixed in 3.7.0), inadequate filtering leads to XSS in the template manager component.

In Joomla! 3.2.0 through 3.6.5 (fixed in 3.7.0), inadequate MIME type checks allowed low-privilege users to upload swf files even if they were explicitly forbidden.