Joomla! Developer Network - Security News

[20120201] - Core - Information Disclosure

dextercowley@gmail.com (Mark Dexter) — Thu, 02 Feb 2012 05:25:21 +0000

Project: Joomla!
SubProject: All
Severity: Low
Versions: 2.5.0 and 1.7.0 - 1.7.4
Exploit type: Information Disclosure
Reported Date: 2012-January-29
Fixed Date: 2012-February-02

Description

Inadequate validation leads to information disclosure in administrator.

Affected Installs

Joomla! version 2.5.0, 1.7.4, and all earlier 1.7.x versions

Solution

Upgrade to version 1.7.5 or 2.5.1 or higher

Reported by Jakub Galczyk

Contact

The JSST at the Joomla! Security Center.

[20120202] - Core - Information Disclosure

dextercowley@gmail.com (Mark Dexter) — Thu, 02 Feb 2012 05:25:21 +0000

Project: Joomla!
SubProject: All
Severity: Moderate
Versions: 1.7.4 and all earlier 1.7.x versions
Exploit type: Information Disclosure
Reported Date: 2012-January-06
Fixed Date: 2012-February-02

Description

On some servers the error log could be read by unauthorised users.

Affected Installs

Joomla! version 1.7.4 and all earlier 1.7.x versions

Solution

Upgrade to version 2.5.1 or 1.7.5 or higher

Reported by Alain Rivest

Contact

The JSST at the Joomla! Security Center.

[20120203] - Core - Information Disclosure

dextercowley@gmail.com (Mark Dexter) — Thu, 02 Feb 2012 05:25:21 +0000

Project: Joomla!
SubProject: All
Severity: Low
Versions: 2.5.0 and 1.7.0 - 1.7.4
Exploit type: Information Disclosure
Reported Date: 2012-January-29
Fixed Date: 2012-February-02

Description

Inadequate validation leads to path disclosure in administrator.

Affected Installs

Joomla! version 2.5.0, 1.7.4, and all earlier 1.7.x versions

Solution

Upgrade to version 2.5.1 or 1.7.5 or higher

Reported by Jakub Galczyk

Contact

The JSST at the Joomla! Security Center.

[20120101] - Core - Information Disclosure

dextercowley@gmail.com (Mark Dexter) — Mon, 23 Jan 2012 09:45:28 +0000

Project: Joomla!
SubProject: All
Severity: Low
Versions: 1.7.3 and all earlier 1.7 and 1.6 versions
Exploit type: Information Disclosure
Reported Date: 2012-January-07
Fixed Date: 2012-January-24

Description

Inadequate filtering leads to information disclosure.

Affected Installs

Joomla! version 1.7.3 and all earlier versions

Solution

Upgrade to version 1.7.4 or 2.5.0 or higher

Reported by Cyrille Barthelemy

Contact

The JSST at the Joomla! Security Center.

[20120102] - Core - XSS Vulnerability

dextercowley@gmail.com (Mark Dexter) — Mon, 23 Jan 2012 09:45:28 +0000

Project: Joomla!
SubProject: All
Severity: Moderate
Versions: 1.7.3 and all earlier 1.7 and 1.6 versions
Exploit type: XSS Vulnerability
Reported Date: 2011-November-16
Fixed Date: 2012-January-24

Description

Inadequate filtering leads to XSS vulnerability.

Affected Installs

Joomla! version 1.7.3 and all earlier versions

Solution

Upgrade to version 1.7.4 or 2.5.0 or higher

Reported by Ankita Kapadia

Contact

The JSST at the Joomla! Security Center.

[20120103] - Core - Information Disclosure

dextercowley@gmail.com (Mark Dexter) — Mon, 23 Jan 2012 09:45:28 +0000

Project: Joomla!
SubProject: All
Severity: Low
Versions: 1.7.3 and all earlier 1.7 and 1.6 versions
Exploit type: Information Disclosure
Reported Date: 2011-December-19
Fixed Date: 2012-January-24

Description

Inadequate filtering leads to information disclosure.

Affected Installs

Joomla! version 1.7.3 and all earlier versions

Solution

Upgrade to version 1.7.4 or 2.5.0 or higher

Reported by Jean-Marie Simonet

Contact

The JSST at the Joomla! Security Center.

[20120104] - Core - XSS Vulnerability

dextercowley@gmail.com (Mark Dexter) — Mon, 23 Jan 2012 09:45:28 +0000

Project: Joomla!
SubProject: All
Severity: Moderate
Versions: 1.7.3 and all earlier versions
Exploit type: XSS Vulnerability
Reported Date: 2012-January-22
Fixed Date: 2012-January-24

Description

Inadequate filtering leads to XSS vulnerability.

Affected Installs

Joomla! version 1.7.3 and all earlier 1.7 and 1.6 versions

Solution

Upgrade to version 1.7.4 or 2.5.0 or higher

Reported by David Jardin

Contact

The JSST at the Joomla! Security Center.

[20111102] - Core - Password Change

dextercowley@gmail.com (Mark Dexter) — Tue, 15 Nov 2011 04:33:00 +0000

Project: Joomla!
SubProject: All
Severity: High
Versions: 1.7.2 and all 1.6.x versions
Exploit type: Password Change
Reported Date: 2011-October-28
Fixed Date: 2011-November-14

Description

Weak random number generation during password reset leads to possibility of changing a user's password.

Affected Installs

Joomla! version 1.7.2 and all earlier 1.7.x and 1.6.x versions

Solution

Upgrade to the latest Joomla! version (1.7.3 or later)

Reported by Gregor Kopf and David Jardin

Contact

The JSST at the Joomla! Security Center.

[20111103] - Core - Password Change

dextercowley@gmail.com (Mark Dexter) — Tue, 15 Nov 2011 04:33:00 +0000

Project: Joomla!
SubProject: All
Severity: High
Versions: 1.5.24 and all earlier 1.5 versions
Exploit type: Password Change
Reported Date: 2011-October-28
Fixed Date: 2011-November-14

Description

Weak random number generation during password reset leads to possibility of changing a user's password.

Affected Installs

Joomla! version 1.5.24 and all earlier 1.5 versions

Solution

Upgrade to the latest Joomla! 1.5 version (1.5.25 or later)

Reported by Gregor Kopf and David Jardin

Contact

The JSST at the Joomla! Security Center.

[20111101] - Core - XSS Vulnerability

dextercowley@gmail.com (Mark Dexter) — Tue, 15 Nov 2011 04:33:00 +0000

Project: Joomla!
SubProject: All
Severity: Medium
Versions: 1.7.2 and all 1.6.x versions
Exploit type: XSS
Reported Date: 2011-October-21
Fixed Date: 2011-November-14

Description

Inadequate filtering leads to XSS vulnerability in back end.

Affected Installs

Joomla! version 1.7.2 and all earlier 1.7.x and 1.6.x versions

Solution

Upgrade to the latest Joomla! version (1.7.3 or later)

Reported by Corné Hannema

Contact

The JSST at the Joomla! Security Center.

[20111001] - Core - Information Disclosure

dextercowley@gmail.com (Mark Dexter) — Mon, 17 Oct 2011 20:59:00 +0000

Project: Joomla!
SubProject: All
Severity: Moderate
Versions: 1.7.1
Exploit type: Information Disclosure
Reported Date: 2011-September-09
Fixed Date: 2011-October-17

Description

Weak encryption causes potential information disclosure.

Affected Installs

Joomla! version 1.7.1 and earlier

Solution

Upgrade to the latest Joomla! version (1.7.2 or later)

Reported by Jeff Channell

Contact

The JSST at the Joomla! Security Center.

[20111002] - Core - Information Disclosure

dextercowley@gmail.com (Mark Dexter) — Mon, 17 Oct 2011 20:59:00 +0000

Project: Joomla!
SubProject: All
Severity: Low
Versions: 1.7.1
Exploit type: Information Disclosure
Reported Date: 2011-August-02
Fixed Date: 2011-October-17

Description

Inadequate error checking causes potential information disclosure.

Affected Installs

Joomla! version 1.7.1 and earlier

Solution

Upgrade to the latest Joomla! version (1.7.2 or later)

Reported by Aung Khant, YGN Ethical Hacker Group

Contact

The JSST at the Joomla! Security Center.

[20111003] - Core - Information Disclosure

dextercowley@gmail.com (Mark Dexter) — Mon, 17 Oct 2011 20:59:00 +0000

Project: Joomla!
SubProject: All
Severity: Moderate
Versions: 1.5.23 and earlier
Exploit type: Information Disclosure
Reported Date: 2011-September-09
Fixed Date: 2011-October-17

Description

Weak encryption causes potential information disclosure.

Affected Installs

Joomla! version 1.5.23 and earlier

Solution

Upgrade to the latest Joomla! version (1.5.24 or later)

Reported by Jeff Channell

Contact

The JSST at the Joomla! Security Center.

[20110903] - Core - Information Disclosure

dextercowley@gmail.com (Mark Dexter) — Mon, 26 Sep 2011 20:59:22 +0000

Project: Joomla!
SubProject: All
Severity: Low
Versions: 1.7.0
Exploit type: Information Disclosure
Reported Date: 2011-September-23
Fixed Date: 2011-September-26

Description

Inadequate error checking causes information disclosure.

Affected Installs

Joomla! version 1.7.0

Solution

Upgrade to the latest Joomla! version (1.7.1 or later)

Reported by National Vulnerability Database

Contact

The JSST at the Joomla! Security Center.

[20110901] - Core - XSS Vulnerability

dextercowley@gmail.com (Mark Dexter) — Fri, 23 Sep 2011 02:33:00 +0000

Project: Joomla!
SubProject: All
Severity: Medium
Versions: 17.0 and all 1.6.x versions
Exploit type: XSS
Reported Date: 2011-August-02
Fixed Date: 2011-September-22

Description

Inadequate escaping leads to XSS vulnerability in com_search.

Affected Installs

Joomla! version 1.7.0 and all 1.6.x versions

Solution

Upgrade to the latest Joomla! version (1.7.1 or later)

Reported by Aung Khant

Contact

The JSST at the Joomla! Security Center.