Joomla! Developer - Vulnerability News

[20091103] - Core - Front-End Editor Issue

dextercowley@gmail.com (Mark Dexter) — Tue, 03 Nov 2009 16:31:02 +0000

Project: Joomla!
SubProject: com_content
Severity: Moderate
Versions: 1.5.14 and all previous 1.5 releases
Exploit type: Front-End Editing
Reported Date: 2009-September-05
Fixed Date: 2009-November-03

Description

When logged into the front end with Author access, it was possible to replace an article written by another user.

Affected Installs

All 1.5.x installs prior to and including 1.5.14 are affected.

Solution

Upgrade to latest Joomla! version (1.5.15 or newer).

Reported by Hannes Papenberg

Contact

The JSST at the Joomla! Security Center.

[20091103] - Core - XML File Read Issue

dextercowley@gmail.com (Mark Dexter) — Mon, 02 Nov 2009 01:03:19 +0000

Project: Joomla!
SubProject: All
Severity: Low
Versions: 1.5.14 and all previous 1.5 releases
Exploit type: Extension Version Disclosure
Reported Date: 2009-October-13
Fixed Date: 2009-Nov-03

Description

It is possible to read the contents of an extension's XML file and find the version number of the installed extension. This could allow people to exploit a known security flaws for a specific version of an extension.

Affected Installs

All 1.5.x installs prior to and including 1.5.14 are affected.

Solution

Turn on Apache mod_rewrite and configure your .htaccess file to filter out XML files. In the htaccess.txt file shipped with version 1.5.15, lines 35-39 contain example code that will deny access to XML files. You can incorporate this code (or similar code) into your .htaccess file. Be sure to test that it does not cause problems on your site.

Reported by WHK and Gergő Erdősi

Contact

The JSST at the Joomla! Security Center.

[20090722] - Core - Missing JEXEC Check

dextercowley@gmail.com (Mark Dexter) — Wed, 22 Jul 2009 23:36:40 +0000

Project: Joomla!
SubProject: Framework
Severity: Moderate
Versions: 1.5.12 and all previous 1.5 releases
Exploit type: Path Disclosure
Reported Date: 2009-July-21
Fixed Date: 2009-July-22

Description

Some files were missing the check for JEXEC. These scripts will then expose internal path information of the host.

Affected Installs

All 1.5.x installs prior to and including 1.5.12 are affected.

Solution

Upgrade to latest Joomla! version (1.5.13 or newer).

Reported by Juan Galiana Lara (Internet Security Auditors)

Contact

The JSST at the Joomla! Security Center.

[20090723] - Core - com_mailto Timeout Issue

dextercowley@gmail.com (Mark Dexter) — Wed, 22 Jul 2009 23:36:40 +0000

Project: Joomla!
SubProject: com_mailto
Severity: Low
Versions: 1.5.13 and all previous 1.5 releases
Exploit type: Email
Reported Date: 2009-July-28
Fixed Date: 2009-July-30

Description

In com_mailto, it was possible to bypass timeout protection against sending automated emails.

Affected Installs

All 1.5.x installs prior to and including 1.5.13 are affected.

Solution

Upgrade to latest Joomla! version (1.5.14 or newer).

Reported by WHK and Gergő Erdősi

Contact

The JSST at the Joomla! Security Center.

[20090722] - Core - File Upload

dextercowley@gmail.com (Mark Dexter) — Wed, 22 Jul 2009 23:17:38 +0000

Project: Joomla!
SubProject: TinyMCE editor
Severity: Critical
Versions: 1.5.12
Exploit type: Image File upload
Reported Date: 2009-July-22
Fixed Date: 2009-July-22

Description

Tiny browser included with TinyMCE 3.0 editor allowed files to be uploaded and removed without logging in.

Affected Installs

Version 1.5.12 only

Solution

Upgrade to latest Joomla! version (1.5.13 or newer).

Reported by Patrice Lazareff.

Contact

The JSST at the Joomla! Security Center.

[20090606] - Core - Missing JEXEC Check

dextercowley@gmail.com (Mark Dexter) — Wed, 01 Jul 2009 04:46:19 +0000

Project: Joomla!
SubProject: Admin client
Severity: Moderate
Versions: 1.5.11 and all previous 1.5 releases
Exploit type: XSS
Reported Date: 2009-June-22
Fixed Date: 2009-June-30

Description

Some files were missing the check for JEXEC. These scripts will then expose internal path information of the host.

Affected Installs

All 1.5.x installs prior to and including 1.5.11 are affected.

Solution

Upgrade to latest Joomla! version (1.5.12 or newer).

Contact

The JSST at the Joomla! Security Center.

[20090605] - Core - Frontend XSS - PHP_SELF not properly filtered

dextercowley@gmail.com (Mark Dexter) — Wed, 01 Jul 2009 04:46:06 +0000

Project: Joomla!
SubProject: Site client
Severity: Moderate
Versions: 1.5.11 and all previous 1.5 releases
Exploit type: XSS
Reported Date: 2009-June-03
Fixed Date: 2009-June-30

Description

An attacker can inject JavaScript code in a URL that will be executed in the context of targeted user browser.

Affected Installs

All 1.5.x installs prior to and including 1.5.11 are affected.

Solution

Upgrade to latest Joomla! version (1.5.12 or newer).

Reported By Paul Boekholt (Byte Internet)

Contact

The JSST at the Joomla! Security Center.

[20090604] - Core - Frontend XSS - HTTP_REFERER not properly filtered

dextercowley@gmail.com (Mark Dexter) — Wed, 01 Jul 2009 04:45:53 +0000

Project: Joomla!
SubProject: Site client
Severity: Moderate
Versions: 1.5.11 and all previous 1.5 releases
Exploit type: XSS
Reported Date: 2009-June-30
Fixed Date: 2009-June-30

Description

An attacker can inject JavaScript or DHTML code that will be executed in the context of targeted user browser, allowing the attacker to steal cookies. HTTP_REFERER variable is not properly parsed.

Affected Installs

All 1.5.x installs prior to and including 1.5.11 are affected.

Solution

Upgrade to latest Joomla! version (1.5.12 or newer).

Reported by Juan Galiana Lara (Internet Security Auditors)

Contact

The JSST at the Joomla! Security Center.

[20090603] - Core - Frontend XSS

ian.maclennan@joomla.org (Ian MacLennan) — Wed, 03 Jun 2009 05:56:53 +0000

Project: Joomla!
SubProject: Site client
Severity: Low
Versions: 1.5.10 and all previous 1.5 releases
Exploit type: XSS
Reported Date: 2009-May-05
Fixed Date: 2009-June-02

Description

Some values were output from the database without being properly escaped. Most strings in question were sourced from the administrator panel.

Affected Installs

All 1.5.x installs prior to and including 1.5.10 are affected.

Solution

Upgrade to latest Joomla! version (1.5.11 or newer).

Contact

The JSST at the Joomla! Security Center.

[20090602] - Core - ja_purity XSS

ian.maclennan@joomla.org (Ian MacLennan) — Wed, 03 Jun 2009 05:56:42 +0000

Project: Joomla!
SubProject: ja_purity
Severity: Moderate
Versions: 1.5.10 and all previous 1.5 releases
Exploit type: XSS
Reported Date: 2009-April-06
Fixed Date: 2009-June-02

Description

A XSS vulnerability exists in the JA_Purity template which ships with Joomla! 1.5.

Affected Installs

All 1.5.x installs prior to and including 1.5.10 are affected.

Solution

Upgrade to latest Joomla! version (1.5.11 or newer).

Reported by Juan Galiana Lara.

Contact

The JSST at the Joomla! Security Center.