Uncategorised

[20120602] - Core - Information Disclosure Project: Joomla! SubProject: All Severity: Low Versions: 2.5.4 and all earlier 2.5.x versions Exploit type: Information Disclosure Reported Date: 2012-May-1 Fixed Date: 2012-June-18 Description Inadequate filtering leads SQL error and information disclosure. Affected Installs Joomla! versions 2.5.4 and all earlier 2.5.x versions Solution Upgrade to version 2.5.5 Reported by Jakub Galczyk Contact The JSST at the Joomla! Security Center.
[20120601] - Core - Privilege Escalation Project: Joomla! SubProject: All Severity: Medium High Versions: 2.5.4 and all earlier 2.5.x versions Exploit type: Privilege Escalation Reported Date: 2012-April-29 Fixed Date: 2012-June-18 Description Inadequate checking leads to possible user privilege escalation. Affected Installs Joomla! versions 2.5.4 and all earlier 2.5.x versions Solution Upgrade to version 2.5.5 Reported by Nils Rückmann Contact The JSST at the Joomla! Security Center.
Dear Joomlashack Friends, It gives us great pleasure to welcome Brian Teeman to The Shack. As many of you may already know, since co-founding Joomla! and Open Source Matters in 2005, Brian has committed his every waking minute to sharing his love for Joomla and teaching people how to use Joomla the world over. Just this year, he visited over 13 different countries where he taught how to use Joomla and participated as a key-note speaker at Joomla Day events. Starting in January, Brian will take over the job of Director of the School of Joomla! at Joomlashack University from our good friend Forest Linden. Forest will forever be one of the co-founders of our wonderful University and for that we will be eternally thankful. Forest left big shoes to fill as he worked tirelessly during these last two years to create a comprehensive collection of lessons, classes, and video tutorials all in an unparalleled level of quality and ease of use. There are not many people who could fill the void Forest has left behind, but we are confident Brian is more than up to the challenge. Joomlashack was founded on September 2nd 2005, the day after the…
[20120104] - Core - XSS Vulnerability Project: Joomla! SubProject: All Severity: Moderate Versions: 1.7.3 and all earlier versions Exploit type: XSS Vulnerability Reported Date: 2012-January-22 Fixed Date: 2012-January-24 Description Inadequate filtering leads to XSS vulnerability. Affected Installs Joomla! version 1.7.3 and all earlier 1.7 and 1.6 versions Solution Upgrade to version 1.7.4 or 2.5.0 or higher Reported by David Jardin Contact The JSST at the Joomla! Security Center.
[20120103] - Core - Information Disclosure Project: Joomla! SubProject: All Severity: Low Versions: 1.7.3 and all earlier 1.7 and 1.6 versions Exploit type: Information Disclosure Reported Date: 2011-December-19 Fixed Date: 2012-January-24 Description Inadequate filtering leads to information disclosure. Affected Installs Joomla! version 1.7.3 and all earlier versions Solution Upgrade to version 1.7.4 or 2.5.0 or higher Reported by Jean-Marie Simonet Contact The JSST at the Joomla! Security Center.
[20120102] - Core - XSS Vulnerability Project: Joomla! SubProject: All Severity: Moderate Versions: 1.7.3 and all earlier 1.7 and 1.6 versions Exploit type: XSS Vulnerability Reported Date: 2011-November-16 Fixed Date: 2012-January-24 Description Inadequate filtering leads to XSS vulnerability. Affected Installs Joomla! version 1.7.3 and all earlier versions Solution Upgrade to version 1.7.4 or 2.5.0 or higher Reported by Ankita Kapadia Contact The JSST at the Joomla! Security Center.
[20120101] - Core - Information Disclosure Project: Joomla! SubProject: All Severity: Low Versions: 1.7.3 and all earlier 1.7 and 1.6 versions Exploit type: Information Disclosure Reported Date: 2012-January-07 Fixed Date: 2012-January-24 Description Inadequate filtering leads to information disclosure. Affected Installs Joomla! version 1.7.3 and all earlier versions Solution Upgrade to version 1.7.4 or 2.5.0 or higher Reported by Erwan Peton - Intrinsec Contact The JSST at the Joomla! Security Center.
[20120203] - Core - Information Disclosure Project: Joomla! SubProject: All Severity: Low Versions: 2.5.0 and 1.7.0 - 1.7.4 Exploit type: Information Disclosure Reported Date: 2012-January-29 Fixed Date: 2012-February-02 Description Inadequate validation leads to path disclosure in administrator. Affected Installs Joomla! version 2.5.0, 1.7.4, and all earlier 1.7.x versions Solution Upgrade to version 2.5.1 or 1.7.5 or higher Reported by Jakub Galczyk Contact The JSST at the Joomla! Security Center.
[20120202] - Core - Information Disclosure Project: Joomla! SubProject: All Severity: Moderate Versions: 1.7.4 and all earlier 1.7.x versions Exploit type: Information Disclosure Reported Date: 2012-January-06 Fixed Date: 2012-February-02 Description On some servers the error log could be read by unauthorised users. Affected Installs Joomla! version 1.7.4 and all earlier 1.7.x versions Solution Upgrade to version 2.5.1 or 1.7.5 or higher Reported by Alain Rivest Contact The JSST at the Joomla! Security Center.
[20120201] - Core - Information Disclosure Project: Joomla! SubProject: All Severity: Low Versions: 2.5.0 and 1.7.0 - 1.7.4 Exploit type: Information Disclosure Reported Date: 2012-January-29 Fixed Date: 2012-February-02 Description Inadequate validation leads to information disclosure in administrator. Affected Installs Joomla! version 2.5.0, 1.7.4, and all earlier 1.7.x versions Solution Upgrade to version 1.7.5 or 2.5.1 or higher Reported by Jakub Galczyk Contact The JSST at the Joomla! Security Center.
Page 1 of 3