Admin

Admin

[20120203] - Core - Information Disclosure

  • Project: Joomla!
  • SubProject: All
  • Severity: Low
  • Versions: 2.5.0 and 1.7.0 - 1.7.4
  • Exploit type: Information Disclosure
  • Reported Date: 2012-January-29
  • Fixed Date: 2012-February-02

Description

Inadequate validation leads to path disclosure in administrator.

Affected Installs

Joomla! version 2.5.0, 1.7.4, and all earlier 1.7.x versions

Solution

Upgrade to version 2.5.1 or 1.7.5 or higher

Reported by Jakub Galczyk

Contact

The JSST at the Joomla! Security Center.

[20120202] - Core - Information Disclosure

  • Project: Joomla!
  • SubProject: All
  • Severity: Moderate
  • Versions: 1.7.4 and all earlier 1.7.x versions
  • Exploit type: Information Disclosure
  • Reported Date: 2012-January-06
  • Fixed Date: 2012-February-02

Description

On some servers the error log could be read by unauthorised users.

Affected Installs

Joomla! version 1.7.4 and all earlier 1.7.x versions

Solution

Upgrade to version 2.5.1 or 1.7.5 or higher

Reported by Alain Rivest

Contact

The JSST at the Joomla! Security Center.

[20120201] - Core - Information Disclosure

  • Project: Joomla!
  • SubProject: All
  • Severity: Low
  • Versions: 2.5.0 and 1.7.0 - 1.7.4
  • Exploit type: Information Disclosure
  • Reported Date: 2012-January-29
  • Fixed Date: 2012-February-02

Description

Inadequate validation leads to information disclosure in administrator.

Affected Installs

Joomla! version 2.5.0, 1.7.4, and all earlier 1.7.x versions

Solution

Upgrade to version 1.7.5 or 2.5.1 or higher

Reported by Jakub Galczyk

Contact

The JSST at the Joomla! Security Center.

Domingo, 13 Mayo 2012 11:41

[20120302] - Core - XSS Vulnerability

[20120302] - Core - XSS Vulnerability

  • Project: Joomla!
  • SubProject: All
  • Severity: Moderate
  • Versions: 2.5.1 and 2.5.0
  • Exploit type: XSS Vulnerability
  • Reported Date: 2012-February-29
  • Fixed Date: 2012-March-05

Description

Inadequate filtering leads to XSS vulnerability.

Affected Installs

Joomla! version 2.5.1 and 2.5.0.

Solution

Upgrade to version 2.5.2

Reported by Phil Purviance

Contact

The JSST at the Joomla! Security Center.

Domingo, 13 Mayo 2012 11:41

[20120301] - Core - SQL Injection

[20120301] - Core - SQL Injection

  • Project: Joomla!
  • SubProject: All
  • Severity: High
  • Versions: 2.5.1, 2.5.0 and 1.7.0 - 1.7.5
  • Exploit type: SQL Injection
  • Reported Date: 2012-February-29
  • Fixed Date: 2012-March-05

Description

Inadequate escaping leads to SQL injection vulnerability.

Affected Installs

Joomla! version 2.5.1, 2.5.0, 1.7.4, and all earlier 1.7.x versions

Solution

Upgrade to version 2.5.2

Reported by Ching Shiong Sow, Stratsec

Contact

The JSST at the Joomla! Security Center.

Domingo, 13 Mayo 2012 11:41

[20120303] - Core - Privilege Escalation

[20120303] - Core - Privilege Escalation

  • Project: Joomla!
  • SubProject: All
  • Severity: High
  • Versions: 2.5.2, 2.5.1, 2.5.0, and all 1.7.x and 1.6.x releases
  • Exploit type: Privilege Escalation
  • Reported Date: 2012-March-12
  • Fixed Date: 2012-March-15

Description

Programming error allows privilege escalation in some cases.

Affected Installs

Joomla! versions 2.5.2, 2.5.1, 2.5.0, and all 1.7.x and 1.6.x versions

Solution

Upgrade to version 2.5.3

Reported by Jeff Channel

Contact

The JSST at the Joomla! Security Center.

Domingo, 13 Mayo 2012 11:41

[20120304] - Core - Password Change

[20120304] - Core - Password Change

  • Project: Joomla!
  • SubProject: All
  • Severity: High
  • Versions: 2.5.2, 2.5.1, 2.5.0, and all 1.7.x and 1.6.x releases
  • Exploit type: Password Change
  • Reported Date: 2012-March-8
  • Fixed Date: 2012-March-15

Description

Insufficient randomness leads to password reset vulnerability.

Affected Installs

Joomla! versions 2.5.2, 2.5.1, 2.5.0, and all 1.7.x and 1.6.x versions

Solution

Upgrade to version 2.5.3

Reported by George Argyros and Aggelos Kiayias

Contact

The JSST at the Joomla! Security Center.

[20120306] - Core - Information Disclosure

  • Project: Joomla!
  • SubProject: All
  • Severity: Low
  • Versions: 1.5.25 and all earlier 1.5.x versions
  • Exploit type: Information Disclosure
  • Reported Date: 2012-January-7
  • Fixed Date: 2012-March-27

Description

Inadequate permission checking allows unauthorised viewing of administrative back end information.

Affected Installs

Joomla! versions 1.5.25 and all earlier 1.5.x versions

Solution

Upgrade to version 1.5.26

Reported by Cyrille Barthelemy

Contact

The JSST at the Joomla! Security Center.

Domingo, 13 Mayo 2012 11:41

[20120305] - Core - Password Change

[20120305] - Core - Password Change

  • Project: Joomla!
  • SubProject: All
  • Severity: High
  • Versions: 1.5.25 and all earlier 1.5.x versions
  • Exploit type: Password Change
  • Reported Date: 2012-March-8
  • Fixed Date: 2012-March-27

Description

Insufficient randomness leads to password reset vulnerability.

Affected Installs

Joomla! versions 1.5.25 and all earlier 1.5.x versions

Solution

Upgrade to version 1.5.26

Reported by George Argyros and Aggelos Kiayias

Contact

The JSST at the Joomla! Security Center.

Domingo, 13 Mayo 2012 11:41

[20120308] - Core - XSS Vulnerability

[20120308] - Core - XSS Vulnerability

  • Project: Joomla!
  • SubProject: All
  • Severity: Low
  • Versions: 2.5.3 and all earlier 2.5.x versions
  • Exploit type: XSS Vulnerability
  • Reported Date: 2012-February-3
  • Fixed Date: 2012-April-2

Description

Inadequate filtering in update manager leads to XSS vulnerability.

Affected Installs

Joomla! versions 2.5.3 and all earlier 2.5.x versions

Solution

Upgrade to version 2.5.4

Reported by Alex Andreae

Contact

The JSST at the Joomla! Security Center.