|
Joomla! Developer - Vulnerability News
|
-
[20100704] - Core - XSS Vulnerabillitis in Back End
- Project: Joomla!
- SubProject: All
- Severity: Medium
- Versions: 1.5.19 and all previous 1.5 releases
- Exploit type: XSS Injection
- Reported Date: 2010-June-1
- Fixed Date: 2010-July-15
Description
Back-end user can inject Javascript in various administrator screens.
Affected Installs
All 1.5.x installs prior to and including 1.5.19 are affected.
Solution
Upgrade to the latest Joomla! version (1.5.20 or later)
Reported...
-
[20100703] - Core - XSS Vulnerabillitis in Back End
- Project: Joomla!
- SubProject: All
- Severity: Medium
- Versions: 1.5.19 and all previous 1.5 releases
- Exploit type: XSS Injection
- Reported Date: 2010-June-8
- Fixed Date: 2010-July-15
Description
Back-end user can inject Javascript in various administrator screens.
Affected Installs
All 1.5.x installs prior to and including 1.5.19 are affected.
Solution
Upgrade to the latest Joomla! version (1.5.20 or later)
Reported...
-
[20100702] - Core - XSS Vulnerabillitis in Back End
- Project: Joomla!
- SubProject: All
- Severity: Medium
- Versions: 1.5.19 and all previous 1.5 releases
- Exploit type: XSS Injection
- Reported Date: 2010-June-8
- Fixed Date: 2010-July-15
Description
Back-end user can inject Javascript in various administrator screens.
Affected Installs
All 1.5.x installs prior to and including 1.5.19 are affected.
Solution
Upgrade to the latest Joomla! version (1.5.20 or later)
Reported...
-
[20100701] - Core - SQL Injection / Internal Path Exposure
- Project: Joomla!
- SubProject: All
- Severity: Low
- Versions: 1.5.19 and all previous 1.5 releases
- Exploit type: Internal Path Exposure
- Reported Date: 2010-June-10
- Fixed Date: 2010-July-15
Description
Back-end user can create MySQL error which shows internal path information in the error message.
Affected Installs
All 1.5.x installs prior to and including 1.5.19 are affected.
Solution
Upgrade to...
-
[20100501] - Core - XSS Vulnerabilities in Back End
- Project: Joomla!
- SubProject: All
- Severity: High
- Versions: 1.5.17 and all previous 1.5 releases
- Exploit type: XSS Injection
- Reported Date: 2010-May-13
- Fixed Date: 2010-May-28
Description
Back-end user can inject javascript in various administrator screens.
Affected Installs
All 1.5.x installs prior to and including 1.5.17 are affected.
Solution
Upgrade to the latest Joomla! version (1.5.18 or later)
Reported...
-
[20100423] - Core - Negative Values for Limit and Offset
- Project: Joomla!
- SubProject: All
- Severity: Moderate
- Versions: 1.5.15 and all previous 1.5 releases
- Exploit type: information Disclosure
- Reported Date: 2010-Feb-21
- Fixed Date: 2010-Apr-23
Description
If a user entered a URL with a negative query limit or offset, a PHP notice would display revealing information about the system.
Affected Installs
All 1.5.x installs prior to...
-
[20100423] - Core - Installer Migration Script
- Project: Joomla!
- SubProject: All
- Severity: Low
- Versions: 1.5.15 and all previous 1.5 releases
- Exploit type: Code upload
- Reported Date: 2009-Dec-30
- Fixed Date: 2010-Apr-23
Description
The migration script in the Joomla! installer does not check the file type being uploaded. If the installation application is present, an attacker could use it to...
-
[20100423] - Core - Sessation Fixation
- Project: Joomla!
- SubProject: All
- Severity: Moderate
- Versions: 1.5.15 and all previous 1.5 releases
- Exploit type: Session fixation
- Reported Date: 2010-Mar-25
- Fixed Date: 2010-Apr-23
Description
Session id doesn't get modified when user logs in. A remote site may be able to forward a visitor to the Joomla! site and set a specific...
|
Support