Joomla! Developer - Vulnerability News

[20100704] - Core - XSS Vulnerabillitis in Back End

dextercowley@gmail.com (Mark Dexter) — Thu, 15 Jul 2010 16:04:33 +0000

Project: Joomla!
SubProject: All
Severity: Medium
Versions: 1.5.19 and all previous 1.5 releases
Exploit type: XSS Injection
Reported Date: 2010-June-1
Fixed Date: 2010-July-15

Description

Back-end user can inject Javascript in various administrator screens.

Affected Installs

All 1.5.x installs prior to and including 1.5.19 are affected.

Solution

Upgrade to the latest Joomla! version (1.5.20 or later)

Reported by Mesut Timur.

Contact

The JSST at the Joomla! Security Center.

[20100703] - Core - XSS Vulnerabillitis in Back End

dextercowley@gmail.com (Mark Dexter) — Thu, 15 Jul 2010 16:04:28 +0000

Project: Joomla!
SubProject: All
Severity: Medium
Versions: 1.5.19 and all previous 1.5 releases
Exploit type: XSS Injection
Reported Date: 2010-June-8
Fixed Date: 2010-July-15

Description

Back-end user can inject Javascript in various administrator screens.

Affected Installs

All 1.5.x installs prior to and including 1.5.19 are affected.

Solution

Upgrade to the latest Joomla! version (1.5.20 or later)

Reported by José Antonio Vázquez González

Contact

The JSST at the Joomla! Security Center.

[20100702] - Core - XSS Vulnerabillitis in Back End

dextercowley@gmail.com (Mark Dexter) — Thu, 15 Jul 2010 16:04:23 +0000

Project: Joomla!
SubProject: All
Severity: Medium
Versions: 1.5.19 and all previous 1.5 releases
Exploit type: XSS Injection
Reported Date: 2010-June-8
Fixed Date: 2010-July-15

Description

Back-end user can inject Javascript in various administrator screens.

Affected Installs

All 1.5.x installs prior to and including 1.5.19 are affected.

Solution

Upgrade to the latest Joomla! version (1.5.20 or later)

Reported by José Antonio Vázquez González

Contact

The JSST at the Joomla! Security Center.

[20100701] - Core - SQL Injection / Internal Path Exposure

dextercowley@gmail.com (Mark Dexter) — Thu, 15 Jul 2010 16:04:18 +0000

Project: Joomla!
SubProject: All
Severity: Low
Versions: 1.5.19 and all previous 1.5 releases
Exploit type: Internal Path Exposure
Reported Date: 2010-June-10
Fixed Date: 2010-July-15

Description

Back-end user can create MySQL error which shows internal path information in the error message.

Affected Installs

All 1.5.x installs prior to and including 1.5.19 are affected.

Solution

Upgrade to the latest Joomla! version (1.5.20 or later)

Reported by Andy Gorges

Contact

The JSST at the Joomla! Security Center.

[20100501] - Core - XSS Vulnerabilities in Back End

dextercowley@gmail.com (Mark Dexter) — Fri, 28 May 2010 00:00:00 +0000

Project: Joomla!
SubProject: All
Severity: High
Versions: 1.5.17 and all previous 1.5 releases
Exploit type: XSS Injection
Reported Date: 2010-May-13
Fixed Date: 2010-May-28

Description

Back-end user can inject javascript in various administrator screens.

Affected Installs

All 1.5.x installs prior to and including 1.5.17 are affected.

Solution

Upgrade to the latest Joomla! version (1.5.18 or later)

Reported by Riyaz Ahemed

Contact

The JSST at the Joomla! Security Center.

[20100423] - Core - Negative Values for Limit and Offset

dextercowley@gmail.com (Mark Dexter) — Fri, 23 Apr 2010 17:31:43 +0000

Project: Joomla!
SubProject: All
Severity: Moderate
Versions: 1.5.15 and all previous 1.5 releases
Exploit type: information Disclosure
Reported Date: 2010-Feb-21
Fixed Date: 2010-Apr-23

Description

If a user entered a URL with a negative query limit or offset, a PHP notice would display revealing information about the system.

Affected Installs

All 1.5.x installs prior to and including 1.5.15 are affected.

Solution

Upgrade to the latest Joomla! version (1.5.16 or later)

Reported by Security List

Contact

The JSST at the Joomla! Security Center.

[20100423] - Core - Installer Migration Script

dextercowley@gmail.com (Mark Dexter) — Fri, 23 Apr 2010 17:27:34 +0000

Project: Joomla!
SubProject: All
Severity: Low
Versions: 1.5.15 and all previous 1.5 releases
Exploit type: Code upload
Reported Date: 2009-Dec-30
Fixed Date: 2010-Apr-23

Description

The migration script in the Joomla! installer does not check the file type being uploaded. If the installation application is present, an attacker could use it to upload malicious files to a server.

Affected Installs

All 1.5.x installs prior to and including 1.5.15 are affected.

Solution

Upgrade to the latest Joomla! version (1.5.16 or later)

Reported by Nicola Bettini

Contact

The JSST at the Joomla! Security Center.

[20100423] - Core - Sessation Fixation

dextercowley@gmail.com (Mark Dexter) — Fri, 23 Apr 2010 17:22:05 +0000

Project: Joomla!
SubProject: All
Severity: Moderate
Versions: 1.5.15 and all previous 1.5 releases
Exploit type: Session fixation
Reported Date: 2010-Mar-25
Fixed Date: 2010-Apr-23

Description

Session id doesn't get modified when user logs in. A remote site may be able to forward a visitor to the Joomla! site and set a specific cookie. If the user then logs in, the remote site can use that cookie to authenticate as that user.

Affected Installs

All 1.5.x installs prior to and including 1.5.15 are affected.

Solution

Upgrade to the latest Joomla! version (1.5.16 or later)

Reported by Raúl Siles and Steven Pignataro

Contact

The JSST at the Joomla! Security Center.[20100423] - Core - Password Reset Tokens

[20100423] - Core - Password Reset Tokens

dextercowley@gmail.com (Mark Dexter) — Fri, 23 Apr 2010 00:00:00 +0000

Project: Joomla!
SubProject: All
Severity: Low
Versions: 1.5.15 and all previous 1.5 releases
Exploit type: Unauthorised Access
Reported Date: 2010-Jan-07
Fixed Date: 2010-Apr-23

Description

When a user requests a password reset, the reset tokens were stored in plain text in the database. While this is not a vulnerability in itself, it allows user accounts to be compromised if there is an extension on the site with an SQL injection vulnerability.

Affected Installs

All 1.5.x installs prior to and including 1.5.15 are affected.

Solution

Upgrade to the latest Joomla! version (1.5.16 or later)

Reported by Madis Abel

Contact

The JSST at the Joomla! Security Center.

[20091103] - Core - Front-End Editor Issue

dextercowley@gmail.com (Mark Dexter) — Tue, 03 Nov 2009 16:31:02 +0000

Project: Joomla!
SubProject: com_content
Severity: Moderate
Versions: 1.5.14 and all previous 1.5 releases
Exploit type: Front-End Editing
Reported Date: 2009-September-05
Fixed Date: 2009-November-03

Description

When logged into the front end with Author access, it was possible to replace an article written by another user.

Affected Installs

All 1.5.x installs prior to and including 1.5.14 are affected.

Solution

Upgrade to latest Joomla! version (1.5.15 or newer).

Reported by Hannes Papenberg

Contact

The JSST at the Joomla! Security Center.