http://developer.joomla.org/security.html Mon, 20 May 2013 06:06:23 +0000 Joomla! - Open Source Content Management en-gb JoomlaSecurityNewshttp://feedburner.google.com http://feeds.joomla.org/~r/JoomlaSecurityNews/~3/1mL44UqdHpw/80-20130405-core-xss-vulnerability.html http://developer.joomla.org/security/80-20130405-core-xss-vulnerability.html <div class="feed-description"><ul> <li>Project: Joomla!</li> <li>SubProject: All</li> <li>Severity: <span class="label label-warning">Low</span></li> <li>Versions: 2.5.9 and earlier 2.5.x versions. 3.0.3 and earlier 3.0.x versions.</li> <li>Exploit type: XSS Vulnerability</li> <li>Reported Date: 2013-February-26</li> <li>Fixed Date: 2013-April-24</li> <li>CVE Number: CVE-2013-3059</li> </ul> <h3>Description</h3> <p>Inadequate filtering leads to XSS vulnerability in Voting plugin.</p> <h3>Affected Installs</h3> <p>Joomla! version 2.5.9 and earlier 2.5.x versions; and version 3.0.2 and earlier 3.0.x versions.</p> <h3>Solution</h3> <p>Upgrade to version 2.5.10,  3.1.0 or 3.0.4.</p> <h3>Contact</h3> <p>The JSST at the Joomla! Security Center.</p> <div class="alert alert-info"><strong>Reported By:</strong> Yannick Gaultier and Jeff Channell</div></div><div class="feedflare"> <a href="http://feeds.joomla.org/~ff/JoomlaSecurityNews?a=1mL44UqdHpw:bM7UwNp9_so:yIl2AUoC8zA"><img src="http://feeds.feedburner.com/~ff/JoomlaSecurityNews?d=yIl2AUoC8zA" border="0"></img></a> </div><img src="http://feeds.feedburner.com/~r/JoomlaSecurityNews/~4/1mL44UqdHpw" height="1" width="1"/> dextercowley@gmail.com (Mark Dexter) Security Wed, 24 Apr 2013 05:00:00 +0000 http://developer.joomla.org/security/80-20130405-core-xss-vulnerability.html http://feeds.joomla.org/~r/JoomlaSecurityNews/~3/ud3SHslz1_I/81-20130403-core-xss-vulnerability.html http://developer.joomla.org/security/81-20130403-core-xss-vulnerability.html <div class="feed-description"><ul> <li>Project: Joomla!</li> <li>SubProject: All</li> <li>Severity: <span class="label label-warning">Moderate</span></li> <li>Versions: 2.5.9 and earlier 2.5.x versions. 3.0.3 and earlier 3.0.x versions.</li> <li>Exploit type: XSS Vulnerability</li> <li>Reported Date: 2013-March-9</li> <li>Fixed Date: 2013-April-24</li> <li>CVE Number: CVE-2013-3058</li> </ul> <h3>Description</h3> <p>Inadequate filtering allows possibility of XSS exploit in some circumstances.</p> <h3>Affected Installs</h3> <p>Joomla! version 2.5.9 and earlier 2.5.x versions; and version 3.0.2 and earlier 3.0.x versions.</p> <h3>Solution</h3> <p>Upgrade to version 2.5.10,  3.1.0 or 3.0.4.</p> <h3>Contact</h3> <p>The JSST at the Joomla! Security Center.</p> <div class="alert alert-info"><strong>Reported By:</strong> James Kettle</div></div><div class="feedflare"> <a href="http://feeds.joomla.org/~ff/JoomlaSecurityNews?a=ud3SHslz1_I:CuX_KQ2rlp0:yIl2AUoC8zA"><img src="http://feeds.feedburner.com/~ff/JoomlaSecurityNews?d=yIl2AUoC8zA" border="0"></img></a> </div><img src="http://feeds.feedburner.com/~r/JoomlaSecurityNews/~4/ud3SHslz1_I" height="1" width="1"/> dextercowley@gmail.com (Mark Dexter) Security Wed, 24 Apr 2013 05:00:00 +0000 http://developer.joomla.org/security/81-20130403-core-xss-vulnerability.html http://feeds.joomla.org/~r/JoomlaSecurityNews/~3/jeUWmBBItXQ/82-20130402-core-information-disclosure.html http://developer.joomla.org/security/82-20130402-core-information-disclosure.html <div class="feed-description"><ul> <li>Project: Joomla!</li> <li>SubProject: All</li> <li>Severity: <span class="label label-warning">Low</span></li> <li>Versions: 2.5.9 and earlier 2.5.x versions. 3.0.3 and earlier 3.0.x versions.</li> <li>Exploit type: Information Disclosure</li> <li>Reported Date: 2013-March-29</li> <li>Fixed Date: 2013-April-24</li> <li>CVE Number: CVE-2013-3057</li> </ul> <h3>Description</h3> <p>Inadequate permission checking allows unauthorised user to see permission settings in some circumstances.</p> <h3>Affected Installs</h3> <p>Joomla! version 2.5.9 and earlier 2.5.x versions; and version 3.0.2 and earlier 3.0.x versions.</p> <h3>Solution</h3> <p>Upgrade to version 2.5.10,  3.1.0 or 3.0.4.</p> <h3>Contact</h3> <p>The JSST at the Joomla! Security Center.</p> <div class="alert alert-info"><strong>Reported By:</strong> Francois Gauthier</div></div><div class="feedflare"> <a href="http://feeds.joomla.org/~ff/JoomlaSecurityNews?a=jeUWmBBItXQ:rkYLkROYLZs:yIl2AUoC8zA"><img src="http://feeds.feedburner.com/~ff/JoomlaSecurityNews?d=yIl2AUoC8zA" border="0"></img></a> </div><img src="http://feeds.feedburner.com/~r/JoomlaSecurityNews/~4/jeUWmBBItXQ" height="1" width="1"/> dextercowley@gmail.com (Mark Dexter) Security Wed, 24 Apr 2013 05:00:00 +0000 http://developer.joomla.org/security/82-20130402-core-information-disclosure.html http://feeds.joomla.org/~r/JoomlaSecurityNews/~3/FQMFoCUn9T0/83-20130404-core-xss-vulnerability.html http://developer.joomla.org/security/83-20130404-core-xss-vulnerability.html <div class="feed-description"><ul> <li>Project: Joomla!</li> <li>SubProject: All</li> <li>Severity: <span class="label label-warning">Low</span></li> <li>Versions: 2.5.9 and earlier 2.5.x versions. 3.0.3 and earlier 3.0.x versions.</li> <li>Exploit type: XSS Vulnerability</li> <li>Reported Date: 2013-February-15</li> <li>Fixed Date: 2013-April-24</li> <li>CVE Number: None</li> </ul> <h3>Description</h3> <p>Use of old version of Flash-based file uploader leads to XSS vulnerability.</p> <h3>Affected Installs</h3> <p>Joomla! version 2.5.9 and earlier 2.5.x versions; and version 3.0.2 and earlier 3.0.x versions.</p> <h3>Solution</h3> <p>Upgrade to version 2.5.10,  3.1.0 or 3.0.4.</p> <h3>Contact</h3> <p>The JSST at the Joomla! Security Center.</p> <div class="alert alert-info"><strong>Reported By:</strong> Reginaldo Silva</div></div><div class="feedflare"> <a href="http://feeds.joomla.org/~ff/JoomlaSecurityNews?a=FQMFoCUn9T0:UFVYkKVcZK4:yIl2AUoC8zA"><img src="http://feeds.feedburner.com/~ff/JoomlaSecurityNews?d=yIl2AUoC8zA" border="0"></img></a> </div><img src="http://feeds.feedburner.com/~r/JoomlaSecurityNews/~4/FQMFoCUn9T0" height="1" width="1"/> dextercowley@gmail.com (Mark Dexter) Security Wed, 24 Apr 2013 05:00:00 +0000 http://developer.joomla.org/security/83-20130404-core-xss-vulnerability.html http://feeds.joomla.org/~r/JoomlaSecurityNews/~3/FVheH_tIYJw/84-20130401-core-privilege-escalation.html http://developer.joomla.org/security/84-20130401-core-privilege-escalation.html <div class="feed-description"><ul> <li>Project: Joomla!</li> <li>SubProject: All</li> <li>Severity: <span class="label label-warning">Low</span></li> <li>Versions: 2.5.9 and earlier 2.5.x versions. 3.0.3 and earlier 3.0.x versions.</li> <li>Exploit type: Privilege Escalation</li> <li>Reported Date: 2013-March-29</li> <li>Fixed Date: 2013-April-24</li> <li>CVE Number: CVE-2013-3056</li> </ul> <h3>Description</h3> <p>Inadequate permission checking allows unauthorised user to delete private messages.</p> <h3>Affected Installs</h3> <p>Joomla! version 2.5.9 and earlier 2.5.x versions; and version 3.0.2 and earlier 3.0.x versions.</p> <h3>Solution</h3> <p>Upgrade to version 2.5.10,  3.1.0 or 3.0.4.</p> <h3>Contact</h3> <p>The JSST at the Joomla! Security Center.</p> <div class="alert alert-info"><strong>Reported By:</strong> Francois Gauthier</div></div><div class="feedflare"> <a href="http://feeds.joomla.org/~ff/JoomlaSecurityNews?a=FVheH_tIYJw:wH35RIfE7cI:yIl2AUoC8zA"><img src="http://feeds.feedburner.com/~ff/JoomlaSecurityNews?d=yIl2AUoC8zA" border="0"></img></a> </div><img src="http://feeds.feedburner.com/~r/JoomlaSecurityNews/~4/FVheH_tIYJw" height="1" width="1"/> dextercowley@gmail.com (Mark Dexter) Security Wed, 24 Apr 2013 05:00:00 +0000 http://developer.joomla.org/security/84-20130401-core-privilege-escalation.html http://feeds.joomla.org/~r/JoomlaSecurityNews/~3/iWe7Pbbi2fA/85-20130406-core-dos-vulnerability.html http://developer.joomla.org/security/85-20130406-core-dos-vulnerability.html <div class="feed-description"><ul> <li>Project: Joomla!</li> <li>SubProject: All</li> <li>Severity: <span class="label label-warning">Moderate</span></li> <li>Versions: 2.5.9 and earlier 2.5.x versions. 3.0.3 and earlier 3.0.x versions.</li> <li>Exploit type: Denial of service vulnerability</li> <li>Reported Date: 2013-February-18</li> <li>Fixed Date: 2013-April-24</li> <li>CVE Number: CVE-2013-3242</li> </ul> <h3>Description</h3> <p>Object unserialize method leads to possible denial of service vulnerability.</p> <h3>Affected Installs</h3> <p>Joomla! version 2.5.9 and earlier 2.5.x versions; and version 3.0.2 and earlier 3.0.x versions.</p> <h3>Solution</h3> <p>Upgrade to version 2.5.10,  3.1.0 or 3.0.4.</p> <h3>Contact</h3> <p>The JSST at the Joomla! Security Center.</p> <div class="alert alert-info"><strong>Reported By:</strong> Egidio Romano </div></div><div class="feedflare"> <a href="http://feeds.joomla.org/~ff/JoomlaSecurityNews?a=iWe7Pbbi2fA:3wUYCVj2-aM:yIl2AUoC8zA"><img src="http://feeds.feedburner.com/~ff/JoomlaSecurityNews?d=yIl2AUoC8zA" border="0"></img></a> </div><img src="http://feeds.feedburner.com/~r/JoomlaSecurityNews/~4/iWe7Pbbi2fA" height="1" width="1"/> dextercowley@gmail.com (Mark Dexter) Security Wed, 24 Apr 2013 05:00:00 +0000 http://developer.joomla.org/security/85-20130406-core-dos-vulnerability.html http://feeds.joomla.org/~r/JoomlaSecurityNews/~3/VKeZ35SBpTo/86-20130407-core-xss-vulnerability.html http://developer.joomla.org/security/86-20130407-core-xss-vulnerability.html <div class="feed-description"><ul> <li>Project: Joomla!</li> <li>SubProject: All</li> <li>Severity: <span class="label label-warning">Low</span></li> <li>Versions: 2.5.9 and earlier 2.5.x versions. 3.0.3 and earlier 3.0.x versions.</li> <li>Exploit type: XSS Vulnerability</li> <li>Reported Date: 2013-April-17</li> <li>Fixed Date: 2013-April-24</li> <li>CVE Number: CVE-2013-3267</li> </ul> <h3>Description</h3> <p>Inadequate filtering leads to XSS vulnerability in highlighter plugin.</p> <h3>Affected Installs</h3> <p>Joomla! version 2.5.9 and earlier 2.5.x versions; and version 3.0.2 and earlier 3.0.x versions.</p> <h3>Solution</h3> <p>Upgrade to version 2.5.10,  3.1.0 or 3.0.4.</p> <h3>Contact</h3> <p>The JSST at the Joomla! Security Center.</p> <div class="alert alert-info"><strong>Reported By:</strong> Vertical Pigeon</div></div><div class="feedflare"> <a href="http://feeds.joomla.org/~ff/JoomlaSecurityNews?a=VKeZ35SBpTo:5qlIwfJ_2tw:yIl2AUoC8zA"><img src="http://feeds.feedburner.com/~ff/JoomlaSecurityNews?d=yIl2AUoC8zA" border="0"></img></a> </div><img src="http://feeds.feedburner.com/~r/JoomlaSecurityNews/~4/VKeZ35SBpTo" height="1" width="1"/> dextercowley@gmail.com (Mark Dexter) Security Wed, 24 Apr 2013 05:00:00 +0000 http://developer.joomla.org/security/86-20130407-core-xss-vulnerability.html http://feeds.joomla.org/~r/JoomlaSecurityNews/~3/5zsiWRsFsQY/77-20130202-core-information-disclosure.html http://developer.joomla.org/security/77-20130202-core-information-disclosure.html <div class="feed-description"><ul> <li>Project: Joomla!</li> <li>SubProject: All</li> <li>Severity: <span class="label label-warning">Low</span></li> <li>Versions: 3.0.2 and earlier 3.0.x versions.</li> <li>Exploit type: Information disclosure</li> <li>Reported Date: 2013-January-16</li> <li>Fixed Date: 2013-February-4</li> <li>CVE Number: CVE-2013-1455</li> </ul> <h3>Description</h3> <p> Undefined variable caused information disclosure in some situations. </p> <h3>Affected Installs</h3> <p>Joomla! version 3.0.2 and earlier 3.0.x versions.</p> <h3>Solution</h3> <p>Upgrade to version 3.0.3.</p> <h3>Contact</h3> <p>The JSST at the Joomla! Security Center.</p> <div class="alert alert-info"> <strong>Reported By:</strong> Mark Dexter </div></div><div class="feedflare"> <a href="http://feeds.joomla.org/~ff/JoomlaSecurityNews?a=5zsiWRsFsQY:8z0f5wXfJLk:yIl2AUoC8zA"><img src="http://feeds.feedburner.com/~ff/JoomlaSecurityNews?d=yIl2AUoC8zA" border="0"></img></a> </div><img src="http://feeds.feedburner.com/~r/JoomlaSecurityNews/~4/5zsiWRsFsQY" height="1" width="1"/> david.hurley@joomla.org (David Hurley) Security Thu, 04 Apr 2013 22:44:09 +0000 http://developer.joomla.org/security/77-20130202-core-information-disclosure.html