-
[20120202] - Core - Information Disclosure
- Project: Joomla!
- SubProject: All
- Severity: Moderate
- Versions: 1.7.4 and all earlier 1.7.x versions
- Exploit type: Information Disclosure
- Reported Date: 2012-January-06
- Fixed Date: 2012-February-02
Description
On some servers the error log could be read by unauthorised users.
Affected Installs
Joomla! version 1.7.4 and all earlier 1.7.x versions
Solution
Upgrade to version 2.5.1 or 1.7.5 or higher
Reported by Alain Rivest
Contact
The JSST at the Joomla! Security Center.
-
[20120203] - Core - Information Disclosure
- Project: Joomla!
- SubProject: All
- Severity: Low
- Versions: 2.5.0 and 1.7.0 - 1.7.4
- Exploit type: Information Disclosure
- Reported Date: 2012-January-29
- Fixed Date: 2012-February-02
Description
Inadequate validation leads to path disclosure in administrator.
Affected Installs
Joomla! version 2.5.0, 1.7.4, and all earlier 1.7.x versions
Solution
Upgrade to version 2.5.1 or 1.7.5 or higher
Reported by Jakub Galczyk
Contact
The JSST at the Joomla! Security Center.
-
[20120201] - Core - Information Disclosure
- Project: Joomla!
- SubProject: All
- Severity: Low
- Versions: 2.5.0 and 1.7.0 - 1.7.4
- Exploit type: Information Disclosure
- Reported Date: 2012-January-29
- Fixed Date: 2012-February-02
Description
Inadequate validation leads to information disclosure in administrator.
Affected Installs
Joomla! version 2.5.0, 1.7.4, and all earlier 1.7.x versions
Solution
Upgrade to version 1.7.5 or 2.5.1 or higher
Reported by Jakub Galczyk
Contact
The JSST at the Joomla! Security Center.
-
[20120103] - Core - Information Disclosure
- Project: Joomla!
- SubProject: All
- Severity: Low
- Versions: 1.7.3 and all earlier 1.7 and 1.6 versions
- Exploit type: Information Disclosure
- Reported Date: 2011-December-19
- Fixed Date: 2012-January-24
Description
Inadequate filtering leads to information disclosure.
Affected Installs
Joomla! version 1.7.3 and all earlier versions
Solution
Upgrade to version 1.7.4 or 2.5.0 or higher
Reported by Jean-Marie Simonet
Contact
The JSST at the Joomla! Security Center.
-
[20120101] - Core - Information Disclosure
- Project: Joomla!
- SubProject: All
- Severity: Low
- Versions: 1.7.3 and all earlier 1.7 and 1.6 versions
- Exploit type: Information Disclosure
- Reported Date: 2012-January-07
- Fixed Date: 2012-January-24
Description
Inadequate filtering leads to information disclosure.
Affected Installs
Joomla! version 1.7.3 and all earlier versions
Solution
Upgrade to version 1.7.4 or 2.5.0 or higher
Reported by Cyrille Barthelemy
Contact
The JSST at the Joomla! Security Center.
-
[20120102] - Core - XSS Vulnerability
- Project: Joomla!
- SubProject: All
- Severity: Moderate
- Versions: 1.7.3 and all earlier 1.7 and 1.6 versions
- Exploit type: XSS Vulnerability
- Reported Date: 2011-November-16
- Fixed Date: 2012-January-24
Description
Inadequate filtering leads to XSS vulnerability.
Affected Installs
Joomla! version 1.7.3 and all earlier versions
Solution
Upgrade to version 1.7.4 or 2.5.0 or higher
Reported by Ankita Kapadia
Contact
The JSST at the Joomla! Security Center.
-
[20120104] - Core - XSS Vulnerability
- Project: Joomla!
- SubProject: All
- Severity: Moderate
- Versions: 1.7.3 and all earlier versions
- Exploit type: XSS Vulnerability
- Reported Date: 2012-January-22
- Fixed Date: 2012-January-24
Description
Inadequate filtering leads to XSS vulnerability.
Affected Installs
Joomla! version 1.7.3 and all earlier 1.7 and 1.6 versions
Solution
Upgrade to version 1.7.4 or 2.5.0 or higher
Reported by David Jardin
Contact
The JSST at the Joomla! Security Center.
-
[20111101] - Core - XSS Vulnerability
- Project: Joomla!
- SubProject: All
- Severity: Medium
- Versions: 1.7.2 and all 1.6.x versions
- Exploit type: XSS
- Reported Date: 2011-October-21
- Fixed Date: 2011-November-14
Description
Inadequate filtering leads to XSS vulnerability in back end.
Affected Installs
Joomla! version 1.7.2 and all earlier 1.7.x and 1.6.x versions
Solution
Upgrade to the latest Joomla! version (1.7.3 or later)
Reported by Corné Hannema
Contact
The JSST at the Joomla! Security Center.
-
[20111103] - Core - Password Change
- Project: Joomla!
- SubProject: All
- Severity: High
- Versions: 1.5.24 and all earlier 1.5 versions
- Exploit type: Password Change
- Reported Date: 2011-October-28
- Fixed Date: 2011-November-14
Description
Weak random number generation during password reset leads to possibility of changing a user's password.
Affected Installs
Joomla! version 1.5.24 and all earlier 1.5 versions
Solution
Upgrade to the latest Joomla! 1.5 version (1.5.25 or later)
Reported by Gregor Kopf and David Jardin
Contact
The JSST at the Joomla! Security Center.
-
[20111102] - Core - Password Change
- Project: Joomla!
- SubProject: All
- Severity: High
- Versions: 1.7.2 and all 1.6.x versions
- Exploit type: Password Change
- Reported Date: 2011-October-28
- Fixed Date: 2011-November-14
Description
Weak random number generation during password reset leads to possibility of changing a user's password.
Affected Installs
Joomla! version 1.7.2 and all earlier 1.7.x and 1.6.x versions
Solution
Upgrade to the latest Joomla! version (1.7.3 or later)
Reported by Gregor Kopf and David Jardin
Contact
The JSST at the Joomla! Security Center.
Uutissyötteet 
