Archive for the ‘ Joomla Security ’ Category

[20110603] – Unauthorised Access

Project: Joomla! SubProject: All Severity: Medium Versions: 1.6.3 and all earlier 1.6.x versions Exploit type: Unauthorised Access Reported Date: 2011-June-10 Fixed Date: 2011-June-27 Description Inadequate permission checking causes potential for unauthorised access. Affected Installs Joomla! version 1.6.3 and all earlier 1.6.x versions Solution Upgrade to the latest Joomla! version (1.6.4 or later) Reported by Mark Dexter Contact The JSST at the Joomla! Security Center .

See the rest here:
[20110603] – Unauthorised Access

[20110601] – XSS Vulnerabilities

Project: Joomla! SubProject: All Severity: Medium Versions: 1.6.3 and all earlier 1.6.x versions Exploit type: XSS Reported Date: 2011-March-24 Fixed Date: 2011-June-27 Description Inadequate filtering leads to XSS vulnerability. Affected Installs Joomla! version 1.6.3 and all earlier 1.6.x versions Solution Upgrade to the latest Joomla! version (1.6.4 or later) Reported by Mesut Timur Contact The JSST at the Joomla! Security Center .

Read the original post:
[20110601] – XSS Vulnerabilities

[20110602] – Information Disclosure

Project: Joomla! SubProject: All Severity: Low Versions: 1.6.3 and all earlier 1.6.x versions Exploit type: Information Disclosure Reported Date: 2011-May-25 Fixed Date: 2011-June-23 Description Inadequate filtering causes possible information disclosure. Affected Installs Joomla! version 1.6.3 and all earlier 1.6.x versions Solution Upgrade to the latest Joomla! version (1.6.4 or later) Reported by Aung Khant Contact The JSST at the Joomla! Security Center .

Read more:
[20110602] – Information Disclosure

[20110604] – XSS Vulnerability

Project: Joomla! SubProject: All Severity: Medium Versions: 1.6.3 and all earlier 1.6.x versions Exploit type: XSS Reported Date: 2011-May-25 Fixed Date: 2011-June-27 Description Inadequate filtering leads to XSS vulnerability. Affected Installs Joomla! version 1.6.3 and all earlier 1.6.x versions Solution Upgrade to the latest Joomla! version (1.6.4 or later) Reported by Aung Khant Contact The JSST at the Joomla! Security Center .

View post:
[20110604] – XSS Vulnerability

[20110402] – Core – Information Disclosure

Project: Joomla! SubProject: All Severity: Low Versions: 1.6.1 and 1.6.0 Exploit type: Information Disclosure Reported Date: 2011-March-28 Fixed Date: 2011-April-14 Description Inadequate error checking causes information disclosure. Affected Installs Joomla! version 1.6.1 and 1.6.0 versions Solution Upgrade to the latest Joomla! version (1.6.2 or later) Reported by YGN Ethical Hacker Group Contact The JSST at the Joomla! Security Center .

Read the original post:
[20110402] – Core – Information Disclosure

[20110403] – Core – Information Disclosure

Project: Joomla! SubProject: All Severity: Low Versions: 1.6.1 and 1.6.0 Exploit type: Information Disclosure Reported Date: 2011-March-26 Fixed Date: 2011-April-14 Description Inadequate error checking causes information disclosure.

View original post here:
[20110403] – Core – Information Disclosure

[20110404] – Core – XSS Vulnerabilities

Project: Joomla! SubProject: All Severity: Low Versions: 1.6.1 and 1.6.0 Exploit type: XSS Vulnerabilities Reported Date: 2011-April-06 Fixed Date: 2011-April-14 Description Unescaped values in administrative modal windows causes potential XSS vulnerabilities. Affected Installs Joomla! version 1.6.1 and 1.6.0 versions Solution Upgrade to the latest Joomla! version (1.6.2 or later) Reported by Klas Berlič Contact The JSST at the Joomla! Security Center .

See the rest here:
[20110404] – Core – XSS Vulnerabilities

[20110405] – Core – XSS Vulnerabilities

Project: Joomla! SubProject: All Severity: Medium Versions: 1.6.1 and 1.6.0 Exploit type: XSS Vulnerabilities Reported Date: 2011-March-29 Fixed Date: 2011-April-14 Description Inadequate filtering causes XSS vulnerabilities. Affected Installs Joomla! version 1.6.1 and 1.6.0 versions Solution Upgrade to the latest Joomla! version (1.6.2 or later) Reported by Jeff Channell Contact The JSST at the Joomla! Security Center .

See original here:
[20110405] – Core – XSS Vulnerabilities

[20110406] – Core – XSS Vulnerabilities

Project: Joomla! SubProject: All Severity: Medium Versions: 1.6.1 and 1.6.0 Exploit type: XSS Vulnerabilities Reported Date: 2011-April-05 Fixed Date: 2011-April-14 Description Inadequate filtering causes XSS vulnerabilities. Affected Installs Joomla! version 1.6.1 and 1.6.0 versions Solution Upgrade to the latest Joomla! version (1.6.2 or later) Reported by Jeff Channell Contact The JSST at the Joomla! Security Center .

Read the rest here:
[20110406] – Core – XSS Vulnerabilities

[20110407] – Core – Unauthorised Access

Project: Joomla! SubProject: All Severity: Medium Versions: 1.6.1 and 1.6.0 Exploit type: Unauthorised access Reported Date: 2011-March-17 Fixed Date: 2011-April-14 Description Inadequate permission checking causes potential for unauthorised access. Affected Installs Joomla! version 1.6.1 and 1.6.0 versions Solution Upgrade to the latest Joomla! version (1.6.2 or later) Reported by Elin Waring Contact The JSST at the Joomla! Security Center .

Read more from the original source:
[20110407] – Core – Unauthorised Access