Archive | Joomla RSS feed for this section

[20110408] – Core – SQL Injection

[20110408] - Core - SQL Injection

Project: Joomla! SubProject: All Severity: Medium Versions: 1.6.1 and 1.6.0 Exploit type: SQL Injection Reported Date: 2011-March-12 Fixed Date: 2011-April-14 Description Unescaped values in query leads to SQL injection vulnerability. Affected Installs Joomla! version 1.6.1 and 1.6.0 versions Solution Upgrade to the latest Joomla! version (1.6.2 or later) Reported by anonymous. Contact The JSST at […]

0 Comments Read more »

[20110402] – Core – Information Disclosure

Project: Joomla! SubProject: All Severity: Low Versions: 1.6.1 and 1.6.0 Exploit type: Information Disclosure Reported Date: 2011-March-28 Fixed Date: 2011-April-14 Description Inadequate error checking causes information disclosure. Affected Installs Joomla! version 1.6.1 and 1.6.0 versions Solution Upgrade to the latest Joomla! version (1.6.2 or later) Reported by YGN Ethical Hacker Group Contact The JSST at […]

0 Comments Read more »

[20110403] – Core – Information Disclosure

[20110403] - Core - Information Disclosure

Project: Joomla! SubProject: All Severity: Low Versions: 1.6.1 and 1.6.0 Exploit type: Information Disclosure Reported Date: 2011-March-26 Fixed Date: 2011-April-14 Description Inadequate error checking causes information disclosure. Affected Installs Joomla! version 1.6.1 and 1.6.0 versions Solution Upgrade to the latest Joomla! version (1.6.2 or later) Reported by High-Tech Bridge SA (Switzerland) Contact The JSST at […]

0 Comments Read more »

[20110407] – Core – Unauthorised Access

[20110407] - Core - Unauthorised Access

Project: Joomla! SubProject: All Severity: Medium Versions: 1.6.1 and 1.6.0 Exploit type: Unauthorised access Reported Date: 2011-March-17 Fixed Date: 2011-April-14 Description Inadequate permission checking causes potential for unauthorised access. Affected Installs Joomla! version 1.6.1 and 1.6.0 versions Solution Upgrade to the latest Joomla! version (1.6.2 or later) Reported by Elin Waring Contact The JSST at […]

0 Comments Read more »

[20110404] – Core – XSS Vulnerabilities

Project: Joomla! SubProject: All Severity: Low Versions: 1.6.1 and 1.6.0 Exploit type: XSS Vulnerabilities Reported Date: 2011-April-06 Fixed Date: 2011-April-14 Description Unescaped values in administrative modal windows causes potential XSS vulnerabilities. Affected Installs Joomla! version 1.6.1 and 1.6.0 versions Solution Upgrade to the latest Joomla! version (1.6.2 or later) Reported by Klas Berlič Contact The […]

0 Comments Read more »

[20110406] – Core – XSS Vulnerabilities

[20110406] - Core - XSS Vulnerabilities

Project: Joomla! SubProject: All Severity: Medium Versions: 1.6.1 and 1.6.0 Exploit type: XSS Vulnerabilities Reported Date: 2011-April-05 Fixed Date: 2011-April-14 Description Inadequate filtering causes XSS vulnerabilities. Affected Installs Joomla! version 1.6.1 and 1.6.0 versions Solution Upgrade to the latest Joomla! version (1.6.2 or later) Reported by Jeff Channell Contact The JSST at the Joomla! Security […]

0 Comments Read more »

[20110405] – Core – XSS Vulnerabilities

Project: Joomla! SubProject: All Severity: Medium Versions: 1.6.1 and 1.6.0 Exploit type: XSS Vulnerabilities Reported Date: 2011-March-29 Fixed Date: 2011-April-14 Description Inadequate filtering causes XSS vulnerabilities. Affected Installs Joomla! version 1.6.1 and 1.6.0 versions Solution Upgrade to the latest Joomla! version (1.6.2 or later) Reported by Jeff Channell Contact The JSST at the Joomla! Security […]

0 Comments Read more »

[20110409] – Core – Clickjacking

Project: Joomla! SubProject: All Severity: Medium Versions: 1.6.1 and 1.6.0 Exploit type: Clickjacking Reported Date: 2011-March-30 Fixed Date: 2011-April-14 Description Inadequate protection leads to clickjacking vulnerability. Affected Installs Joomla! version 1.6.1 and 1.6.0 versions Solution Upgrade to the latest Joomla! version (1.6.2 or later) Reported by Aung Khant, YGN Ethical Hacker Group

0 Comments Read more »

[20110401] – Core – Information Disclosure

[20110401] - Core - Information Disclosure

Project: Joomla! SubProject: All Severity: Low Versions: 1.5.22 and earlier Exploit type: Information Disclosure Reported Date: 2010-December-08 Fixed Date: 2011-April-04 Description Inadequate error checking causes information disclosure. Affected Installs Joomla! version 1.5.22 and all previous 1.5 versions Solution Upgrade to the latest Joomla! version (1.5.23 or later) Reported by Hannes Papenberg Contact The JSST at […]

0 Comments Read more »

[20110308] – Core – CSRF Vulnerability

[20110308] - Core - CSRF Vulnerability

Project: Joomla! SubProject: All Severity: Low Versions: 1.6.0 Exploit type: Cross Site Request Forgery Reported Date: 2011-March-04 Fixed Date: 2011-March-07 Description Inadequate token checking leads to cross-site request forgery vulnerability. Affected Installs Joomla! version 1.6.0. Solution Upgrade to the latest Joomla! version (1.6.1 or later) Reported by Marius van Rijnsoever Contact The JSST at the […]

0 Comments Read more »