Wed 03 Jun 2009 |
|
Wednesday, 03 June 2009 05:56 |
|
| |
- Project: Joomla!
- SubProject: com_users
- Severity: Moderate
- Versions: 1.5.10 and all previous 1.5 releases
- Exploit type: XSS
- Reported Date: 2009-April-30
- Fixed Date: 2009-June-02
Description
A XSS vulnerability exists in the user view of com_users in the administrator panel.
Affected Installs
All 1.5.x installs prior to and including 1.5.10 are affected.
Solution
Upgrade to latest Joomla! version (1.5.11 or newer).
Reported by Airton Torres.
Contact
The JSST at the Joomla! Security Center. |
|
Last Updated on Wednesday, 03 June 2009 05:56 |
Wed 25 Mar 2009 |
|
Wednesday, 25 March 2009 17:08 |
|
| |
- Project: Joomla!
- SubProject: com_content
- Severity: Low
- Versions: 1.5.9 and all previous 1.5 releases
- Exploit type: XSS
- Reported Date: 2009-March-12
- Fixed Date: 2009-March-27
Description A XSS vulnerability exists in the category view of com_content. Affected Installs All 1.5.x installs prior to and including 1.5.9 are affected. Solution Upgrade to latest Joomla! version (1.5.10 or newer). Contact The JSST at the Joomla! Security Center. |
Wed 25 Mar 2009 |
|
Wednesday, 25 March 2009 17:02 |
|
| |
- Project: Joomla!
- SubProject: Multiple
- Severity: Moderate
- Versions: 1.5.9 and all previous 1.5 releases
- Exploit type: XSS and CSRV
- Reported Date: 2009-February-15
- Fixed Date: 2009-March-27
Description A series of XSS and CSRF faults exist in the administrator application. Affected administrator components include com_admin, com_media, com_search. Both com_admin and com_search contain XSS vulnerabilities, and com_media contains 2 CSRF vulnerabilities. Affected Installs All 1.5.x installs prior to and including 1.5.9 are affected. The com_search XSS vulnerability requires that "Gather Search Statistics" be enabled to be exploitable (Disabled by default). Solution Upgrade to latest Joomla! version (1.5.10 or newer). Contact The JSST at the Joomla! Security Center. |
|
Last Updated on Wednesday, 25 March 2009 18:04 |
Fri 09 Jan 2009 |
|
Friday, 09 January 2009 16:22 |
|
| |
- Project: Joomla!
- SubProject: plg_xstandard
- Severity: High
- Versions: 1.5.8 and all previous 1.5 releases
- Exploit type: Directory Traversal
- Reported Date: 2009-January-7
- Fixed Date: 2009-January-9
Description
A crafted request can cause disclosure of the directory structure on the server (including any directory that php has access to).
Affected Installs
All 1.5.x installs prior to and including 1.5.8 are affected.
Solution
Upgrade to latest Joomla! version (1.5.9 or newer).
Contact
The JSST at the Joomla! Security Center. |
|
Last Updated on Saturday, 10 January 2009 05:51 |
Fri 09 Jan 2009 |
|
Friday, 09 January 2009 16:12 |
|
| |
- Project: Joomla!
- SubProject: framework
- Severity: Low
- Versions: 1.5.8 and all previous 1.5 releases
- Exploit type: Session Hijacking/
- Reported Date: 2008-November-20
- Fixed Date: 2009-January-9
Description When running a site under SSL ONLY (the entire site is forced to be under ssl), Joomla! does not set the SSL flag on the cookie. This can allow someone monitoring the network to find the cookie related to the session. Please note that all data is still transferred securely. Affected Installs 1.5.8 and lower installs which are run with SSL only (no non-ssl access). Solution Upgrade to latest Joomla! version (1.5.9 or newer), and set force_ssl in global configuration. Alternatively, the php setting session.secure_cookie can be set in .htaccess or php.ini. Joomla! (all versions) will respect this setting. Reported By Hanno Boeck Contact The JSST at the Joomla! Security Center. |
|
Last Updated on Saturday, 10 January 2009 15:09 |
Mon 10 Nov 2008 |
|
Monday, 10 November 2008 23:56 |
|
| |
- Project: Joomla!
- SubProject: com_weblinks
- Severity:moderate
- Versions: 1.5.7 and all previous 1.5 releases
- Exploit type: XSS
- Reported Date: 2008-November-9
- Fixed Date: 2008-November-10
Description com_weblinks allows raw HTML into the title and description tags for weblink submissions (from both the administrator and site submission forms). Affected Installs All 1.5.x installs prior to and including 1.5.7 are affected. Solution Upgrade to latest Joomla! version (1.5.8 or newer). Reported By Gergo Erdosi Contact The JSST at the Joomla! Security Center. |
Mon 10 Nov 2008 |
|
Monday, 10 November 2008 23:51 |
|
| |
- Project: Joomla!
- SubProject: com_content
- Severity:moderate
- Versions: 1.5.7 and all previous 1.5 releases
- Exploit type: XSS
- Reported Date: 2008-October-03
- Fixed Date: 2008-November-10
Description The defaults on com_content article submission allow entry of dangerous HTML tags (script, etc). This only affects users with access level Author or higher, and only if you have not set filtering options in com_content configuration. Affected Installs All 1.5.x installs prior to and including 1.5.7 are affected. Solution Upgrade to latest Joomla! version (1.5.8 or newer). Reported By Johan Janssens Contact The JSST at the Joomla! Security Center. |
Tue 09 Sep 2008 |
|
Tuesday, 09 September 2008 16:09 |
|
| |
- Project: Joomla!
- SubProject:libraries
- Severity:High
- Versions: 1.5.6 and all previous 1.5 releases
- Exploit type:Brute Force
- Reported Date: 2008-August-23
- Fixed Date: 2008-September-9
|
|
Last Updated on Thursday, 16 October 2008 13:31 |
|
Read more...
|
Tue 09 Sep 2008 |
|
Tuesday, 09 September 2008 16:09 |
|
| |
- Project: Joomla!
- SubProject: com_mailto
- Severity: Low
- Versions: 1.5.6 and all previous 1.5 releases
- Exploit type: Email Spam
- Reported Date: 2008-August-29
- Fixed Date: 2008-September-9
|
|
Last Updated on Tuesday, 09 September 2008 16:24 |
|
Read more...
|
Tue 09 Sep 2008 |
|
Tuesday, 09 September 2008 16:09 |
|
| |
- Project: Joomla!
- SubProject: Multiple
- Severity: Low
- Versions: 1.5.6 and all previous 1.5 releases
- Exploit type: Redirect Spam
- Reported Date: 2008-August-26
- Fixed Date: 2008-September-9
|
|
Last Updated on Tuesday, 09 September 2008 16:41 |
|
Read more...
|
|
|
<< Start < Prev 1 2 3 Next > End >>
|
|
Page 2 of 3 |
