Home Liens RSS (autres sites) Joomla! Security News

Simple MP3 Player


PopUp MP3 Player (New Window)
Newsfeeds
Joomla! Developer Network - Security News
Joomla! - the dynamic portal engine and content management system

  • [20120304] - Core - Password Change
    • Project: Joomla!
    • SubProject: All
    • Severity: High
    • Versions: 2.5.2, 2.5.1, 2.5.0, and all 1.7.x and 1.6.x releases
    • Exploit type: Password Change
    • Reported Date: 2012-March-8
    • Fixed Date: 2012-March-15

    Description

    Insufficient randomness leads to password reset vulnerability.

    Affected Installs

    Joomla! versions 2.5.2, 2.5.1, 2.5.0, and all 1.7.x and 1.6.x versions

    Solution

    Upgrade to version 2.5.3

    Reported by George Argyros and Aggelos Kiayias

    Contact

    The JSST at the Joomla! Security Center.



  • [20120303] - Core - Privilege Escalation
    • Project: Joomla!
    • SubProject: All
    • Severity: High
    • Versions: 2.5.2, 2.5.1, 2.5.0, and all 1.7.x and 1.6.x releases
    • Exploit type: Privilege Escalation
    • Reported Date: 2012-March-12
    • Fixed Date: 2012-March-15

    Description

    Programming error allows privilege escalation in some cases.

    Affected Installs

    Joomla! versions 2.5.2, 2.5.1, 2.5.0, and all 1.7.x and 1.6.x versions

    Solution

    Upgrade to version 2.5.3

    Reported by Jeff Channel

    Contact

    The JSST at the Joomla! Security Center.



  • [20120301] - Core - SQL Injection
    • Project: Joomla!
    • SubProject: All
    • Severity: High
    • Versions: 2.5.1, 2.5.0 and 1.7.0 - 1.7.5
    • Exploit type: SQL Injection
    • Reported Date: 2012-February-29
    • Fixed Date: 2012-March-05

    Description

    Inadequate escaping leads to SQL injection vulnerability.

    Affected Installs

    Joomla! version 2.5.1, 2.5.0, 1.7.4, and all earlier 1.7.x versions

    Solution

    Upgrade to version 2.5.2

    Reported by Ching Shiong Sow, Stratsec

    Contact

    The JSST at the Joomla! Security Center.



  • [20120302] - Core - XSS Vulnerability
    • Project: Joomla!
    • SubProject: All
    • Severity: Moderate
    • Versions: 2.5.1 and 2.5.0
    • Exploit type: XSS Vulnerability
    • Reported Date: 2012-February-29
    • Fixed Date: 2012-March-05

    Description

    Inadequate filtering leads to XSS vulnerability.

    Affected Installs

    Joomla! version 2.5.1 and 2.5.0.

    Solution

    Upgrade to version 2.5.2

    Reported by Phil Purviance

    Contact

    The JSST at the Joomla! Security Center.



  • [20120202] - Core - Information Disclosure
    • Project: Joomla!
    • SubProject: All
    • Severity: Moderate
    • Versions: 1.7.4 and all earlier 1.7.x versions
    • Exploit type: Information Disclosure
    • Reported Date: 2012-January-06
    • Fixed Date: 2012-February-02

    Description

    On some servers the error log could be read by unauthorised users.

    Affected Installs

    Joomla! version 1.7.4 and all earlier 1.7.x versions

    Solution

    Upgrade to version 2.5.1 or 1.7.5 or higher

    Reported by Alain Rivest

    Contact

    The JSST at the Joomla! Security Center.
Copyright © 2025 joomla68.free.fr. Tous droits réservés.
Joomla! est un logiciel libre sous licence GNU/GPL.