ImanIP: Joomla! Security News

vineri, 16 iulie 2010

Joomla! Security News

Joomla! Security News

[20100704] - Core - XSS Vulnerabillitis in Back End

[20100703] - Core - XSS Vulnerabillitis in Back End

[20100702] - Core - XSS Vulnerabillitis in Back End

[20100701] - Core - SQL Injection / Internal Path Exposure

[20100704] - Core - XSS Vulnerabillitis in Back End

Posted: 15 Jul 2010 09:04 AM PDT

Project: Joomla!

SubProject: All

Severity: Medium

Versions: 1.5.18 and all previous 1.5 releases

Exploit type: XSS Injection

Reported Date: 2010-June-1

Fixed Date: 2010-July-15

Description

Back-end user can inject Javascript in various administrator screens.

Affected Installs

All 1.5.x installs prior to and including 1.5.18 are affected.

Solution

Upgrade to the latest Joomla! version (1.5.18 or later)

Reported by oCERT.

Contact

The JSST at the Joomla! Security Center.

[20100703] - Core - XSS Vulnerabillitis in Back End

Posted: 15 Jul 2010 09:04 AM PDT

Project: Joomla!

SubProject: All

Severity: Medium

Versions: 1.5.18 and all previous 1.5 releases

Exploit type: XSS Injection

Reported Date: 2010-June-8

Fixed Date: 2010-July-15

Description

Back-end user can inject Javascript in various administrator screens.

Affected Installs

All 1.5.x installs prior to and including 1.5.18 are affected.

Solution

Upgrade to the latest Joomla! version (1.5.18 or later)

Reported by José Antonio Vázquez González

Contact

The JSST at the Joomla! Security Center.

[20100702] - Core - XSS Vulnerabillitis in Back End

Posted: 15 Jul 2010 09:04 AM PDT

Project: Joomla!

SubProject: All

Severity: Medium

Versions: 1.5.18 and all previous 1.5 releases

Exploit type: XSS Injection

Reported Date: 2010-June-8

Fixed Date: 2010-July-15

Description

Back-end user can inject Javascript in various administrator screens.

Affected Installs

All 1.5.x installs prior to and including 1.5.18 are affected.

Solution

Upgrade to the latest Joomla! version (1.5.18 or later)

Reported by José Antonio Vázquez González

Contact

The JSST at the Joomla! Security Center.

[20100701] - Core - SQL Injection / Internal Path Exposure

Posted: 15 Jul 2010 09:04 AM PDT

Project: Joomla!

SubProject: All

Severity: Low

Versions: 1.5.18 and all previous 1.5 releases

Exploit type: Internal Path Exposure

Reported Date: 2010-June-10

Fixed Date: 2010-July-15

Description

Back-end user can create MySQL error which shows internal path information in the error message.

Affected Installs

All 1.5.x installs prior to and including 1.5.18 are affected.

Solution

Upgrade to the latest Joomla! version (1.5.18 or later)

Reported by Andy Gorges

Contact

The JSST at the Joomla! Security Center.

You are subscribed to email updates from Joomla! Developer - Vulnerability News
To stop receiving these emails, you may unsubscribe now.
Email delivery powered by Google

Google Inc., 20 West Kinzie, Chicago IL USA 60610

ImanIP

vineri, 16 iulie 2010

Joomla! Security News

Joomla! Security News

Description

Affected Installs

Solution

Contact

Description

Affected Installs

Solution

Contact

Description

Affected Installs

Solution

Contact

Description

Affected Installs

Solution

Contact

Niciun comentariu:

Trimiteți un comentariu

Arhivă

Statistici