oss-sec mailing list archives
Re: CVE request: joomla <= 1.5.15 code upload, information leak, session fixation, unauthorized access (was Fwd: Joomla! Security News)
From: Josh Bressers <bressers () redhat com>
Date: Mon, 26 Apr 2010 15:56:17 -0400 (EDT)
Here you go: CVE-2010-1432 Joomla! information Disclosure CVE-2010-1433 Joomla! Code upload CVE-2010-1434 Joomla! Session fixation CVE-2010-1435 Joomla! Unauthorised Access Thanks. -- JB ----- "Hanno Böck" <hanno () hboeck de> wrote:
---------- forwarded message ---------- Subject: Joomla! Security News Date: Samstag 24 April 2010 From: "Joomla! Developer - Vulnerability News" <no_reply () joomla org> Joomla! Developer - Vulnerability News /////////////////////////////////////////// [20100423] - Core - Negative Values for Limit and Offset Posted: 23 Apr 2010 10:31 AM PDT http://feedproxy.google.com/~r/JoomlaSecurityNews/~3/K3rjMh4AvSE/311-20100423- core-negative-values-for-limit-and- offset.html?utm_source=feedburner&utm_medium=email Project: Joomla! SubProject: All Severity: Moderate Versions: 1.5.15 and all previous 1.5 releases Exploit type: information Disclosure Reported Date: 2010-Feb-21 Fixed Date: 2010-Apr-23 Description If a user entered a URL with a negative query limit or offset, a PHP notice would display revealing information about the system. Affected Installs All 1.5.x installs prior to and including 1.5.15 are affected. Solution Upgrade to the latest Joomla! version (1.5.16 or later) Reported by Security List Contact The JSST at the Joomla! Security Center. /////////////////////////////////////////// [20100423] - Core - Installer Migration Script Posted: 23 Apr 2010 10:27 AM PDT http://feedproxy.google.com/~r/JoomlaSecurityNews/~3/QLis4AG_-cs/310-20100423- core-installer-migration-script.html?utm_source=feedburner&utm_medium=email Project: Joomla! SubProject: All Severity: Low Versions: 1.5.15 and all previous 1.5 releases Exploit type: Code upload Reported Date: 2009-Dec-30 Fixed Date: 2010-Apr-23 Description The migration script in the Joomla! installer does not check the file type being uploaded. If the installation application is present, an attacker could use it to upload malicious files to a server. Affected Installs All 1.5.x installs prior to and including 1.5.15 are affected. Solution Upgrade to the latest Joomla! version (1.5.16 or later) Reported by Nicola Bettini Contact The JSST at the Joomla! Security Center. /////////////////////////////////////////// [20100423] - Core - Sessation Fixation Posted: 23 Apr 2010 10:22 AM PDT http://feedproxy.google.com/~r/JoomlaSecurityNews/~3/KWB_pRZpcP4/309-20100423- core-sessation-fixation.html?utm_source=feedburner&utm_medium=email Project: Joomla! SubProject: All Severity: Moderate Versions: 1.5.15 and all previous 1.5 releases Exploit type: Session fixation Reported Date: 2010-Mar-25 Fixed Date: 2010-Apr-23 Description Session id doesn't get modified when user logs in. A remote site may be able to forward a visitor to the Joomla! site and set a specific cookie. If the user then logs in, the remote site can use that cookie to authenticate as that user. Affected Installs All 1.5.x installs prior to and including 1.5.15 are affected. Solution Upgrade to the latest Joomla! version (1.5.16 or later) Reported by Raúl Siles and Steven Pignataro Contact The JSST at the Joomla! Security Center.[20100423] - Core - Password Reset Tokens /////////////////////////////////////////// [20100423] - Core - Password Reset Tokens Posted: 22 Apr 2010 05:00 PM PDT http://feedproxy.google.com/~r/JoomlaSecurityNews/~3/UdLK-p0f7tQ/308-20100423- core-password-reset-tokens.html?utm_source=feedburner&utm_medium=email Project: Joomla! SubProject: All Severity: Low Versions: 1.5.15 and all previous 1.5 releases Exploit type: Unauthorised Access Reported Date: 2010-Jan-07 Fixed Date: 2010-Apr-23 Description When a user requests a password reset, the reset tokens were stored in plain text in the database. While this is not a vulnerability in itself, it allows user accounts to be compromised if there is an extension on the site with an SQL injection vulnerability. Affected Installs All 1.5.x installs prior to and including 1.5.15 are affected. Solution Upgrade to the latest Joomla! version (1.5.16 or later) Reported by Madis Abel Contact The JSST at the Joomla! Security Center. -- Hanno Böck Blog: http://www.hboeck.de/ GPG: 3DBD3B20 Jabber/Mail: hanno () hboeck de http://schokokeks.org - professional webhosting
Current thread:
- CVE request: joomla <= 1.5.15 code upload, information leak, session fixation, unauthorized access (was Fwd: Joomla! Security News) Hanno Böck (Apr 26)
- Re: CVE request: joomla <= 1.5.15 code upload, information leak, session fixation, unauthorized access (was Fwd: Joomla! Security News) Josh Bressers (Apr 26)