oss-sec mailing list archives

Re: Fwd Joomla! Security News 2012-01

From: Kurt Seifried <kseifried () redhat com>
Date: Wed, 25 Jan 2012 17:07:27 -0700

On 01/25/2012 07:17 AM, Henri Salo wrote:

Does someone know if these already have CVE-identifiers? Joomla just released this advisory.

- Henri Salo

----- Forwarded message from Joomla! Developer Network - Security News <no_reply () joomla org> -----

Date: Wed, 25 Jan 2012 13:21:21 +0000
From: Joomla! Developer Network - Security News <no_reply () joomla org>
To: henri () nerv fi
Subject: Joomla! Security News

Joomla! Developer Network - Security News


Are these the correct URL's/descriptions (see below)?

///////////////////////////////////////////
[20120101] - Core - Information Disclosure

Posted: 23 Jan 2012 01:45 AM PST
http://feedproxy.google.com/~r/JoomlaSecurityNews/~3/MYKnZ2QJKYE/382-20120101-core-information-disclosure.html?utm_source=feedburner&utm_medium=email



http://developer.joomla.org/security/news/382-20120101-core-information-disclosure.html

Project: Joomla! SubProject: All Severity: Low Versions: 1.7.3 and all
earlier 1.7 and 1.6 versions Exploit type: Information Disclosure
Reported Date: 2012-January-07 Fixed Date: 2012-January-24 Description
Inadequate filtering leads to information disclosure. Affected Installs
Joomla! version 1.7.3 and all earlier versions Solution Upgrade to
version 1.7.4 or 2.5.0 or higher Reported by Cyrille Barthelemy Contact
The JSST at the Joomla! Security Center.

Project: Joomla!
SubProject: All
Severity: Low
Versions: 1.7.3 and all earlier 1.7 and 1.6 versions
Exploit type: Information Disclosure
Reported Date: 2012-January-07
Fixed Date: 2012-January-24

Description
Inadequate filtering leads to information disclosure.
Affected Installs
Joomla! version 1.7.3 and all earlier versions
Solution
Upgrade to version 1.7.4 or 2.5.0 or higher
Reported by Cyrille Barthelemy
Contact
The JSST at the Joomla! Security Center.



///////////////////////////////////////////
[20120102] - Core - XSS Vulnerability

Posted: 23 Jan 2012 01:45 AM PST
http://feedproxy.google.com/~r/JoomlaSecurityNews/~3/XAEsWEG3dgU/383-20120102-core-xss-vulnerability.html?utm_source=feedburner&utm_medium=email



developer.joomla.org/security/news/383-20120102-core-xss-vulnerability.html

Project: Joomla! SubProject: All Severity: Moderate Versions: 1.7.3 and
all earlier 1.7 and 1.6 versions Exploit type: XSS Vulnerability
Reported Date: 2011-November-16 Fixed Date: 2012-January-24 Description
Inadequate filtering leads to XSS vulnerability. Affected Installs
Joomla! version 1.7.3 and all earlier versions Solution Upgrade to
version 1.7.4 or 2.5.0 or higher Reported by Ankita Kapadia Contact The
JSST at the Joomla! Security Center.

Project: Joomla!
SubProject: All
Severity: Moderate
Versions: 1.7.3 and all earlier 1.7 and 1.6 versions
Exploit type: XSS Vulnerability
Reported Date: 2011-November-16
Fixed Date: 2012-January-24

Description
Inadequate filtering leads to XSS vulnerability.
Affected Installs
Joomla! version 1.7.3 and all earlier versions
Solution
Upgrade to version 1.7.4 or 2.5.0 or higher
Reported by Ankita Kapadia
Contact
The JSST at the Joomla! Security Center.



///////////////////////////////////////////
[20120103] - Core - Information Disclosure

Posted: 23 Jan 2012 01:45 AM PST
http://feedproxy.google.com/~r/JoomlaSecurityNews/~3/Ed0TMAvyQ4g/384-20120103-core-information-disclosure.html?utm_source=feedburner&utm_medium=email


http://developer.joomla.org/security/news/384-20120103-core-information-disclosure.html

Project: Joomla! SubProject: All Severity: Low Versions: 1.7.3 and all
earlier 1.7 and 1.6 versions Exploit type: Information Disclosure
Reported Date: 2011-December-19 Fixed Date: 2012-January-24 Description
Inadequate filtering leads to information disclosure. Affected Installs
Joomla! version 1.7.3 and all earlier versions Solution Upgrade to
version 1.7.4 or 2.5.0 or higher Reported by Jean-Marie Simonet Contact
The JSST at the Joomla! Security Center.

Project: Joomla!
SubProject: All
Severity: Low
Versions: 1.7.3 and all earlier 1.7 and 1.6 versions
Exploit type: Information Disclosure
Reported Date: 2011-December-19
Fixed Date: 2012-January-24

Description
Inadequate filtering leads to information disclosure.
Affected Installs
Joomla! version 1.7.3 and all earlier versions
Solution
Upgrade to version 1.7.4 or 2.5.0 or higher
Reported by Jean-Marie Simonet
Contact
The JSST at the Joomla! Security Center.



///////////////////////////////////////////
[20120104] - Core - XSS Vulnerability

Posted: 23 Jan 2012 01:45 AM PST
c




http://developer.joomla.org/security/news/385-20120104-core-xss-vulnerability.html

Project: Joomla! SubProject: All Severity: Moderate Versions: 1.7.3 and
all earlier versions Exploit type: XSS Vulnerability Reported Date:
2012-January-22 Fixed Date: 2012-January-24 Description Inadequate
filtering leads to XSS vulnerability. Affected Installs Joomla! version
1.7.3 and all earlier 1.7 and 1.6 versions Solution Upgrade to version
1.7.4 or 2.5.0 or higher Reported by David Jardin Contact The JSST at
the Joomla! Security Center.


Project: Joomla!
SubProject: All
Severity: Moderate
Versions: 1.7.3 and all earlier versions
Exploit type: XSS Vulnerability
Reported Date: 2012-January-22
Fixed Date: 2012-January-24

Description
Inadequate filtering leads to XSS vulnerability.
Affected Installs
Joomla! version 1.7.3 and all earlier 1.7 and 1.6 versions
Solution
Upgrade to version 1.7.4 or 2.5.0 or higher
Reported by David Jardin
Contact
The JSST at the Joomla! Security Center.


-- 

-- Kurt Seifried / Red Hat Security Response Team
kseifried () redhat com

Current thread:

Fwd Joomla! Security News 2012-01 Henri Salo (Jan 25)
- Re: Fwd Joomla! Security News 2012-01 Henri Salo (Jan 25)
- Re: Fwd Joomla! Security News 2012-01 Kurt Seifried (Jan 25)
  - Re: Fwd Joomla! Security News 2012-01 Henri Salo (Jan 25)
  - Re: Fwd Joomla! Security News 2012-01 Kurt Seifried (Jan 26)
    - Re: Fwd Joomla! Security News 2012-01 Kurt Seifried (Jan 29)