oss-sec mailing list archives
Re: Fwd Joomla! Security News 2012-01
From: Kurt Seifried <kseifried () redhat com>
Date: Thu, 26 Jan 2012 16:30:36 -0700
Well no-one spoke up so I'm assuming no CVE's have been issued for these issues yet.
/////////////////////////////////////////// [20120101] - Core - Information Disclosure Posted: 23 Jan 2012 01:45 AM PST http://feedproxy.google.com/~r/JoomlaSecurityNews/~3/MYKnZ2QJKYE/382-20120101-core-information-disclosure.html?utm_source=feedburner&utm_medium=emailhttp://developer.joomla.org/security/news/382-20120101-core-information-disclosure.html Project: Joomla! SubProject: All Severity: Low Versions: 1.7.3 and all earlier 1.7 and 1.6 versions Exploit type: Information Disclosure Reported Date: 2012-January-07 Fixed Date: 2012-January-24 Description Inadequate filtering leads to information disclosure. Affected Installs Joomla! version 1.7.3 and all earlier versions Solution Upgrade to version 1.7.4 or 2.5.0 or higher Reported by Cyrille Barthelemy Contact The JSST at the Joomla! Security Center.
Please use CVE-2011-4933 for this issue (382-20120101-core-information-disclosure.html)
/////////////////////////////////////////// [20120102] - Core - XSS Vulnerability Posted: 23 Jan 2012 01:45 AM PST http://feedproxy.google.com/~r/JoomlaSecurityNews/~3/XAEsWEG3dgU/383-20120102-core-xss-vulnerability.html?utm_source=feedburner&utm_medium=emaildeveloper.joomla.org/security/news/383-20120102-core-xss-vulnerability.html Project: Joomla! SubProject: All Severity: Moderate Versions: 1.7.3 and all earlier 1.7 and 1.6 versions Exploit type: XSS Vulnerability Reported Date: 2011-November-16 Fixed Date: 2012-January-24 Description Inadequate filtering leads to XSS vulnerability. Affected Installs Joomla! version 1.7.3 and all earlier versions Solution Upgrade to version 1.7.4 or 2.5.0 or higher Reported by Ankita Kapadia Contact The JSST at the Joomla! Security Center.
Please use CVE-2011-4934 for this issue (383-20120102-core-xss-vulnerability.html)
/////////////////////////////////////////// [20120103] - Core - Information Disclosure Posted: 23 Jan 2012 01:45 AM PST http://feedproxy.google.com/~r/JoomlaSecurityNews/~3/Ed0TMAvyQ4g/384-20120103-core-information-disclosure.html?utm_source=feedburner&utm_medium=emailhttp://developer.joomla.org/security/news/384-20120103-core-information-disclosure.html Project: Joomla! SubProject: All Severity: Low Versions: 1.7.3 and all earlier 1.7 and 1.6 versions Exploit type: Information Disclosure Reported Date: 2011-December-19 Fixed Date: 2012-January-24 Description Inadequate filtering leads to information disclosure. Affected Installs Joomla! version 1.7.3 and all earlier versions Solution Upgrade to version 1.7.4 or 2.5.0 or higher Reported by Jean-Marie Simonet Contact The JSST at the Joomla! Security Center.
Please use CVE-2011-4935 for this issue (384-20120103-core-information-disclosure.html)
/////////////////////////////////////////// [20120104] - Core - XSS Vulnerability Posted: 23 Jan 2012 01:45 AM PST chttp://developer.joomla.org/security/news/385-20120104-core-xss-vulnerability.html Project: Joomla! SubProject: All Severity: Moderate Versions: 1.7.3 and all earlier versions Exploit type: XSS Vulnerability Reported Date: 2012-January-22 Fixed Date: 2012-January-24 Description Inadequate filtering leads to XSS vulnerability. Affected Installs Joomla! version 1.7.3 and all earlier 1.7 and 1.6 versions Solution Upgrade to version 1.7.4 or 2.5.0 or higher Reported by David Jardin Contact The JSST at the Joomla! Security Center.
Please use CVE-2011-4936 for this issue (385-20120104-core-xss-vulnerability.html) -- Kurt Seifried Red Hat Security Response Team (SRT)
Current thread:
- Fwd Joomla! Security News 2012-01 Henri Salo (Jan 25)
- Re: Fwd Joomla! Security News 2012-01 Henri Salo (Jan 25)
- Re: Fwd Joomla! Security News 2012-01 Kurt Seifried (Jan 25)
- Re: Fwd Joomla! Security News 2012-01 Henri Salo (Jan 25)
- Re: Fwd Joomla! Security News 2012-01 Kurt Seifried (Jan 26)
- Re: Fwd Joomla! Security News 2012-01 Kurt Seifried (Jan 29)