oss-sec mailing list archives

Previous By Date Next
Previous By Thread Next

Joomla! Security News 2012-06-19

From: Henri Salo <henri () nerv fi>
Date: Tue, 19 Jun 2012 15:41:02 +0300
Two issues without CVEs again. Could I get those assigned, thanks.

1. 20120601 - Core - Privilege Escalation
2. 20120602 - Core - Information Disclosure

- Henri Salo
ps. forwarded email from Joomla below

----- Forwarded message from Joomla! Developer Network - Security News <no_reply () joomla org> -----

Subject: Joomla! Security News
From: Joomla! Developer Network - Security News <no_reply () joomla org>
To: henri () nerv fi

Joomla! Developer Network - Security News

///////////////////////////////////////////
[20120601] - Core - Privilege Escalation

Posted: 19 Jun 2012 12:21 AM PDT
http://feedproxy.google.com/~r/JoomlaSecurityNews/~3/I2o1kbJKIVQ/470-20120601-core-privilege-escalation.html?utm_source=feedburner&utm_medium=email


Project: Joomla!
SubProject: All
 Severity: Medium High
Versions: 2.5.4 and all earlier 2.5.x versions
Exploit type: Privilege Escalation
Reported Date: 2012-April-29
Fixed Date: 2012-June-18

Description

Inadequate checking leads to possible user privilege escalation.
Affected Installs

Joomla! versions 2.5.4 and all earlier 2.5.x versions
Solution

Upgrade to version 2.5.5

Reported by Nils Rückmann
Contact

The JSST at the Joomla! Security Center.



///////////////////////////////////////////
[20120602] - Core - Information Disclosure

Posted: 19 Jun 2012 12:21 AM PDT
http://feedproxy.google.com/~r/JoomlaSecurityNews/~3/K71HzujRDDs/471-20120602-core-information-disclosure.html?utm_source=feedburner&utm_medium=email


Project: Joomla!
SubProject: All
 Severity: Low
Versions: 2.5.4 and all earlier 2.5.x versions
Exploit type: Information Disclosure
Reported Date: 2012-May-1
Fixed Date: 2012-June-18

Description

Inadequate filtering leads SQL error and information disclosure.
Affected Installs

Joomla! versions 2.5.4 and all earlier 2.5.x versions
Solution

Upgrade to version 2.5.5

Reported by Jakub Galczyk
Contact

The JSST at the Joomla! Security Center.



--
You are subscribed to email updates from "Joomla! Developer Network -
Security News."
To stop receiving these emails, you may unsubscribe now: 
http://feedburner.google.com/fb/a/mailunsubscribe?k=JWlBXz9w0F12fWtPu46jwc9_Jcc

Email delivery powered by Google.
Google Inc., 20 West Kinzie, Chicago IL USA 60610


----- End forwarded message -----
Previous By Date Next
Previous By Thread Next

Current thread: