Joomla! Security News

Joomla! Security News


[20110308] - Core - CSRF Vulnerability

Posted: 04 Mar 2011 02:51 PM PST

  • Project: Joomla!
  • SubProject: All
  • Severity: Low
  • Versions: 1.6.0
  • Exploit type: Cross Site Request Forgery
  • Reported Date: 2011-March-04
  • Fixed Date: 2011-March-07

Description

Inadequate token checking leads to cross-site request forgery vulnerability.

Affected Installs

Joomla! version 1.6.0.

Solution

Upgrade to the latest Joomla! version (1.6.1 or later)

Reported by Marius van Rijnsoever

Contact

The JSST at the Joomla! Security Center.

[20110307] - Core - XSS Vulnerabilities

Posted: 04 Mar 2011 02:45 PM PST

  • Project: Joomla!
  • SubProject: All
  • Severity: Moderate
  • Versions: 1.6.0
  • Exploit type: XSS
  • Reported Date: 2011-March-02
  • Fixed Date: 2011-March-07

Description

Inadequate filtering causes XSS vulnerabilities.

Affected Installs

Joomla! version 1.6.0.

Solution

Upgrade to the latest Joomla! version (1.6.1 or later)

Reported by security@joomla.org

Contact

The JSST at the Joomla! Security Center.

[20110306] - Core - DOS Vulnerabilities

Posted: 04 Mar 2011 02:40 PM PST

  • Project: Joomla!
  • SubProject: All
  • Severity: Moderate
  • Versions: 1.6.0
  • Exploit type: Denial of Service
  • Reported Date: 2011-March-01
  • Fixed Date: 2011-March-07

Description

Editor caching can result in disk space denial of service.

Affected Installs

Joomla! version 1.6.0.

Solution

Upgrade to the latest Joomla! version (1.6.1 or later)

Reported by Jeff Channell

Contact

The JSST at the Joomla! Security Center.

[20110305] - Core - CSRF Vulnerability

Posted: 04 Mar 2011 02:35 PM PST

  • Project: Joomla!
  • SubProject: All
  • Severity: Moderate
  • Versions: 1.6.0
  • Exploit type: CSRF Vulnerability
  • Reported Date: 2011-February-28
  • Fixed Date: 2011-March-07

Description

Inadequate token checking causes cross site request forgery vulnerability.

Affected Installs

Joomla! version 1.6.0.

Solution

Upgrade to the latest Joomla! version (1.6.1 or later)

Reported by Marius Van Rijnsoever

Contact

The JSST at the Joomla! Security Center.

[20110304] - Core - Unauthorised Access

Posted: 04 Mar 2011 02:25 PM PST

  • Project: Joomla!
  • SubProject: All
  • Severity: Low
  • Versions: 1.6.0
  • Exploit type: Unauthorised Access
  • Reported Date: 2011-February-25
  • Fixed Date: 2011-March-07

Description

Inadequate control of which files can be edited by authenticated users.

Affected Installs

Joomla! version 1.6.0.

Solution

Upgrade to the latest Joomla! version (1.6.1 or later)

Reported by Jeff Channell

Contact

The JSST at the Joomla! Security Center.

[20110303] - Core - Information Disclosure

Posted: 04 Mar 2011 02:20 PM PST

  • Project: Joomla!
  • SubProject: All
  • Severity: Moderate
  • Versions: 1.6.0
  • Exploit type: Information Disclosure
  • Reported Date: 2011-February-22
  • Fixed Date: 2011-March-07

Description

Inadequate filtering causes information disclosure.

Affected Installs

Joomla! version 1.6.0.

Solution

Upgrade to the latest Joomla! version (1.6.1 or later)

Reported by Jeff Channell

Contact

The JSST at the Joomla! Security Center.

[20110302] - Core - Redirect Vulnerabilities

Posted: 04 Mar 2011 02:16 PM PST

  • Project: Joomla!
  • SubProject: All
  • Severity: Moderate
  • Versions: 1.6.0
  • Exploit type: Redirect Vulnerabilities
  • Reported Date: 2011-February-22
  • Fixed Date: 2011-March-07

Description

Inadequate checking of redirect URL's.

Affected Installs

Joomla! version 1.6.0.

Solution

Upgrade to the latest Joomla! version (1.6.1 or later)

Reported by Jeff Channell

Contact

The JSST at the Joomla! Security Center.

[20110301] - Core - Information Disclosure

Posted: 04 Mar 2011 02:12 PM PST

  • Project: Joomla!
  • SubProject: All
  • Severity: Moderate
  • Versions: 1.6.0
  • Exploit type: Information Disclosure
  • Reported Date: 2011-February-22
  • Fixed Date: 2011-March-07

Description

Inadequate access checking leads to information disclosure.

Affected Installs

Joomla! version 1.6.0.

Solution

Upgrade to the latest Joomla! version (1.6.1 or later)

Reported by Jeff Channell

Contact

The JSST at the Joomla! Security Center.

[20110204] - Core - XSS Vulnerabilities

Posted: 22 Feb 2011 08:56 PM PST

  • Project: Joomla!
  • SubProject: All
  • Severity: Moderate
  • Versions: 1.6.0
  • Exploit type: Information Disclosure
  • Reported Date: 2011-January-17
  • Fixed Date: 2011-March-07

Description

Inadequate filtering causes XSS vulnerabilities.

Affected Installs

Joomla! version 1.6.0.

Solution

Upgrade to the latest Joomla! version (1.6.1 or later)

Reported by Jeff Channell

Contact

The JSST at the Joomla! Security Center.