Cartika Company and Application News Feed for Cartika news and application updates. http://cartikaforum.com Fri, 16 Mar 2012 16:00:11 +0000 10 Joomla Security Bulletin - March 16, 2012 http://cartikaforum.com/topic/2542-joomla-security-bulletin-march-16-2012/ [20120304] - Core - Password Change
Posted: 16 Mar 2012 12:21 AM PDT
  • Project: Joomla!
  • SubProject: All
  • Severity: High
  • Versions: 2.5.2, 2.5.1, 2.5.0, and all 1.7.x and 1.6.x releases
  • Exploit type: Password Change
  • Reported Date: 2012-March-8
  • Fixed Date: 2012-March-15
Description
Insufficient randomness leads to password reset vulnerability.

Affected Installs
Joomla! versions 2.5.2, 2.5.1, 2.5.0, and all 1.7.x and 1.6.x versions

Solution
Upgrade to version 2.5.3
Reported by George Argyros and Aggelos Kiayias

Contact
The JSST at the Joomla! Security Center.



[20120303] - Core - Privilege Escalation
Posted: 15 Mar 2012 05:00 AM PDT
  • Project: Joomla!
  • SubProject: All
  • Severity: High
  • Versions: 2.5.2, 2.5.1, 2.5.0, and all 1.7.x and 1.6.x releases
  • Exploit type: Privilege Escalation
  • Reported Date: 2012-March-12
  • Fixed Date: 2012-March-15
Description
Programming error allows privilege escalation in some cases.

Affected Installs
Joomla! versions 2.5.2, 2.5.1, 2.5.0, and all 1.7.x and 1.6.x versions

Solution
Upgrade to version 2.5.3
Reported by Jeff Channel

Contact
The JSST at the Joomla! Security Center.]]> Fri, 16 Mar 2012 16:00:11 +0000 http://cartikaforum.com/topic/2542-joomla-security-bulletin-march-16-2012/ Joomla Security Bulletin - February 1, 2012 http://cartikaforum.com/topic/2475-joomla-security-bulletin-february-1-2012/ Joomla! Security News
  • [20120201] - Core - Information Disclosure
  • [20120202] - Core - Information Disclosure
  • [20120203] - Core - Information Disclosure
[20120201] - Core - Information Disclosure
Posted: 01 Feb 2012 09:25 PM PST

2]Project: Joomla!

2]SubProject: All

2]Severity: Low

2]Versions: 2.5.0 and 1.7.0 - 1.7.4

2]Exploit type: Information Disclosure

2]Reported Date: 2012-January-29

2]Fixed Date: 2012-February-02

Description

Inadequate validation leads to information disclosure in administrator.
Affected Installs

Joomla! version 2.5.0, 1.7.4, and all earlier 1.7.x versions
Solution

Upgrade to version 1.7.5 or 2.5.1 or higher
Reported by Jakub Galczyk
Contact

The JSST at the Joomla! Security Center.
[20120202] - Core - Information Disclosure
Posted: 01 Feb 2012 09:25 PM PST

2]Project: Joomla!

2]SubProject: All

2]Severity: Moderate

2]Versions: 1.7.4 and all earlier 1.7.x versions

2]Exploit type: Information Disclosure

2]Reported Date: 2012-January-06

2]Fixed Date: 2012-February-02

Description

On some servers the error log could be read by unauthorised users.
Affected Installs

Joomla! version 1.7.4 and all earlier 1.7.x versions
Solution

Upgrade to version 2.5.1 or 1.7.5 or higher
Reported by Alain Rivest
Contact

The JSST at the Joomla! Security Center.
[20120203] - Core - Information Disclosure
Posted: 01 Feb 2012 09:25 PM PST

2]Project: Joomla!

2]SubProject: All

2]Severity: Low

2]Versions: 2.5.0 and 1.7.0 - 1.7.4

2]Exploit type: Information Disclosure

2]Reported Date: 2012-January-29

2]Fixed Date: 2012-February-02

Description

Inadequate validation leads to path disclosure in administrator.
Affected Installs

Joomla! version 2.5.0, 1.7.4, and all earlier 1.7.x versions
Solution

Upgrade to version 2.5.1 or 1.7.5 or higher
Reported by Jakub Galczyk
Contact

The JSST at the Joomla! Security Center.

]]> Fri, 03 Feb 2012 16:56:43 +0000 http://cartikaforum.com/topic/2475-joomla-security-bulletin-february-1-2012/ Joomla Security Bulletin - January 25, 2012 http://cartikaforum.com/topic/2449-joomla-security-bulletin-january-25-2012/
  • [20120101] - Core - Information Disclosure
  • [20120102] - Core - XSS Vulnerability
  • [20120103] - Core - Information Disclosure
  • [20120104] - Core - XSS Vulnerability
    • [20120101] - Core - Information Disclosure

    Posted: 23 Jan 2012 01:45 AM PST
    Project: Joomla! SubProject: All Severity: Low Versions: 1.7.3 and all earlier 1.7 and 1.6 versions Exploit type: Information Disclosure Reported Date: 2012-January-07 Fixed Date: 2012-January-24 Description Inadequate filtering leads to information disclosure. Affected Installs Joomla! version 1.7.3 and all earlier versions Solution Upgrade to version 1.7.4 or 2.5.0 or higher Reported by Cyrille Barthelemy Contact The JSST at the Joomla! Security Center.

    [20120102] - Core - XSS Vulnerability
    Posted: 23 Jan 2012 01:45 AM PST
    Project: Joomla! SubProject: All Severity: Moderate Versions: 1.7.3 and all earlier 1.7 and 1.6 versions Exploit type: XSS Vulnerability Reported Date: 2011-November-16 Fixed Date: 2012-January-24 Description Inadequate filtering leads to XSS vulnerability. Affected Installs Joomla! version 1.7.3 and all earlier versions Solution Upgrade to version 1.7.4 or 2.5.0 or higher Reported by Ankita Kapadia Contact The JSST at the Joomla! Security Center.


    [20120103] - Core - Information Disclosure
    Posted: 23 Jan 2012 01:45 AM PST
    Project: Joomla! SubProject: All Severity: Low Versions: 1.7.3 and all earlier 1.7 and 1.6 versions Exploit type: Information Disclosure Reported Date: 2011-December-19 Fixed Date: 2012-January-24 Description Inadequate filtering leads to information disclosure. Affected Installs Joomla! version 1.7.3 and all earlier versions Solution Upgrade to version 1.7.4 or 2.5.0 or higher Reported by Jean-Marie Simonet Contact The JSST at the Joomla! Security Center.


    [20120104] - Core - XSS Vulnerability
    Posted: 23 Jan 2012 01:45 AM PST
    Project: Joomla! SubProject: All Severity: Moderate Versions: 1.7.3 and all earlier versions Exploit type: XSS Vulnerability Reported Date: 2012-January-22 Fixed Date: 2012-January-24 Description Inadequate filtering leads to XSS vulnerability. Affected Installs Joomla! version 1.7.3 and all earlier 1.7 and 1.6 versions Solution Upgrade to version 1.7.4 or 2.5.0 or higher Reported by David Jardin Contact The JSST at the Joomla! Security Center.]]>     Wed, 25 Jan 2012 15:40:59 +0000 http://cartikaforum.com/topic/2449-joomla-security-bulletin-january-25-2012/     Joomla Security Bulletin - November 14, 2011 http://cartikaforum.com/topic/2375-joomla-security-bulletin-november-14-2011/
  • [20111102] - Core - Password Change
  • [20111103] - Core - Password Change
  • [20111101] - Core - XSS Vulnerability
    • [20111102] - Core - Password Change


    Posted: 14 Nov 2011 08:33 PM PST
    • Project: Joomla!
    • SubProject: All
    • Severity: High
    • Versions: 1.7.2 and all 1.6.x versions
    • Exploit type: Password Change
    • Reported Date: 2011-October-28
    • Fixed Date: 2011-November-14
    Description

    Weak random number generation during password reset leads to possibility of changing a user's password.
    Affected Installs

    Joomla! version 1.7.2 and all earlier 1.7.x and 1.6.x versions
    Solution

    Upgrade to the latest Joomla! version (1.7.3 or later)
    Reported by David Jardin
    Contact

    The JSST at the Joomla! Security Center.
    [20111103] - Core - Password Change
    Posted: 14 Nov 2011 08:33 PM PST
    • Project: Joomla!
    • SubProject: All
    • Severity: High
    • Versions: 1.5.24 and all earlier 1.5 versions
    • Exploit type: Password Change
    • Reported Date: 2011-October-28
    • Fixed Date: 2011-November-14
    Description

    Weak random number generation during password reset leads to possibility of changing a user's password.
    Affected Installs

    Joomla! version 1.5.24 and all earlier 1.5 versions
    Solution

    Upgrade to the latest Joomla! 1.5 version (1.5.25 or later)
    Reported by David Jardin
    Contact

    The JSST at the Joomla! Security Center.
    [20111101] - Core - XSS Vulnerability
    Posted: 14 Nov 2011 08:33 PM PST
    • Project: Joomla!
    • SubProject: All
    • Severity: Medium
    • Versions: 1.7.2 and all 1.6.x versions
    • Exploit type: XSS
    • Reported Date: 2011-October-21
    • Fixed Date: 2011-November-14
    Description


    Inadequate filtering leads to XSS vulnerability in back end.
    Affected Installs

    Joomla! version 1.7.2 and all earlier 1.7.x and 1.6.x versions
    Solution

    Upgrade to the latest Joomla! version (1.7.3 or later)
    Reported by Corné Hannema
    Contact

    The JSST at the Joomla! Security Center.]]>     Mon, 14 Nov 2011 15:48:51 +0000 http://cartikaforum.com/topic/2375-joomla-security-bulletin-november-14-2011/     Joomla Security Bulletin - October 17, 2011 http://cartikaforum.com/topic/2359-joomla-security-bulletin-october-17-2011/
  • [20111001] - Core - Information Disclosure
  • [20111002] - Core - Information Disclosure
  • [20111003] - Core - Information Disclosure
    • [20111001] - Core - Information Disclosure

    Posted: 17 Oct 2011 01:59 PM PDT
    Project: Joomla!
    SubProject: All
    Severity: Moderate
    Versions: 1.7.1
    Exploit type: Information Disclosure
    Reported Date: 2011-September-09
    Fixed Date: 2011-October-17
    Description

    Weak encryption causes potential information disclosure.
    Affected Installs

    Joomla! version 1.7.1 and earlier
    Solution

    Upgrade to the latest Joomla! version (1.7.2 or later)
    Reported by Jeff Channell
    Contact

    The JSST at the Joomla! Security Center.http://feeds.feedbur...tm_medium=email
    [20111002] - Core - Information Disclosure
    Posted: 17 Oct 2011 01:59 PM PDT
    Project: Joomla!
    SubProject: All
    Severity: Low
    Versions: 1.7.1
    Exploit type: Information Disclosure
    Reported Date: 2011-August-02
    Fixed Date: 2011-October-17
    Description

    Inadequate error checking causes potential information disclosure.


    Affected Installs

    Joomla! version 1.7.1 and earlier
    Solution

    Upgrade to the latest Joomla! version (1.7.2 or later)
    Reported by Aung Khant, YGN Ethical Hacker Group
    Contact

    The JSST at the Joomla! Security Center.
    [20111003] - Core - Information Disclosure
    Posted: 17 Oct 2011 01:59 PM PDT
    Project: Joomla!
    SubProject: All
    Severity: Moderate
    Versions: 1.5.23 and earlier
    Exploit type: Information Disclosure
    Reported Date: 2011-September-09
    Fixed Date: 2011-October-17
    Description

    Weak encryption causes potential information disclosure.

    Affected Installs
    Joomla! version 1.5.23 and earlier
    Solution

    Upgrade to the latest Joomla! version (1.5.24 or later)
    Reported by Jeff Channell
    Contact

    The JSST at the Joomla! Security Center.]]>     Tue, 18 Oct 2011 14:12:52 +0000 http://cartikaforum.com/topic/2359-joomla-security-bulletin-october-17-2011/