[20130406] – Core – DOS Vulnerability

Apr24
by Ike on April 24, 2013 at 5:00 am
Posted In: CMS, Joomla, security
  • Project: Joomla!
  • SubProject: All
  • Severity: Moderate
  • Versions: 2.5.9 and earlier 2.5.x versions. 3.0.3 and earlier 3.0.x versions.
  • Exploit type: Denial of service vulnerability
  • Reported Date: 2013-February-18
  • Fixed Date: 2013-April-24
  • CVE Number: CVE-2013-3242

Description

Object unserialize method leads to possible denial of service vulnerability.

Affected Installs

Joomla! version 2.5.9 and earlier 2.5.x versions; and version 3.0.2 and earlier 3.0.x versions.

Solution

Upgrade to version 2.5.10,  3.1.0 or 3.0.4.

Contact

The JSST at the Joomla! Security Center.

Reported By: Egidio Romano 

└ Tags: , , , ,
 Comment 

[20130401] – Core – Privilege Escalation

Apr24
by Ike on April 24, 2013 at 5:00 am
Posted In: CMS, Joomla, security
  • Project: Joomla!
  • SubProject: All
  • Severity: Low
  • Versions: 2.5.9 and earlier 2.5.x versions. 3.0.3 and earlier 3.0.x versions.
  • Exploit type: Privilege Escalation
  • Reported Date: 2013-March-29
  • Fixed Date: 2013-April-24
  • CVE Number: CVE-2013-3056

Description

Inadequate permission checking allows unauthorised user to delete private messages.

Affected Installs

Joomla! version 2.5.9 and earlier 2.5.x versions; and version 3.0.2 and earlier 3.0.x versions.

Solution

Upgrade to version 2.5.10,  3.1.0 or 3.0.4.

Contact

The JSST at the Joomla! Security Center.

Reported By: Francois Gauthier

└ Tags: , , , ,
 Comment 

[20130404] – Core – XSS Vulnerability

Apr24
by Ike on April 24, 2013 at 5:00 am
Posted In: CMS, Joomla, security
  • Project: Joomla!
  • SubProject: All
  • Severity: Low
  • Versions: 2.5.9 and earlier 2.5.x versions. 3.0.3 and earlier 3.0.x versions.
  • Exploit type: XSS Vulnerability
  • Reported Date: 2013-February-15
  • Fixed Date: 2013-April-24
  • CVE Number: None

Description

Use of old version of Flash-based file uploader leads to XSS vulnerability.

Affected Installs

Joomla! version 2.5.9 and earlier 2.5.x versions; and version 3.0.2 and earlier 3.0.x versions.

Solution

Upgrade to version 2.5.10,  3.1.0 or 3.0.4.

Contact

The JSST at the Joomla! Security Center.

Reported By: Reginaldo Silva

└ Tags:
 Comment 

[20130402] – Core – Information Disclosure

Apr24
by Ike on April 24, 2013 at 5:00 am
Posted In: CMS, Joomla, security
  • Project: Joomla!
  • SubProject: All
  • Severity: Low
  • Versions: 2.5.9 and earlier 2.5.x versions. 3.0.3 and earlier 3.0.x versions.
  • Exploit type: Information Disclosure
  • Reported Date: 2013-March-29
  • Fixed Date: 2013-April-24
  • CVE Number: CVE-2013-3057

Description

Inadequate permission checking allows unauthorised user to see permission settings in some circumstances.

Affected Installs

Joomla! version 2.5.9 and earlier 2.5.x versions; and version 3.0.2 and earlier 3.0.x versions.

Solution

Upgrade to version 2.5.10,  3.1.0 or 3.0.4.

Contact

The JSST at the Joomla! Security Center.

Reported By: Francois Gauthier

└ Tags:
 Comment 

[20130403] – Core – XSS Vulnerability

Apr24
by Ike on April 24, 2013 at 5:00 am
Posted In: CMS, Joomla, security
  • Project: Joomla!
  • SubProject: All
  • Severity: Moderate
  • Versions: 2.5.9 and earlier 2.5.x versions. 3.0.3 and earlier 3.0.x versions.
  • Exploit type: XSS Vulnerability
  • Reported Date: 2013-March-9
  • Fixed Date: 2013-April-24
  • CVE Number: CVE-2013-3058

Description

Inadequate filtering allows possibility of XSS exploit in some circumstances.

Affected Installs

Joomla! version 2.5.9 and earlier 2.5.x versions; and version 3.0.2 and earlier 3.0.x versions.

Solution

Upgrade to version 2.5.10,  3.1.0 or 3.0.4.

Contact

The JSST at the Joomla! Security Center.

Reported By: James Kettle

└ Tags:
 Comment 

50 queries. 8.5 mb Memory usage. 0.259 seconds.