[20130201] – Core – Information Disclosure

Oct08
by Ike on October 8, 2012 at 9:09 pm
Posted In: CMS, Core Security, Joomla, security
  • Project: Joomla!
  • SubProject: All
  • Severity: Low
  • Versions: 3.0.2 and earlier 3.0.x versions; version 2.5.8 and earlier 2.5.x versions.
  • Exploit type: Information disclosure
  • Reported Date: 2012-October-31
  • Fixed Date: 2013-February-4
  • CVE Number: CVE-2013-1453

Description

Method of encoding search terms led to possible information disclosure.

Affected Installs

Joomla! version 3.0.2 and earlier 3.0.x versions; version 2.5.8 and earlier 2.5.x versions.

Solution

Upgrade to version 3.0.3 or 2.5.9.

Reported by Egidio Romano

Contact

The JSST at the Joomla! Security Center.

└ Tags:
 Comment 

[20130203] – Core – Information Disclosure

Oct08
by Ike on October 8, 2012 at 9:09 pm
Posted In: CMS, Core Security, Joomla, security
  • Project: Joomla!
  • SubProject: All
  • Severity: Low
  • Versions: 3.0.2 and earlier 3.0.x versions.
  • Exploit type: Information disclosure
  • Reported Date: 2013-January-13
  • Fixed Date: 2013-February-4
  • CVE Number: CVE-2013-1454

Description

Coding errors led to information disclosure in some situations.

Affected Installs

Joomla! version 3.0.2 and earlier 3.0.x versions.

Solution

Upgrade to version 3.0.3.

Reported by Stergios Kolios

Contact

The JSST at the Joomla! Security Center.

└ Tags:
 Comment 

[20130202] – Core – Information Disclosure

Oct08
by Ike on October 8, 2012 at 9:09 pm
Posted In: CMS, Core Security, Joomla, security
  • Project: Joomla!
  • SubProject: All
  • Severity: Low
  • Versions: 3.0.2 and earlier 3.0.x versions.
  • Exploit type: Information disclosure
  • Reported Date: 2013-January-16
  • Fixed Date: 2013-February-4
  • CVE Number: CVE-2013-1455

Description

Undefined variable caused information disclosure in some situations.

Affected Installs

Joomla! version 3.0.2 and earlier 3.0.x versions.

Solution

Upgrade to version 3.0.3.

Reported by Mark Dexter

Contact

The JSST at the Joomla! Security Center.

└ Tags:
 Comment 

[20121101] – Core – Clickjacking

Oct08
by Ike on October 8, 2012 at 9:09 pm
Posted In: CMS, Core Security, Joomla, security
  • Project: Joomla!
  • SubProject: All
  • Severity: Moderate
  • Versions: 3.0.1 and 3.0.0.
  • Exploit type: Clickjacking vulnerability
  • Reported Date: 2012-October-15
  • Fixed Date: 2012-November-08
  • CVE Number: CVE-2012-5827

Description

Inadequate protection leads to clickjacking vulnerability.

Affected Installs

Joomla! version 3.0.1 and 3.0.0.

Solution

Upgrade to version 3.0.2

Reported by Ajay Singh Negi

Contact

The JSST at the Joomla! Security Center.

└ Tags:
 Comment 

[20121102] – Core – Clickjacking

Oct08
by Ike on October 8, 2012 at 9:09 pm
Posted In: CMS, Core Security, Joomla, security
  • Project: Joomla!
  • SubProject: All
  • Severity: Moderate
  • Versions: 2.5.7 and all earlier 2.5.x versions
  • Exploit type: Clickjacking vulnerability
  • Reported Date: 2012-October-15
  • Fixed Date: 2012-November-08
  • CVE Number: CVE-2012-5827

Description

Inadequate protection leads to clickjacking vulnerability.

Affected Installs

Joomla! version 2.5.7 and all earlier 2.5.x versions.

Solution

Upgrade to version 2.5.8

Reported by Ajay Singh Negi

Contact

The JSST at the Joomla! Security Center.

└ Tags:
 Comment 

50 queries. 8.75 mb Memory usage. 0.276 seconds.