|
Message-ID: <256183236.1854431272311777439.JavaMail.root@zmail01.collab.prod.int.phx2.redhat.com> Date: Mon, 26 Apr 2010 15:56:17 -0400 (EDT) From: Josh Bressers <bressers@...hat.com> To: oss-security@...ts.openwall.com Cc: Steven Christey <coley@...us.mitre.org> Subject: Re: CVE request: joomla <= 1.5.15 code upload, information leak, session fixation, unauthorized access (was Fwd: Joomla! Security News) Here you go: CVE-2010-1432 Joomla! information Disclosure CVE-2010-1433 Joomla! Code upload CVE-2010-1434 Joomla! Session fixation CVE-2010-1435 Joomla! Unauthorised Access Thanks. -- JB ----- "Hanno Böck" <hanno@...eck.de> wrote: > ---------- forwarded message ---------- > > Subject: Joomla! Security News > Date: Samstag 24 April 2010 > From: "Joomla! Developer - Vulnerability News" <no_reply@...mla.org> > > > Joomla! Developer - Vulnerability News > > /////////////////////////////////////////// > [20100423] - Core - Negative Values for Limit and Offset > > Posted: 23 Apr 2010 10:31 AM PDT > http://feedproxy.google.com/~r/JoomlaSecurityNews/~3/K3rjMh4AvSE/311-20100423- > core-negative-values-for-limit-and- > offset.html?utm_source=feedburner&utm_medium=email > > > Project: Joomla! > SubProject: All > Severity: Moderate > Versions: 1.5.15 and all previous 1.5 releases > Exploit type: information Disclosure > Reported Date: 2010-Feb-21 > Fixed Date: 2010-Apr-23 > > Description > > If a user entered a URL with a negative query limit or offset, a PHP > notice > would display revealing information about the system. > Affected Installs > > All 1.5.x installs prior to and including 1.5.15 are affected. > Solution > > Upgrade to the latest Joomla! version (1.5.16 or later) > > Reported by Security List > Contact > > The JSST at the Joomla! Security Center. > > > > /////////////////////////////////////////// > [20100423] - Core - Installer Migration Script > > Posted: 23 Apr 2010 10:27 AM PDT > http://feedproxy.google.com/~r/JoomlaSecurityNews/~3/QLis4AG_-cs/310-20100423- > core-installer-migration-script.html?utm_source=feedburner&utm_medium=email > > > Project: Joomla! > SubProject: All > Severity: Low > Versions: 1.5.15 and all previous 1.5 releases > Exploit type: Code upload > Reported Date: 2009-Dec-30 > Fixed Date: 2010-Apr-23 > > Description > > The migration script in the Joomla! installer does not check the file > type > being uploaded. If the installation application is present, an > attacker > could use it to upload malicious files to a server. > Affected Installs > > All 1.5.x installs prior to and including 1.5.15 are affected. > Solution > > Upgrade to the latest Joomla! version (1.5.16 or later) > > Reported by Nicola Bettini > Contact > > The JSST at the Joomla! Security Center. > > > > /////////////////////////////////////////// > [20100423] - Core - Sessation Fixation > > Posted: 23 Apr 2010 10:22 AM PDT > http://feedproxy.google.com/~r/JoomlaSecurityNews/~3/KWB_pRZpcP4/309-20100423- > core-sessation-fixation.html?utm_source=feedburner&utm_medium=email > > > Project: Joomla! > SubProject: All > Severity: Moderate > Versions: 1.5.15 and all previous 1.5 releases > Exploit type: Session fixation > Reported Date: 2010-Mar-25 > Fixed Date: 2010-Apr-23 > > Description > > Session id doesn't get modified when user logs in. A remote site may > be > able to forward a visitor to the Joomla! site and set a specific > cookie. > If the user then logs in, the remote site can use that cookie to > authenticate as that user. > Affected Installs > > All 1.5.x installs prior to and including 1.5.15 are affected. > Solution > > Upgrade to the latest Joomla! version (1.5.16 or later) > > Reported by Raúl Siles and Steven Pignataro > > > > Contact > > The JSST at the Joomla! Security Center.[20100423] - Core - Password > Reset > Tokens > > > > /////////////////////////////////////////// > [20100423] - Core - Password Reset Tokens > > Posted: 22 Apr 2010 05:00 PM PDT > http://feedproxy.google.com/~r/JoomlaSecurityNews/~3/UdLK-p0f7tQ/308-20100423- > core-password-reset-tokens.html?utm_source=feedburner&utm_medium=email > > > Project: Joomla! > SubProject: All > Severity: Low > Versions: 1.5.15 and all previous 1.5 releases > Exploit type: Unauthorised Access > Reported Date: 2010-Jan-07 > Fixed Date: 2010-Apr-23 > > Description > > When a user requests a password reset, the reset tokens were stored in > > plain text in the database. While this is not a vulnerability in > itself, it > allows user accounts to be compromised if there is an extension on the > site > with an SQL injection vulnerability. > Affected Installs > > All 1.5.x installs prior to and including 1.5.15 are affected. > Solution > > Upgrade to the latest Joomla! version (1.5.16 or later) > > Reported by Madis Abel > Contact > > The JSST at the Joomla! Security Center. > > > > -- > Hanno Böck Blog: http://www.hboeck.de/ > GPG: 3DBD3B20 Jabber/Mail: hanno@...eck.de > > http://schokokeks.org - professional webhosting
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.