Text only | Text with Images

Charlottezweb

General Conversation => Script Chat => Topic started by: Jason on April 25, 2013, 11:23:07 AM

Title: Joomla Security Notice :: April 25, 2013
Post by: Jason on April 25, 2013, 11:23:07 AM
Today's notice from Joomla:

Quote

Joomla! Security News

[20130405] - Core - XSS Vulnerability
[20130403] - Core - XSS Vulnerability
[20130402] - Core - Information Disclosure
[20130404] - Core - XSS Vulnerability
[20130401] - Core - Privilege Escalation
[20130406] - Core - DOS Vulnerability
[20130407] - Core - XSS Vulnerability
[20130405] - Core - XSS Vulnerability
Posted: 23 Apr 2013 10:00 PM PDT
Project: Joomla!
SubProject: All
Severity: Low
Versions: 2.5.9 and earlier 2.5.x versions. 3.0.3 and earlier 3.0.x versions.
Exploit type: XSS Vulnerability
Reported Date: 2013-February-26
Fixed Date: 2013-April-24
CVE Number: CVE-2013-3059
Description

Inadequate filtering leads to XSS vulnerability in Voting plugin.
Affected Installs

Joomla! version 2.5.9 and earlier 2.5.x versions; and version 3.0.2 and earlier 3.0.x versions.
Solution

Upgrade to version 2.5.10,  3.1.0 or 3.0.4.
Contact

The JSST at the Joomla! Security Center.
Reported By: Yannick Gaultier and Jeff Channell


[20130403] - Core - XSS Vulnerability
Posted: 23 Apr 2013 10:00 PM PDT
Project: Joomla!
SubProject: All
Severity: Moderate
Versions: 2.5.9 and earlier 2.5.x versions. 3.0.3 and earlier 3.0.x versions.
Exploit type: XSS Vulnerability
Reported Date: 2013-March-9
Fixed Date: 2013-April-24
CVE Number: CVE-2013-3058
Description

Inadequate filtering allows possibility of XSS exploit in some circumstances.
Affected Installs

Joomla! version 2.5.9 and earlier 2.5.x versions; and version 3.0.2 and earlier 3.0.x versions.
Solution

Upgrade to version 2.5.10,  3.1.0 or 3.0.4.
Contact

The JSST at the Joomla! Security Center.
Reported By: James Kettle


[20130402] - Core - Information Disclosure
Posted: 23 Apr 2013 10:00 PM PDT
Project: Joomla!
SubProject: All
Severity: Low
Versions: 2.5.9 and earlier 2.5.x versions. 3.0.3 and earlier 3.0.x versions.
Exploit type: Information Disclosure
Reported Date: 2013-March-29
Fixed Date: 2013-April-24
CVE Number: CVE-2013-3057
Description

Inadequate permission checking allows unauthorised user to see permission settings in some circumstances.
Affected Installs

Joomla! version 2.5.9 and earlier 2.5.x versions; and version 3.0.2 and earlier 3.0.x versions.
Solution

Upgrade to version 2.5.10,  3.1.0 or 3.0.4.
Contact

The JSST at the Joomla! Security Center.
Reported By: Francois Gauthier


[20130404] - Core - XSS Vulnerability
Posted: 23 Apr 2013 10:00 PM PDT
Project: Joomla!
SubProject: All
Severity: Low
Versions: 2.5.9 and earlier 2.5.x versions. 3.0.3 and earlier 3.0.x versions.
Exploit type: XSS Vulnerability
Reported Date: 2013-February-15
Fixed Date: 2013-April-24
CVE Number: None
Description

Use of old version of Flash-based file uploader leads to XSS vulnerability.
Affected Installs

Joomla! version 2.5.9 and earlier 2.5.x versions; and version 3.0.2 and earlier 3.0.x versions.
Solution

Upgrade to version 2.5.10,  3.1.0 or 3.0.4.
Contact

The JSST at the Joomla! Security Center.
Reported By: Reginaldo Silva


[20130401] - Core - Privilege Escalation
Posted: 23 Apr 2013 10:00 PM PDT
Project: Joomla!
SubProject: All
Severity: Low
Versions: 2.5.9 and earlier 2.5.x versions. 3.0.3 and earlier 3.0.x versions.
Exploit type: Privilege Escalation
Reported Date: 2013-March-29
Fixed Date: 2013-April-24
CVE Number: CVE-2013-3056
Description

Inadequate permission checking allows unauthorised user to delete private messages.
Affected Installs

Joomla! version 2.5.9 and earlier 2.5.x versions; and version 3.0.2 and earlier 3.0.x versions.
Solution

Upgrade to version 2.5.10,  3.1.0 or 3.0.4.
Contact

The JSST at the Joomla! Security Center.
Reported By: Francois Gauthier


[20130406] - Core - DOS Vulnerability
Posted: 23 Apr 2013 10:00 PM PDT
Project: Joomla!
SubProject: All
Severity: Moderate
Versions: 2.5.9 and earlier 2.5.x versions. 3.0.3 and earlier 3.0.x versions.
Exploit type: Denial of service vulnerability
Reported Date: 2013-February-18
Fixed Date: 2013-April-24
CVE Number: CVE-2013-3242
Description

Object unserialize method leads to possible denial of service vulnerability.
Affected Installs

Joomla! version 2.5.9 and earlier 2.5.x versions; and version 3.0.2 and earlier 3.0.x versions.
Solution

Upgrade to version 2.5.10,  3.1.0 or 3.0.4.
Contact

The JSST at the Joomla! Security Center.
Reported By: Egidio Romano


[20130407] - Core - XSS Vulnerability
Posted: 23 Apr 2013 10:00 PM PDT
Project: Joomla!
SubProject: All
Severity: Low
Versions: 2.5.9 and earlier 2.5.x versions. 3.0.3 and earlier 3.0.x versions.
Exploit type: XSS Vulnerability
Reported Date: 2013-April-17
Fixed Date: 2013-April-24
CVE Number: CVE-2013-3267
Description

Inadequate filtering leads to XSS vulnerability in highlighter plugin.
Affected Installs

Joomla! version 2.5.9 and earlier 2.5.x versions; and version 3.0.2 and earlier 3.0.x versions.
Solution

Upgrade to version 2.5.10,  3.1.0 or 3.0.4.
Contact

The JSST at the Joomla! Security Center.
Reported By: Vertical Pigeon
Text only | Text with Images