Project: Joomla! SubProject: com_content Severity: Moderate Versions: 1.5.14 and all previous 1.5 releases Exploit type: Front-End Editing Reported Date: 2009-September-05 Fixed Date: 2009-November-03 Description When logged into the front end with Author access, it was possible to replace an article written by another user. Affected Installs All 1.5.x installs prior to and including 1.5.14 are affected. Solution Upgrade to latest Joomla! version (1.5.15 or newer). Reported by Hannes Papenberg Contact The JSST at the Joomla! Security Center .
Read more from the original source:
[20091103] – Core – Front-End Editor Issue
Project: Joomla! SubProject: All Severity: Low Versions: 1.5.14 and all previous 1.5 releases Exploit type: Extension Version Disclosure Reported Date: 2009-October-13 Fixed Date: 2009-Nov-03 Description It is possible to read the contents of an extension’s XML file and find the version number of the installed extension. This could allow people to exploit a known security flaws for a specific version of an extension. Affected Installs All 1.5.x installs prior to and including 1.5.14 are affected. Solution Turn on Apache mod_rewrite and configure your .htaccess file to filter out XML files. In the htaccess.txt file shipped with version 1.5.15, lines 35-39 contain example code that will deny access to XML files. You can incorporate this code (or similar code) into your .htaccess file. Be sure to test that it does not cause problems on your site. Reported by WHK and Gergő Erdősi Contact The JSST at the Joomla! Security Center .
View original post here:
[20091103] – Core – XML File Read Issue
Project: Joomla! SubProject: Framework Severity: Moderate Versions: 1.5.12 and all previous 1.5 releases Exploit type: XSS Reported Date: 2009-July-21 Fixed Date: 2009-July-22 Description Some files were missing the check for JEXEC. These scripts will then expose internal path information of the host. Affected Installs All 1.5.x installs prior to and including 1.5.12 are affected. Solution Upgrade to latest Joomla! version (1.5.13 or newer).
See more here:
[20090722] – Core – Missing JEXEC Check
Project: Joomla! SubProject: com_mailto Severity: Low Versions: 1.5.13 and all previous 1.5 releases Exploit type: Email Reported Date: 2009-July-28 Fixed Date: 2009-July-30 Description In com_mailto, it was possible to bypass timeout protection against sending automated emails. Affected Installs All 1.5.x installs prior to and including 1.5.13 are affected. Solution Upgrade to latest Joomla! version (1.5.14 or newer).
Read the original here:
[20090723] – Core – com_mailto Timeout Issue
Project: Joomla! SubProject: TinyMCE editor Severity: Critical Versions: 1.5.12 Exploit type: Image File upload Reported Date: 2009-July-22 Fixed Date: 2009-July-22 Description Tiny browser included with TinyMCE 3.0 editor allowed files to be uploaded and removed without logging in. Affected Installs Version 1.5.12 only Solution Upgrade to latest Joomla! version (1.5.13 or newer)
Read the original post:
[20090722] – Core – File Upload
Project: Joomla! SubProject: Admin client Severity: Moderate Versions: 1.5.11 and all previous 1.5 releases Exploit type: XSS Reported Date: 2009-June-22 Fixed Date: 2009-June-30 Description Some files were missing the check for JEXEC. These scripts will then expose internal path information of the host. Affected Installs All 1.5.x installs prior to and including 1.5.11 are affected.
More here:
[20090606] – Core – Missing JEXEC Check
Project: Joomla! SubProject: Site client Severity: Moderate Versions: 1.5.11 and all previous 1.5 releases Exploit type: XSS Reported Date: 2009-June-03 Fixed Date: 2009-June-30 Description An attacker can inject JavaScript code in a URL that will be executed in the context of targeted user browser. Affected Installs All 1.5.x installs prior to and including 1.5.11 are affected. Solution Upgrade to latest Joomla! version (1.5.12 or newer)
Read the original here:
[20090605] – Core – Frontend XSS – PHP_SELF not properly filtered
Project: Joomla! SubProject: Site client Severity: Moderate Versions: 1.5.11 and all previous 1.5 releases Exploit type: XSS Reported Date: 2009-June-30 Fixed Date: 2009-June-30 Description An attacker can inject JavaScript or DHTML code that will be executed in the context of targeted user browser, allowing the attacker to steal cookies.
Read the original post:
[20090604] – Core – Frontend XSS – HTTP_REFERER not properly filtered
Project: Joomla! SubProject: Site client Severity: Low Versions: 1.5.10 and all previous 1.5 releases Exploit type: XSS Reported Date: 2009-May-05 Fixed Date: 2009-June-02 Description Some values were output from the database without being properly escaped. Most strings in question were sourced from the administrator panel. Affected Installs All 1.5.x installs prior to and including 1.5.10 are affected. Solution Upgrade to latest Joomla! version (1.5.11 or newer).
View post:
[20090603] – Core – Frontend XSS
Project: Joomla! SubProject: ja_purity Severity: Moderate Versions: 1.5.10 and all previous 1.5 releases Exploit type: XSS Reported Date: 2009-April-06 Fixed Date: 2009-June-02 Description A XSS vulnerability exists in the JA_Purity template which ships with Joomla! 1.5. Affected Installs All 1.5.x installs prior to and including 1.5.10 are affected. Solution Upgrade to latest Joomla! version (1.5.11 or newer).
View original here:
[20090602] – Core – ja_purity XSS