[20100704] – Core – XSS Vulnerabillitis in Back End
Project: Joomla! SubProject: All Severity: Medium Versions: 1.5.18 and all previous 1.5 releases Exploit type: XSS Injection Reported Date: 2010-June-1 Fixed Date: 2010-July-15 Description Back-end user can inject Javascript in various administrator screens. Affected Installs All 1.5.x installs prior to and including 1.5.18 are affected. Solution Upgrade to the latest Joomla! version (1.5.18 or later) Reported by oCERT. Contact The JSST at the Joomla! Security Center .
Read the original:
[20100704] – Core – XSS Vulnerabillitis in Back End
[20100703] – Core – XSS Vulnerabillitis in Back End
Project: Joomla! SubProject: All Severity: Medium Versions: 1.5.18 and all previous 1.5 releases Exploit type: XSS Injection Reported Date: 2010-June-8 Fixed Date: 2010-July-15 Description Back-end user can inject Javascript in various administrator screens. Affected Installs All 1.5.x installs prior to and including 1.5.18 are affected. Solution Upgrade to the latest Joomla! version (1.5.18 or later) Reported by José Antonio Vázquez González Contact The JSST at the Joomla! Security Center .
[20100702] – Core – XSS Vulnerabillitis in Back End
Project: Joomla! SubProject: All Severity: Medium Versions: 1.5.18 and all previous 1.5 releases Exploit type: XSS Injection Reported Date: 2010-June-8 Fixed Date: 2010-July-15 Description Back-end user can inject Javascript in various administrator screens. Affected Installs All 1.5.x installs prior to and including 1.5.18 are affected. Solution Upgrade to the latest Joomla! version (1.5.18 or later) Reported by José Antonio Vázquez González Contact The JSST at the Joomla! Security Center .
More here:
[20100702] – Core – XSS Vulnerabillitis in Back End
[20100701] – Core – SQL Injection / Internal Path Exposure
Project: Joomla! SubProject: All Severity: Low Versions: 1.5.18 and all previous 1.5 releases Exploit type: Internal Path Exposure Reported Date: 2010-June-10 Fixed Date: 2010-July-15 Description Back-end user can create MySQL error which shows internal path information in the error message. Affected Installs All 1.5.x installs prior to and including 1.5.18 are affected. Solution Upgrade to the latest Joomla! version (1.5.18 or later) Reported by Andy Gorges Contact The JSST at the Joomla! Security Center .
Go here to see the original:
[20100701] – Core – SQL Injection / Internal Path Exposure
[20100501] – Core – XSS Vulnerabilities in Back End
Project: Joomla! SubProject: All Severity: High Versions: 1.5.17 and all previous 1.5 releases Exploit type: XSS Injection Reported Date: 2010-May-13 Fixed Date: 2010-May-28 Description Back-end user can inject javascript in various administrator screens. Affected Installs All 1.5.x installs prior to and including 1.5.17 are affected. Solution Upgrade to the latest Joomla! version (1.5.18 or later) Reported by Riyaz Ahemed Contact The JSST at the Joomla! Security Center .
Here is the original:
[20100501] – Core – XSS Vulnerabilities in Back End
Simple Ajax Poll
Simple Ajax Poll Module is a poll module that utilizes the Ajax Technology to implement voting without page reloading! It uses the Official Joomla! component for polls (com_poll), thus, all your existing polls will still work.. and it does not require a component installation. Features ————- * Ajax Technology, no page reloading! * Uses the default Joomla! Poll Component, no need to install a component, which means that all your previous and current polls will keep working. * Uses Mootools, which is already used by joomla!, which means no extra javascript code!, and if you have disabled Mootools, it uses a smaller code that still gets the job done!. * you can set a message in your language for users who press the vote button without choosing an option, for other parameters, your local language will be used.
View original here:
Simple Ajax Poll
LUCiD LEO Translation
This module for Joomla 1.5 uses the service from LEO (http://dict.leo.org) to translate words from English, French, Spain, Italian, Chinese and Russian to German and vice versa. The module has the ability to select the target window, the default language for translation and which translation language will be shown on the frontend. Furthermore the module offers additional parameters to tweak the layout. Changelog: V1.2 – added translation option for language Russian – added language file of ru-RU – added new parameter ‘new line’ for displaying the button alongside or under the input field V1.1 – Now the module contains the language-files. therefore, it must not longer be extracted first – Contains complete translation for the languages German (de-DE) and English (en-GB) – added the functionality to set the text of the searchbutton automatically in dependence of the selected frontend-language – translation of the search-button text for the languages Spain (es-ES), French (fr-FR), Italian (it-IT), Dutch (nl-NL), Portuguese (pt-BR u. pt-PT) and Chinese (zh-TW). The rest of the parameters in the backend for these languages are displayed in English – if the module does not find a language-file for the selected frontend-language, it will use the english word ‘Translate’ for the search-button text. this automatism can be overwritten with a own word. V1.0 – Initial release
Read the rest here:
LUCiD LEO Translation
English (Australian) Language Pack
This is an English Australian Joomla! Accredited language Pack which includes Site, Administrator and XML install files. This language pack rectifies a Bing search engine region issue which sets Australian Joomla 1.5.x websites in the Great Britain region. The pack will change your region from en-GB to en-AU in your meta header which Bing uses to determine your region code. This pack uses the standard english language set en-GB within its text. To Install: 1. Download the en-AU_Joomla_lang_full_1.5.15.zip. 2. Log into your Joomla admin backend. 3. Select Extensions Install/Uninstall. 4. Upload the zip. 5. Then select the Extensions/Language manager. 6. Set English (Australia) as your default for both Site and Administrator. And your done! *Please note: Do not remove your English(United Kingdom) language pack as this is required should you decide to un-install the English(Australia) pack. Joomla version 1.5.16 compatible.
Read the original here:
English (Australian) Language Pack
[20100423] – Core – Negative Values for Limit and Offset
Project: Joomla! SubProject: All Severity: Moderate Versions: 1.5.15 and all previous 1.5 releases Exploit type: information Disclosure Reported Date: 2010-Feb-21 Fixed Date: 2010-Apr-23 Description If a user entered a URL with a negative query limit or offset, a PHP notice would display revealing information about the system. Affected Installs All 1.5.x installs prior to and including 1.5.15 are affected. Solution Upgrade to the latest Joomla! version (1.5.16 or later) Reported by Security List Contact The JSST at the Joomla! Security Center .
The rest is here:
[20100423] – Core – Negative Values for Limit and Offset
[20100423] – Core – Installer Migration Script
Project: Joomla! SubProject: All Severity: Low Versions: 1.5.15 and all previous 1.5 releases Exploit type: Code upload Reported Date: 2009-Dec-30 Fixed Date: 2010-Apr-23 Description The migration script in the Joomla! installer does not check the file type being uploaded. If the installation application is present, an attacker could use it to upload malicious files to a server. Affected Installs All 1.5.x installs prior to and including 1.5.15 are affected. Solution Upgrade to the latest Joomla! version (1.5.16 or later) Reported by Nicola Bettini Contact The JSST at the Joomla! Security Center .
Read the rest here:
[20100423] – Core – Installer Migration Script