Home page logo
/

oss-sec logo oss-sec mailing list archives

Re: Fwd Joomla! Security News 2012-01
From: Kurt Seifried <kseifried () redhat com>
Date: Sun, 29 Jan 2012 22:26:15 -0700

Oh dang, assigned the wrong year. Please use these instead:

CVE-2012-0819 Joomla! 382-20120101-core-information-disclosure.html
CVE-2012-0820 Joomla! 383-20120102-core-xss-vulnerability.html
CVE-2012-0821 Joomla! 384-20120103-core-information-disclosure.html
CVE-2012-0822 Joomla! 385-20120104-core-xss-vulnerability.html

On 01/26/2012 04:30 PM, Kurt Seifried wrote:
Well no-one spoke up so I'm assuming no CVE's have been issued for these
issues yet.

///////////////////////////////////////////
[20120101] - Core - Information Disclosure

Posted: 23 Jan 2012 01:45 AM PST
http://feedproxy.google.com/~r/JoomlaSecurityNews/~3/MYKnZ2QJKYE/382-20120101-core-information-disclosure.html?utm_source=feedburner&utm_medium=email


http://developer.joomla.org/security/news/382-20120101-core-information-disclosure.html

Project: Joomla! SubProject: All Severity: Low Versions: 1.7.3 and all
earlier 1.7 and 1.6 versions Exploit type: Information Disclosure
Reported Date: 2012-January-07 Fixed Date: 2012-January-24 Description
Inadequate filtering leads to information disclosure. Affected Installs
Joomla! version 1.7.3 and all earlier versions Solution Upgrade to
version 1.7.4 or 2.5.0 or higher Reported by Cyrille Barthelemy Contact
The JSST at the Joomla! Security Center.

Please use CVE-2011-4933 for this issue
(382-20120101-core-information-disclosure.html)

REJECT CVE-2011-4933

Please use CVE-2012-0819 for this issue
(382-20120101-core-information-disclosure.html)


///////////////////////////////////////////
[20120102] - Core - XSS Vulnerability

Posted: 23 Jan 2012 01:45 AM PST
http://feedproxy.google.com/~r/JoomlaSecurityNews/~3/XAEsWEG3dgU/383-20120102-core-xss-vulnerability.html?utm_source=feedburner&utm_medium=email


developer.joomla.org/security/news/383-20120102-core-xss-vulnerability.html

Project: Joomla! SubProject: All Severity: Moderate Versions: 1.7.3 and
all earlier 1.7 and 1.6 versions Exploit type: XSS Vulnerability
Reported Date: 2011-November-16 Fixed Date: 2012-January-24 Description
Inadequate filtering leads to XSS vulnerability. Affected Installs
Joomla! version 1.7.3 and all earlier versions Solution Upgrade to
version 1.7.4 or 2.5.0 or higher Reported by Ankita Kapadia Contact The
JSST at the Joomla! Security Center.

Please use CVE-2011-4934 for this issue
(383-20120102-core-xss-vulnerability.html)

REJECT CVE-2011-4934

Please use CVE-2012-0820 for this issue
(383-20120102-core-xss-vulnerability.html)

///////////////////////////////////////////
[20120103] - Core - Information Disclosure

Posted: 23 Jan 2012 01:45 AM PST
http://feedproxy.google.com/~r/JoomlaSecurityNews/~3/Ed0TMAvyQ4g/384-20120103-core-information-disclosure.html?utm_source=feedburner&utm_medium=email

http://developer.joomla.org/security/news/384-20120103-core-information-disclosure.html

Project: Joomla! SubProject: All Severity: Low Versions: 1.7.3 and all
earlier 1.7 and 1.6 versions Exploit type: Information Disclosure
Reported Date: 2011-December-19 Fixed Date: 2012-January-24 Description
Inadequate filtering leads to information disclosure. Affected Installs
Joomla! version 1.7.3 and all earlier versions Solution Upgrade to
version 1.7.4 or 2.5.0 or higher Reported by Jean-Marie Simonet Contact
The JSST at the Joomla! Security Center.

Please use CVE-2011-4935 for this issue
(384-20120103-core-information-disclosure.html)

REJECT CVE-2011-4935

Please use CVE-2012-0821 for this issue
(384-20120103-core-information-disclosure.html)


///////////////////////////////////////////
[20120104] - Core - XSS Vulnerability

Posted: 23 Jan 2012 01:45 AM PST

http://developer.joomla.org/security/news/385-20120104-core-xss-vulnerability.html

Project: Joomla! SubProject: All Severity: Moderate Versions: 1.7.3 and
all earlier versions Exploit type: XSS Vulnerability Reported Date:
2012-January-22 Fixed Date: 2012-January-24 Description Inadequate
filtering leads to XSS vulnerability. Affected Installs Joomla! version
1.7.3 and all earlier 1.7 and 1.6 versions Solution Upgrade to version
1.7.4 or 2.5.0 or higher Reported by David Jardin Contact The JSST at
the Joomla! Security Center.

Please use CVE-2011-4936 for this issue
(385-20120104-core-xss-vulnerability.html)

REJECT CVE-2011-4936

Please use CVE-2012-0822 for this issue
(385-20120104-core-xss-vulnerability.html)


-- 
Kurt Seifried Red Hat Security Response Team (SRT)


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault