oss-sec mailing list archives
Joomla! Security News 2012-06-19
From: Henri Salo <henri () nerv fi>
Date: Tue, 19 Jun 2012 15:41:02 +0300
Two issues without CVEs again. Could I get those assigned, thanks. 1. 20120601 - Core - Privilege Escalation 2. 20120602 - Core - Information Disclosure - Henri Salo ps. forwarded email from Joomla below ----- Forwarded message from Joomla! Developer Network - Security News <no_reply () joomla org> ----- Subject: Joomla! Security News From: Joomla! Developer Network - Security News <no_reply () joomla org> To: henri () nerv fi Joomla! Developer Network - Security News /////////////////////////////////////////// [20120601] - Core - Privilege Escalation Posted: 19 Jun 2012 12:21 AM PDT http://feedproxy.google.com/~r/JoomlaSecurityNews/~3/I2o1kbJKIVQ/470-20120601-core-privilege-escalation.html?utm_source=feedburner&utm_medium=email Project: Joomla! SubProject: All Severity: Medium High Versions: 2.5.4 and all earlier 2.5.x versions Exploit type: Privilege Escalation Reported Date: 2012-April-29 Fixed Date: 2012-June-18 Description Inadequate checking leads to possible user privilege escalation. Affected Installs Joomla! versions 2.5.4 and all earlier 2.5.x versions Solution Upgrade to version 2.5.5 Reported by Nils Rückmann Contact The JSST at the Joomla! Security Center. /////////////////////////////////////////// [20120602] - Core - Information Disclosure Posted: 19 Jun 2012 12:21 AM PDT http://feedproxy.google.com/~r/JoomlaSecurityNews/~3/K71HzujRDDs/471-20120602-core-information-disclosure.html?utm_source=feedburner&utm_medium=email Project: Joomla! SubProject: All Severity: Low Versions: 2.5.4 and all earlier 2.5.x versions Exploit type: Information Disclosure Reported Date: 2012-May-1 Fixed Date: 2012-June-18 Description Inadequate filtering leads SQL error and information disclosure. Affected Installs Joomla! versions 2.5.4 and all earlier 2.5.x versions Solution Upgrade to version 2.5.5 Reported by Jakub Galczyk Contact The JSST at the Joomla! Security Center. -- You are subscribed to email updates from "Joomla! Developer Network - Security News." To stop receiving these emails, you may unsubscribe now: http://feedburner.google.com/fb/a/mailunsubscribe?k=JWlBXz9w0F12fWtPu46jwc9_Jcc Email delivery powered by Google. Google Inc., 20 West Kinzie, Chicago IL USA 60610 ----- End forwarded message -----
Current thread:
- Joomla! Security News 2012-06-19 Henri Salo (Jun 19)
- Re: Joomla! Security News 2012-06-19 Kurt Seifried (Jun 19)