[joomla] New Joomla release 1.5.13: Joomla! Security News
Mitch Pirtle
mitch.pirtle at gmail.com
Thu Jul 23 10:50:43 EDT 2009
Thanks Donna, I missed this totally in my avalanche of work and deadlines.
-- Mitch
On Thu, Jul 23, 2009 at 8:38 AM, Donna Marie
Vincent<donnamarievincent at yahoo.com> wrote:
> Joomla! Security News
>
> ________________________________
>
> [20090722] - Core - Missing JEXEC Check
>
> Posted: 22 Jul 2009 04:36 PM PDT
>
> Project: Joomla!
> SubProject: Framework
> Severity: Moderate
> Versions: 1.5.12 and all previous 1.5 releases
> Exploit type: XSS
> Reported Date: 2009-July-21
> Fixed Date: 2009-July-22
>
> Description
>
> Some files were missing the check for JEXEC. These scripts will then expose
> internal path information of the host.
>
> Affected Installs
>
> All 1.5.x installs prior to and including 1.5.12 are affected.
>
> Solution
>
> Upgrade to latest Joomla! version (1.5.13 or newer).
>
> Reported by Juan Galiana Lara (Internet Security Auditors)
>
> Contact
>
> The JSST at the Joomla! Security Center.
>
> [20090722] - Core - File Upload
>
> Posted: 22 Jul 2009 04:17 PM PDT
>
> Project: Joomla!
> SubProject: TinyMCE editor
> Severity: Critical
> Versions: 1.5.12
> Exploit type: Image File upload
> Reported Date: 2009-July-22
> Fixed Date: 2009-July-22
>
> Description
>
> Tiny browser included with TinyMCE 3.0 editor allowed files to be uploaded
> and removed without logging in.
>
> Affected Installs
>
> Version 1.5.12 only
>
> Solution
>
> Upgrade to latest Joomla! version (1.5.13 or newer).
>
> Reported by Patrice Lazareff.
>
> Contact
>
> The JSST at the Joomla! Security Center.
>
> You are subscribed to email updates from Joomla! Developer - Vulnerability
> News
> To stop receiving these emails, you may unsubscribe now.Email delivery
> powered by Google
> Google Inc., 20 West Kinzie, Chicago IL USA 60610
> _______________________________________________
> New York PHP SIG: Joomla! Mailing List
> http://lists.nyphp.org/mailman/listinfo/joomla
>
> NYPHPCon 2006 Presentations Online
> http://www.nyphpcon.com
>
> Show Your Participation in New York PHP
> http://www.nyphp.org/show_participation.php
>
More information about the Joomla
mailing list