Joomla! 1.5 Security News

17 views

Skip to first unread message

Hazzaa

unread,

Mar 28, 2012, 9:20:45 AM3/28/12

to Omaha Joomla! User Group

[20120305] - Core - Password Change
Posted: 28 Mar 2012 12:21 AM PDT
Project: Joomla!
SubProject: All
Severity: High
Versions: 1.5.25 and all earlier 1.5.x versions
Exploit type: Password Change
Reported Date: 2012-March-8
Fixed Date: 2012-March-27
Description

Insufficient randomness leads to password reset vulnerability.

Affected Installs

Joomla! versions 1.5.25 and all earlier 1.5.x versions

Solution

Upgrade to version 1.5.26

Reported by George Argyros and Aggelos Kiayias

Contact

The JSST at the Joomla! Security Center.

[20120306] - Core - Information Disclosure
Posted: 28 Mar 2012 12:21 AM PDT
Project: Joomla!
SubProject: All
Severity: Low
Versions: 1.5.25 and all earlier 1.5.x versions
Exploit type: Information Disclosure
Reported Date: 2012-January-7
Fixed Date: 2012-March-27
Description

Inadequate permission checking allows unauthorised viewing of
administrative back end information.

Affected Installs

Joomla! versions 1.5.25 and all earlier 1.5.x versions

Solution

Upgrade to version 1.5.26

Reported by Cyrille Barthelemy

Contact

The JSST at the Joomla! Security Center.

Reply all

Reply to author

Forward

0 new messages