[20130203] – Core – Information Disclosure

Project: Joomla! SubProject: All Severity:  Low Versions: 3.0.2 and earlier 3.0.x versions. Exploit type: Information disclosure Reported Date: 2013-January-13 Fixed Date: 2013-February-4 CVE Number:  CVE-2013-1454 Description Coding errors led to information disclosure in some situations

See the original post:
[20130203] – Core – Information Disclosure

[20130202] – Core – Information Disclosure

Project: Joomla! SubProject: All Severity:  Low Versions: 3.0.2 and earlier 3.0.x versions. Exploit type: Information disclosure Reported Date: 2013-January-16 Fixed Date: 2013-February-4 CVE Number:  CVE-2013-1455 Description Undefined variable caused information disclosure in some situations. Affected Installs Joomla! version 3.0.2 and earlier 3.0.x versions

Read more here:
[20130202] – Core – Information Disclosure

[20121001] – Core – XSS Vulnerability

Project: Joomla! SubProject: All Severity:  Low Versions:  3.0.0 Exploit type: XSS Vulnerability Reported Date: 2012-October-01 Fixed Date: 2012-October-09 Description Typographical error leads to XSS vulnerability in language search component. Affected Installs Joomla! version 3.0.0

Read more here:
[20121001] – Core – XSS Vulnerability

[20120901] – Core – XSS Vulnerability

Project: Joomla! SubProject: All Severity:  Low Versions: 2.5.6 and all earlier 2.5.x versions Exploit type: XSS Vulnerability Reported Date: 2012-April-30 Fixed Date: 2012-September-13 Description Inadequate escaping of output leads to XSS vulnerability. Affected Installs Joomla! versions 2.5.6 and all earlier 2.5.x versions Solution Upgrade to version 2.5.7 Reported by Janek Vind and Antoine Cervoise Contact The JSST at the Joomla! Security Center

Read the original post:
[20120901] – Core – XSS Vulnerability

[20120601] – Core – Privilege Escalation

Project: Joomla! SubProject: All Severity:  Medium High Versions: 2.5.4 and all earlier 2.5.x versions Exploit type: Privilege Escalation Reported Date: 2012-April-29 Fixed Date: 2012-June-18 Description Inadequate checking leads to possible user privilege escalation.

Read the original post:
[20120601] – Core – Privilege Escalation

[20120602] – Core – Information Disclosure

Project: Joomla! SubProject: All Severity: Low Versions: 2.5.4 and all earlier 2.5.x versions Exploit type: Information Disclosure Reported Date: 2012-May-1 Fixed Date: 2012-June-18 Description Inadequate filtering leads SQL error and information disclosure. Affected Installs Joomla! versions 2.5.4 and all earlier 2.5.x versions Solution Upgrade to version 2.5.5 Reported by Jakub Galczyk Contact The JSST at the Joomla! Security Center.

Read more from the original source:
[20120602] – Core – Information Disclosure

[20120307] – Core – Information Disclosure

Project: Joomla! SubProject: All Severity: Low Versions: 2.5.3 and all earlier 2.5.x versions Exploit type: Information Disclosure Reported Date: 2012-January-7 Fixed Date: 2012-April-2 Description Inadequate permission checking allows unauthorised viewing of some administrative back end information.

Link:
[20120307] – Core – Information Disclosure

[20120308] – Core – XSS Vulnerability

Project: Joomla! SubProject: All Severity: Low Versions: 2.5.3 and all earlier 2.5.x versions Exploit type: XSS Vulnerability Reported Date: 2012-February-3 Fixed Date: 2012-April-2 Description Inadequate filtering in update manager leads to XSS vulnerability.

See the rest here:
[20120308] – Core – XSS Vulnerability

[20120306] – Core – Information Disclosure

Project: Joomla! SubProject: All Severity: Low Versions: 1.5.25 and all earlier 1.5.x versions Exploit type: Information Disclosure Reported Date: 2012-January-7 Fixed Date: 2012-March-27 Description Inadequate permission checking allows unauthorised viewing of administrative back end information.

See the rest here:
[20120306] – Core – Information Disclosure

[20120304] – Core – Password Change

Project: Joomla! SubProject: All Severity: High Versions: 2.5.2, 2.5.1, 2.5.0, and all 1.7.x and 1.6.x releases Exploit type: Password Change Reported Date: 2012-March-8 Fixed Date: 2012-March-15 Description Insufficient randomness leads to password reset vulnerability. Affected Installs Joomla! versions 2.5.2, 2.5.1, 2.5.0, and all 1.7.x and 1.6.x versions Solution Upgrade to version 2.5.3 Reported by George Argyros and Aggelos Kiayias Contact The JSST at the Joomla! Security Center.

See more here:
[20120304] – Core – Password Change

[20120303] – Core – Privilege Escalation

Project: Joomla! SubProject: All Severity: High Versions: 2.5.2, 2.5.1, 2.5.0, and all 1.7.x and 1.6.x releases Exploit type: Privilege Escalation Reported Date: 2012-March-12 Fixed Date: 2012-March-15 Description Programming error allows privilege escalation in some cases. Affected Installs Joomla! versions 2.5.2, 2.5.1, 2.5.0, and all 1.7.x and 1.6.x versions Solution Upgrade to version 2.5.3 Reported by  Jeff Channel Contact The JSST at the Joomla! Security Center

Read the original:
[20120303] – Core – Privilege Escalation

[20120301] – Core – SQL Injection

Project: Joomla! SubProject: All Severity: High Versions: 2.5.1, 2.5.0 and 1.7.0 – 1.7.5 Exploit type: SQL Injection Reported Date: 2012-February-29 Fixed Date: 2012-March-05 Description Inadequate escaping leads to SQL injection vulnerability. Affected Installs Joomla! version 2.5.1, 2.5.0, 1.7.4, and all earlier 1.7.x versions Solution Upgrade to version 2.5.2 Reported by Colin Wong Contact The JSST at the Joomla! Security Center

Go here to read the rest:
[20120301] – Core – SQL Injection

[20120201] – Core – Information Disclosure

Project: Joomla! SubProject: All Severity: Low Versions: 2.5.0 and 1.7.0 – 1.7.4 Exploit type: Information Disclosure Reported Date: 2012-January-29 Fixed Date: 2012-February-02 Description Inadequate validation leads to information disclosure in administrator. Affected Installs Joomla! version 2.5.0, 1.7.4, and all earlier 1.7.x versions Solution Upgrade to version 1.7.5 or 2.5.1 or higher Reported by Jakub Galczyk Contact The JSST at the Joomla! Security Center.

Link:
[20120201] – Core – Information Disclosure

[20120202] – Core – Information Disclosure

Project: Joomla! SubProject: All Severity: Moderate Versions: 1.7.4 and all earlier 1.7.x versions Exploit type: Information Disclosure Reported Date: 2012-January-06 Fixed Date: 2012-February-02 Description On some servers the error log could be read by unauthorised users.

More:
[20120202] – Core – Information Disclosure

[20111103] – Core – Password Change

Project: Joomla! SubProject: All Severity: High Versions: 1.5.24 and all earlier 1.5 versions Exploit type: Password Change Reported Date: 2011-October-28 Fixed Date: 2011-November-14 Description Weak random number generation during password reset leads to possibility of changing a user’s password. Affected Installs Joomla! version 1.5.24 and all earlier 1.5 versions Solution Upgrade to the latest Joomla! 1.5 version (1.5.25 or later) Reported by  David Jardin Contact The JSST at the Joomla! Security Center .

Read this article:
[20111103] – Core – Password Change

[20111001] – Core – Information Disclosure

Project: Joomla! SubProject: All Severity: Moderate Versions: 1.7.1 Exploit type: Information Disclosure Reported Date: 2011-September-09 Fixed Date: 2011-October-17 Description Weak encryption causes potential information disclosure. Affected Installs Joomla! version 1.7.1 and earlier Solution Upgrade to the latest Joomla! version (1.7.2 or later) Reported by Jeff Channell Contact The JSST at the Joomla! Security Center .

Link:
[20111001] – Core – Information Disclosure

[20111002] – Core – Information Disclosure

Project: Joomla! SubProject: All Severity: Low Versions: 1.7.1 Exploit type: Information Disclosure Reported Date: 2011-August-02 Fixed Date: 2011-October-17 Description Inadequate error checking causes potential information disclosure. Affected Installs Joomla! version 1.7.1 and earlier Solution Upgrade to the latest Joomla! version (1.7.2 or later) Reported by Aung Khant, YGN Ethical Hacker Group Contact The JSST at the Joomla! Security Center

Visit link:
[20111002] – Core – Information Disclosure

[20110903] – Core – Information Disclosure

Project: Joomla! SubProject: All Severity: Low Versions: 1.7.0 Exploit type: Information Disclosure Reported Date: 2011-September-23 Fixed Date: 2011-September-26 Description Inadequate error checking causes information disclosure.

Excerpt from:
[20110903] – Core – Information Disclosure