04Feb [20130202] – Core – Information Disclosure

Project: Joomla! SubProject: All Severity:  Low Versions: 3.0.2 and earlier 3.0.x versions. Exploit type: Information disclosure Reported Date: 2013-January-16 Fixed Date: 2013-February-4 CVE Number:  CVE-2013-1455 Description Undefined variable caused information disclosure in some situations. Affected Installs Joomla! version 3.0.2 and earlier 3.0.x versions

04Feb [20130203] – Core – Information Disclosure

Project: Joomla! SubProject: All Severity:  Low Versions: 3.0.2 and earlier 3.0.x versions. Exploit type: Information disclosure Reported Date: 2013-January-13 Fixed Date: 2013-February-4 CVE Number:  CVE-2013-1454 Description Coding errors led to information disclosure in some situations

10Oct [20121001] – Core – XSS Vulnerability

Project: Joomla! SubProject: All Severity:  Low Versions:  3.0.0 Exploit type: XSS Vulnerability Reported Date: 2012-October-01 Fixed Date: 2012-October-09 Description Typographical error leads to XSS vulnerability in language search component. Affected Installs Joomla! version 3.0.0

14Sep [20120901] – Core – XSS Vulnerability

Project: Joomla! SubProject: All Severity:  Low Versions: 2.5.6 and all earlier 2.5.x versions Exploit type: XSS Vulnerability Reported Date: 2012-April-30 Fixed Date: 2012-September-13 Description Inadequate escaping of output leads to XSS vulnerability. Affected Installs Joomla! versions 2.5.6 and all earlier 2.5.x versions Solution Upgrade to version 2.5.7 Reported by Janek Vind and Antoine Cervoise Contact The JSST at the Joomla! Security Center

19Jun [20120601] – Core – Privilege Escalation

Project: Joomla! SubProject: All Severity:  Medium High Versions: 2.5.4 and all earlier 2.5.x versions Exploit type: Privilege Escalation Reported Date: 2012-April-29 Fixed Date: 2012-June-18 Description Inadequate checking leads to possible user privilege escalation.

19Jun [20120602] – Core – Information Disclosure

Project: Joomla! SubProject: All Severity: Low Versions: 2.5.4 and all earlier 2.5.x versions Exploit type: Information Disclosure Reported Date: 2012-May-1 Fixed Date: 2012-June-18 Description Inadequate filtering leads SQL error and information disclosure. Affected Installs Joomla! versions 2.5.4 and all earlier 2.5.x versions Solution Upgrade to version 2.5.5 Reported by Jakub Galczyk Contact The JSST at the Joomla! Security Center.

03Apr [20120308] – Core – XSS Vulnerability

Project: Joomla! SubProject: All Severity: Low Versions: 2.5.3 and all earlier 2.5.x versions Exploit type: XSS Vulnerability Reported Date: 2012-February-3 Fixed Date: 2012-April-2 Description Inadequate filtering in update manager leads to XSS vulnerability.

03Apr [20120307] – Core – Information Disclosure

Project: Joomla! SubProject: All Severity: Low Versions: 2.5.3 and all earlier 2.5.x versions Exploit type: Information Disclosure Reported Date: 2012-January-7 Fixed Date: 2012-April-2 Description Inadequate permission checking allows unauthorised viewing of some administrative back end information.

28Mar [20120306] – Core – Information Disclosure

Project: Joomla! SubProject: All Severity: Low Versions: 1.5.25 and all earlier 1.5.x versions Exploit type: Information Disclosure Reported Date: 2012-January-7 Fixed Date: 2012-March-27 Description Inadequate permission checking allows unauthorised viewing of administrative back end information.

16Mar [20120304] – Core – Password Change

Project: Joomla! SubProject: All Severity: High Versions: 2.5.2, 2.5.1, 2.5.0, and all 1.7.x and 1.6.x releases Exploit type: Password Change Reported Date: 2012-March-8 Fixed Date: 2012-March-15 Description Insufficient randomness leads to password reset vulnerability. Affected Installs Joomla! versions 2.5.2, 2.5.1, 2.5.0, and all 1.7.x and 1.6.x versions Solution Upgrade to version 2.5.3 Reported by George Argyros and Aggelos Kiayias Contact The JSST at the Joomla! Security Center.

15Mar [20120303] – Core – Privilege Escalation

Project: Joomla! SubProject: All Severity: High Versions: 2.5.2, 2.5.1, 2.5.0, and all 1.7.x and 1.6.x releases Exploit type: Privilege Escalation Reported Date: 2012-March-12 Fixed Date: 2012-March-15 Description Programming error allows privilege escalation in some cases. Affected Installs Joomla! versions 2.5.2, 2.5.1, 2.5.0, and all 1.7.x and 1.6.x versions Solution Upgrade to version 2.5.3 Reported by  Jeff Channel Contact The JSST at the Joomla! Security Center

05Mar [20120301] – Core – SQL Injection

Project: Joomla! SubProject: All Severity: High Versions: 2.5.1, 2.5.0 and 1.7.0 – 1.7.5 Exploit type: SQL Injection Reported Date: 2012-February-29 Fixed Date: 2012-March-05 Description Inadequate escaping leads to SQL injection vulnerability. Affected Installs Joomla! version 2.5.1, 2.5.0, 1.7.4, and all earlier 1.7.x versions Solution Upgrade to version 2.5.2 Reported by Colin Wong Contact The JSST at the Joomla! Security Center

02Feb [20120201] – Core – Information Disclosure

Project: Joomla! SubProject: All Severity: Low Versions: 2.5.0 and 1.7.0 – 1.7.4 Exploit type: Information Disclosure Reported Date: 2012-January-29 Fixed Date: 2012-February-02 Description Inadequate validation leads to information disclosure in administrator. Affected Installs Joomla! version 2.5.0, 1.7.4, and all earlier 1.7.x versions Solution Upgrade to version 1.7.5 or 2.5.1 or higher Reported by Jakub Galczyk Contact The JSST at the Joomla! Security Center.

02Feb [20120202] – Core – Information Disclosure

Project: Joomla! SubProject: All Severity: Moderate Versions: 1.7.4 and all earlier 1.7.x versions Exploit type: Information Disclosure Reported Date: 2012-January-06 Fixed Date: 2012-February-02 Description On some servers the error log could be read by unauthorised users.

15Nov [20111103] – Core – Password Change

Project: Joomla! SubProject: All Severity: High Versions: 1.5.24 and all earlier 1.5 versions Exploit type: Password Change Reported Date: 2011-October-28 Fixed Date: 2011-November-14 Description Weak random number generation during password reset leads to possibility of changing a user’s password. Affected Installs Joomla! version 1.5.24 and all earlier 1.5 versions Solution Upgrade to the latest Joomla! 1.5 version (1.5.25 or later) Reported by  David Jardin Contact The JSST at the Joomla! Security Center .

17Oct [20111001] – Core – Information Disclosure

Project: Joomla! SubProject: All Severity: Moderate Versions: 1.7.1 Exploit type: Information Disclosure Reported Date: 2011-September-09 Fixed Date: 2011-October-17 Description Weak encryption causes potential information disclosure. Affected Installs Joomla! version 1.7.1 and earlier Solution Upgrade to the latest Joomla! version (1.7.2 or later) Reported by Jeff Channell Contact The JSST at the Joomla! Security Center .

17Oct [20111002] – Core – Information Disclosure

Project: Joomla! SubProject: All Severity: Low Versions: 1.7.1 Exploit type: Information Disclosure Reported Date: 2011-August-02 Fixed Date: 2011-October-17 Description Inadequate error checking causes potential information disclosure. Affected Installs Joomla! version 1.7.1 and earlier Solution Upgrade to the latest Joomla! version (1.7.2 or later) Reported by Aung Khant, YGN Ethical Hacker Group Contact The JSST at the Joomla! Security Center

26Sep [20110903] – Core – Information Disclosure

Project: Joomla! SubProject: All Severity: Low Versions: 1.7.0 Exploit type: Information Disclosure Reported Date: 2011-September-23 Fixed Date: 2011-September-26 Description Inadequate error checking causes information disclosure.