Next Page >>
Joomla
www.sektioneins.de
-= Security Advisory =-
Advisory: Joomla Weak Random Password Reset Token Vulnerability
Release Date: 2008/09/11
Last Modified: 2008/09/11
Author: Stefan Esser [stefan.esser[at]sektioneins.de]
Application: Joomla <= 1.5.7
.OR.ID
ECHO_ADV_111$2009
-----------------------------------------------------------------------------------------
[ECHO_ADV_111$2009] Joomla Hotel Booking System Component XSS/SQL Injection Multiple Vulnerability
-----------------------------------------------------------------------------------------
Author : K-159
Date : September, 11 th 2009
Location : Jakarta, Indonesia
=================================
Joomla! 1.6.0 | SQL Injection Vulnerability
=================================
1. OVERVIEW
Joomla! 1.6.0 was vulnerable to SQL Injection.
==========================================
Joomla! 1.6.0 | Cross Site Scripting (XSS) Vulnerability
==========================================
1. OVERVIEW
Joomla! 1.6.0 was vulnerable to Cross Site Scripting.
==============================================================================
Joomla! 1.0.x ~ 1.0.15 | Cross Site Scripting (XSS) Vulnerability
==============================================================================
1. OVERVIEW
The Joomla! 1.0.x series are currently vulnerable to Cross Site Scripting.
- Severity: 6.8/10 (CVSS Base Score)
=============================================
I. VULNERABILITY
-------------------------
Joomla! < 1.5.12 Multiple XSS vulnerabilities in HTTP Headers
II. BACKGROUND
-------------------------
Joomla! is an award-winning content management system (CMS), which
enables you to build Web sites and powerful online applications. Many
[HSC] Multiple CSRF in Joomla all versions - Complete compromise
Hackers Center Security Group (http://www.hackerscenter.com)
Credit: Armando Romeo aka Zinho
Class: CSRF
Remote: Yes
Risk: HIGH
Joomla! 1.7.0-RC and lower | Multiple Cross Site Scripting (XSS)
Vulnerabilities
1. OVERVIEW
Joomla! 1.7.0-RC and versions of 1.6.x are vulnerable to multiple
Cross Site Scripting issues.
Title:
======
Joomla com_photo - SQL Injection Vulnerability
Date:
=====
2012-07-10
########################################
#
# AmnPardaz Security Research & Penetration Testing Group
#
#
# Title: Exploit for JCE Joomla Extension (Auto Shell
Uploader) V0.1 - PHP Version
# Vendor: http://www.joomlacontenteditor.net
# Vulnerable Version: JCE 2.0.10 (prior versions also may be affected)
# Exploitation: Remote with browser
# Original Advisory: http://www.bugreport.ir/index_78.htm
#2010-002 Joomla input sanitization errors (XSS)
Description:
Joomla, an open source content management system, suffers from a cross-site
scripting (XSS) vulnerability.
Insufficient input sanitization on the parameters passed to pages related to
administration settings leads to arbitrary javascript injection in the context
Title:
======
Joomla com_package - SQL Injection Vulnerability
Date:
=====
2012-07-08
#!/usr/bin/perl -w
#########################################################
# Joomla Component xsstream-dm 0.01 Beta Remote SQL Injection #
# download : http://sstreamtv.com/index.php?option=com_docman&task=doc_details&gid=24
#########################################################
########################################
#[*] Founded by : Houssamix From H-T Team
#[*] H-T Team [ HouSSaMix + ToXiC350 ] from MoroCCo
- Severity: 5/10 (CVSS Base Score)
=============================================
I. VULNERABILITY
-------------------------
Joomla! < 1.5.12 Multiple Full Path Disclosure vulnerabilities
II. BACKGROUND
-------------------------
Joomla! is an award-winning content management system (CMS), which
enables you to build Web sites and powerful online applications. Many
Joomla! 1.7.0 | Multiple Cross Site Scripting (XSS) Vulnerabilities
1. OVERVIEW
Joomla! 1.7.0 (stable version) is vulnerable to multiple Cross Site
Scripting issues.
Joomla! 1.6.3 and lower | Multiple Cross Site Scripting (XSS) Vulnerabilities
1. OVERVIEW
Joomla! 1.6.3 and lower are vulnerable to multiple Cross Site Scripting issues.
2. BACKGROUND
- Severity: 6.4/10 (CVSS Base Score)
=============================================
I. VULNERABILITY
-------------------------
Joomla! 1.5.10 JA_Purity Multiple Persistent XSS
II. BACKGROUND
-------------------------
Joomla! is an award-winning content management system (CMS), which
enables you to build Web sites and powerful online applications. Many
Hello JoomlaJabber!
> I believe this is now resolved.....
You confused it with Joomla module 3D Cloud (mod_3dcloud). Which I wrote
about at my site and reported to Bugtraq at January.
3D Cloud developers didn't answer me, so I don't know fixed it or not, but
in this advisory I talked about another Joomla module. I wrote about module
3D user cloud for Joomla (mod_democbusr3dcloud, mod_cbusr3dcloud and
1. OVERVIEW
The Joomla! web application was vulnerable to Cross Site Scripting
vulnerability.
2. PRODUCT DESCRIPTION
Joomla is a free and open source content management system (CMS) for
publishing content on the World Wide Web and intranets. It comprises a
Title:
======
Joomla com_fireboard - SQL Injection Vulnerability
Date:
=====
2012-07-11
Joomla! 1.6.0 | Information Disclosure/Full Path Disclosure Vulnerability
1. OVERVIEW
Joomla! 1.6.0 is vulnerable to Full Path Disclosure.
2. BACKGROUND
This public disclosure has achieved its aim.
Joomla! Team finally patched this hole.
http://developer.joomla.org/security/news/9-security/10-core-security/323-20101101-core-sqli-info-disclosurevulnerabilities.html
Upgrade to the latest Joomla! version (1.5.22 or later).
i would hardly call that a serious issue.
On 19 Sep 2007 10:10:34 -0000, vinodsharma.mmit@gmail.com
<vinodsharma.mmit@gmail.com> wrote:
> OverView:
> There is a programming flaw in com_media component of joomla content mangement system. Com_media component allows only image(.png, .jpeg, .gif) file to be uploaded to the server. but flaw is that we can upload any html files by changing it name something like example.html.png
>
> Affected Product: Joomla 1.0.13
>
> Proof of Concept:
>
Information
--------------------
Name : XSS vulnerability in Joomla 1.6.3.
Software : All 1.6.x installs prior to and including 1.6.3 are affected.
Vendor Hompeage : http://www.joomla.org
Vulnerability Type : Cross-Site Scripting
Severity : High
Researcher : Mesut Timur <mesut [at] mavitunasecurity [dot] com>
Advisory Reference : NS-11-009
OverView:
There is a programming flaw in com_media component of joomla content mangement system. Com_media component allows only image(.png, .jpeg, .gif) file to be uploaded to the server. but flaw is that we can upload any html files by changing it name something like example.html.png
Affected Product: Joomla 1.0.13
Proof of Concept:
Below are the steps for POC:
STEP1: first create an html file with any script
used in the code of specific webapp). Use unset($_SESSION['security_code']);
in the code when you are processing the form.
This solution can be used for all affected web applications mentioned by me
in last advisories (that have this hole). But concerning CB Captcha if it
works in Joomla 1.0 and Mambo, it doesn't work in Joomla 1.5, because it
uses another method to work with sessions and for it another code must be
used (for clearing of session).
Best wishes & regards,
MustLive
Summary: another backdoored joomla component (yawn)
Application: Jumi, a joomla component
About Jumi:
Jumi is the set of custom code extensions for Joomla! 1.0.x and 1.5.x in
their native modes. Since 2006 more then 200.000 downloads. With Jumi you
can include php, html, javascript scripts into the modules position,
articles, category or section descriptions, or into your own custom made
component pages.
[waraxe-2012-SA#088] - Reflected XSS in Joomla 2.5.4 admin sysinfo page
===============================================================================
Author: Janek Vind "waraxe"
Date: 03. May 2012
Location: Estonia, Tartu
Web: http://www.waraxe.us/advisory-88.html
CVE: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2412
[waraxe-2012-SA#087] - Reflected XSS in Joomla 1.5.26 "ja_purity" template
===============================================================================
Author: Janek Vind "waraxe"
Date: 03. May 2012
Location: Estonia, Tartu
Web: http://www.waraxe.us/advisory-87.html
CVE: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2413
Date: Jan 08, 2008
Severity: Mild
There exists a Cross Site Scripting security hole in Joomla 1.0.13.
Background
==========
Next Page>>
|
