Joomla! Security News

---

• [20110308] - Core - CSRF Vulnerability
• [20110307] - Core - XSS Vulnerabilities
• [20110306] - Core - DOS Vulnerabilities
• [20110305] - Core - CSRF Vulnerability
• [20110304] - Core - Unauthorised Access
• [20110303] - Core - Information Disclosure
• [20110302] - Core - Redirect Vulnerabilities
• [20110301] - Core - Information Disclosure
• [20110204] - Core - XSS Vulnerabilities

[20110308] - Core - CSRF Vulnerability Posted: 04 Mar 2011 02:51 PM PST Project: Joomla! SubProject: All Severity: Low Versions: 1.6.0 Exploit type: Cross Site Request Forgery Reported Date: 2011-March-04 Fixed Date: 2011-March-07 Description Inadequate token checking leads to cross-site request forgery vulnerability. Affected Installs Joomla! version 1.6.0. Solution Upgrade to the latest Joomla! version (1.6.1 or later) Reported by Marius van Rijnsoever Contact The JSST at the Joomla! Security Center.

[20110307] - Core - XSS Vulnerabilities Posted: 04 Mar 2011 02:45 PM PST Project: Joomla! SubProject: All Severity: Moderate Versions: 1.6.0 Exploit type: XSS Reported Date: 2011-March-02 Fixed Date: 2011-March-07 Description Inadequate filtering causes XSS vulnerabilities. Affected Installs Joomla! version 1.6.0. Solution Upgrade to the latest Joomla! version (1.6.1 or later) Reported by security@joomla.org Contact The JSST at the Joomla! Security Center.

[20110306] - Core - DOS Vulnerabilities Posted: 04 Mar 2011 02:40 PM PST Project: Joomla! SubProject: All Severity: Moderate Versions: 1.6.0 Exploit type: Denial of Service Reported Date: 2011-March-01 Fixed Date: 2011-March-07 Description Editor caching can result in disk space denial of service. Affected Installs Joomla! version 1.6.0. Solution Upgrade to the latest Joomla! version (1.6.1 or later) Reported by Jeff Channell Contact The JSST at the Joomla! Security Center.

[20110305] - Core - CSRF Vulnerability Posted: 04 Mar 2011 02:35 PM PST Project: Joomla! SubProject: All Severity: Moderate Versions: 1.6.0 Exploit type: CSRF Vulnerability Reported Date: 2011-February-28 Fixed Date: 2011-March-07 Description Inadequate token checking causes cross site request forgery vulnerability. Affected Installs Joomla! version 1.6.0. Solution Upgrade to the latest Joomla! version (1.6.1 or later) Reported by Marius Van Rijnsoever Contact The JSST at the Joomla! Security Center.

[20110304] - Core - Unauthorised Access Posted: 04 Mar 2011 02:25 PM PST Project: Joomla! SubProject: All Severity: Low Versions: 1.6.0 Exploit type: Unauthorised Access Reported Date: 2011-February-25 Fixed Date: 2011-March-07 Description Inadequate control of which files can be edited by authenticated users. Affected Installs Joomla! version 1.6.0. Solution Upgrade to the latest Joomla! version (1.6.1 or later) Reported by Jeff Channell Contact The JSST at the Joomla! Security Center.

[20110303] - Core - Information Disclosure Posted: 04 Mar 2011 02:20 PM PST Project: Joomla! SubProject: All Severity: Moderate Versions: 1.6.0 Exploit type: Information Disclosure Reported Date: 2011-February-22 Fixed Date: 2011-March-07 Description Inadequate filtering causes information disclosure. Affected Installs Joomla! version 1.6.0. Solution Upgrade to the latest Joomla! version (1.6.1 or later) Reported by Jeff Channell Contact The JSST at the Joomla! Security Center.

[20110302] - Core - Redirect Vulnerabilities Posted: 04 Mar 2011 02:16 PM PST Project: Joomla! SubProject: All Severity: Moderate Versions: 1.6.0 Exploit type: Redirect Vulnerabilities Reported Date: 2011-February-22 Fixed Date: 2011-March-07 Description Inadequate checking of redirect URL's. Affected Installs Joomla! version 1.6.0. Solution Upgrade to the latest Joomla! version (1.6.1 or later) Reported by Jeff Channell Contact The JSST at the Joomla! Security Center.

[20110301] - Core - Information Disclosure Posted: 04 Mar 2011 02:12 PM PST Project: Joomla! SubProject: All Severity: Moderate Versions: 1.6.0 Exploit type: Information Disclosure Reported Date: 2011-February-22 Fixed Date: 2011-March-07 Description Inadequate access checking leads to information disclosure. Affected Installs Joomla! version 1.6.0. Solution Upgrade to the latest Joomla! version (1.6.1 or later) Reported by Jeff Channell Contact The JSST at the Joomla! Security Center.

[20110204] - Core - XSS Vulnerabilities Posted: 22 Feb 2011 08:56 PM PST Project: Joomla! SubProject: All Severity: Moderate Versions: 1.6.0 Exploit type: Information Disclosure Reported Date: 2011-January-17 Fixed Date: 2011-March-07 Description Inadequate filtering causes XSS vulnerabilities. Affected Installs Joomla! version 1.6.0. Solution Upgrade to the latest Joomla! version (1.6.1 or later) Reported by Jeff Channell Contact The JSST at the Joomla! Security Center.