NYCPHP Meetup

NYPHP.org

[joomla] Fwd: Joomla! Security News

Laura Gordon rytech123 at gmail.com
Tue Apr 3 08:25:48 EDT 2012 

fyi...

---------- Forwarded message ----------
From: Joomla! Developer Network - Security News <no_reply at joomla.org>
Date: Tue, Apr 3, 2012 at 8:22 AM
Subject: Joomla! Security News
To: rytech123 at gmail.com


**
   Joomla! Security News <http://developer.joomla.org/security/news.html>
 <http://fusion.google.com/add?source=atgs&feedurl=http://feeds.feedburner.com/JoomlaSecurityNews>
------------------------------

[20120307] - Core - Information
Disclosure<http://feedproxy.google.com/%7Er/JoomlaSecurityNews/%7E3/qLQFOEsKrro/398-20120307-core-information-disclosure.html?utm_source=feedburner&utm_medium=email>

Posted: 03 Apr 2012 12:21 AM PDT

   - *Project:* Joomla!
   - *SubProject:* All
   - * Severity:* Low
   - *Versions:* 2.5.3 and all earlier 2.5.x versions
   - *Exploit type:* Information Disclosure
   - *Reported Date:* 2012-January-7
   - *Fixed Date:* 2012-April-2

Description

Inadequate permission checking allows unauthorised viewing of some
administrative back end information.
Affected Installs

Joomla! versions 2.5.3 and all earlier 2.5.x versions
Solution

Upgrade to version 2.5.4

Reported by Cyrille Barthelemy
Contact

The JSST at the Joomla! Security Center.
<http://feeds.feedburner.com/%7Eff/JoomlaSecurityNews?a=qLQFOEsKrro:ExdixrJra5Q:yIl2AUoC8zA>

[20120308] - Core - XSS
Vulnerability<http://feedproxy.google.com/%7Er/JoomlaSecurityNews/%7E3/QmpconaVV9A/399-20120308-core-xss-vulnerability.html?utm_source=feedburner&utm_medium=email>

Posted: 03 Apr 2012 12:21 AM PDT

   - *Project:* Joomla!
   - *SubProject:* All
   - * Severity:* Low
   - *Versions:* 2.5.3 and all earlier 2.5.x versions
   - *Exploit type:* XSS Vulnerability
   - *Reported Date:* 2012-February-3
   - *Fixed Date:* 2012-April-2

Description

Inadequate filtering in update manager leads to XSS vulnerability.
Affected Installs

Joomla! versions 2.5.3 and all earlier 2.5.x versions
Solution

Upgrade to version 2.5.4

Reported by Alex Andreae
Contact

The JSST at the Joomla! Security Center.
<http://feeds.feedburner.com/%7Eff/JoomlaSecurityNews?a=QmpconaVV9A:_ThWyuguTUs:yIl2AUoC8zA>
   You are subscribed to email updates from Joomla! Developer Network -
Security News <http://developer.joomla.org/security/news.html>
To stop receiving these emails, you may unsubscribe
now<http://feedburner.google.com/fb/a/mailunsubscribe?k=VOn2LflPmMepisLclOaCvkcQLcA>
. Email delivery powered by Google  Google Inc., 20 West Kinzie, Chicago IL
USA 60610



-- 
I have a new email address: rytech123 at gmail.com

Trainer with www.Video2Brain.com
Board Member of www.JoomlaNYC.org
Trainer for www.JoomlaTraining.com
Sponsor & Coordinator for www.JoomlaDayNYC.com

www.RytechSites.com
Dynamic Websites for your company!
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.nyphp.org/pipermail/joomla/attachments/20120403/49f6f297/attachment.html>

More information about the Joomla mailing list