a:4:{s:5:"child";a:1:{s:0:"";a:1:{s:3:"rss";a:1:{i:0;a:6:{s:4:"data";s:3:" ";s:7:"attribs";a:1:{s:0:"";a:1:{s:7:"version";s:3:"2.0";}}s:8:"xml_base";s:0:"";s:17:"xml_base_explicit";b:0;s:8:"xml_lang";s:0:"";s:5:"child";a:1:{s:0:"";a:1:{s:7:"channel";a:1:{i:0;a:6:{s:4:"data";s:68:" ";s:7:"attribs";a:0:{}s:8:"xml_base";s:0:"";s:17:"xml_base_explicit";b:0;s:8:"xml_lang";s:0:"";s:5:"child";a:3:{s:0:"";a:7:{s:5:"title";a:1:{i:0;a:5:{s:4:"data";s:41:"Joomla! Developer Network - Security News";s:7:"attribs";a:0:{}s:8:"xml_base";s:0:"";s:17:"xml_base_explicit";b:0;s:8:"xml_lang";s:0:"";}}s:11:"description";a:1:{i:0;a:5:{s:4:"data";s:65:"Joomla! - the dynamic portal engine and content management system";s:7:"attribs";a:0:{}s:8:"xml_base";s:0:"";s:17:"xml_base_explicit";b:0;s:8:"xml_lang";s:0:"";}}s:4:"link";a:1:{i:0;a:5:{s:4:"data";s:46:"http://developer.joomla.org/security/news.html";s:7:"attribs";a:0:{}s:8:"xml_base";s:0:"";s:17:"xml_base_explicit";b:0;s:8:"xml_lang";s:0:"";}}s:13:"lastBuildDate";a:1:{i:0;a:5:{s:4:"data";s:31:"Thu, 07 Mar 2013 14:31:02 +0000";s:7:"attribs";a:0:{}s:8:"xml_base";s:0:"";s:17:"xml_base_explicit";b:0;s:8:"xml_lang";s:0:"";}}s:9:"generator";a:1:{i:0;a:5:{s:4:"data";s:40:"Joomla! - Open Source Content Management";s:7:"attribs";a:0:{}s:8:"xml_base";s:0:"";s:17:"xml_base_explicit";b:0;s:8:"xml_lang";s:0:"";}}s:8:"language";a:1:{i:0;a:5:{s:4:"data";s:5:"en-gb";s:7:"attribs";a:0:{}s:8:"xml_base";s:0:"";s:17:"xml_base_explicit";b:0;s:8:"xml_lang";s:0:"";}}s:4:"item";a:15:{i:0;a:6:{s:4:"data";s:31:" ";s:7:"attribs";a:0:{}s:8:"xml_base";s:0:"";s:17:"xml_base_explicit";b:0;s:8:"xml_lang";s:0:"";s:5:"child";a:2:{s:0:"";a:7:{s:5:"title";a:1:{i:0;a:5:{s:4:"data";s:43:"[20130202] - Core - Information Disclosure ";s:7:"attribs";a:0:{}s:8:"xml_base";s:0:"";s:17:"xml_base_explicit";b:0;s:8:"xml_lang";s:0:"";}}s:4:"link";a:1:{i:0;a:5:{s:4:"data";s:106:"http://feeds.joomla.org/~r/JoomlaSecurityNews/~3/IYFwciTAAp8/549-20130202-core-information-disclosure.html";s:7:"attribs";a:0:{}s:8:"xml_base";s:0:"";s:17:"xml_base_explicit";b:0;s:8:"xml_lang";s:0:"";}}s:4:"guid";a:1:{i:0;a:5:{s:4:"data";s:87:"http://developer.joomla.org/security/news/549-20130202-core-information-disclosure.html";s:7:"attribs";a:1:{s:0:"";a:1:{s:11:"isPermaLink";s:5:"false";}}s:8:"xml_base";s:0:"";s:17:"xml_base_explicit";b:0;s:8:"xml_lang";s:0:"";}}s:11:"description";a:1:{i:0;a:5:{s:4:"data";s:1140:"

Project: Joomla!
SubProject: All
Severity: Low
Versions: 3.0.2 and earlier 3.0.x versions.
Exploit type: Information disclosure
Reported Date: 2013-January-16
Fixed Date: 2013-February-4
CVE Number: CVE-2013-1455

Description

Undefined variable caused information disclosure in some situations.

Affected Installs

Joomla! version 3.0.2 and earlier 3.0.x versions.

Solution

Upgrade to version 3.0.3.

Reported by Mark Dexter

Contact

The JSST at the Joomla! Security Center.

Project: Joomla!
SubProject: All
Severity: Low
Versions: 3.0.2 and earlier 3.0.x versions.
Exploit type: Information disclosure
Reported Date: 2013-January-13
Fixed Date: 2013-February-4
CVE Number: CVE-2013-1454

Description

Coding errors led to information disclosure in some situations.

Affected Installs

Joomla! version 3.0.2 and earlier 3.0.x versions.

Solution

Upgrade to version 3.0.3.

Reported by Stergios Kolios

Contact

The JSST at the Joomla! Security Center.

Project: Joomla!
SubProject: All
Severity: Low
Versions: 3.0.2 and earlier 3.0.x versions; version 2.5.8 and earlier 2.5.x versions.
Exploit type: Information disclosure
Reported Date: 2012-October-31
Fixed Date: 2013-February-4
CVE Number: CVE-2013-1453

Description

Method of encoding search terms led to possible information disclosure.

Affected Installs

Joomla! version 3.0.2 and earlier 3.0.x versions; version 2.5.8 and earlier 2.5.x versions.

Solution

Upgrade to version 3.0.3 or 2.5.9.

Reported by Egidio Romano

Contact

The JSST at the Joomla! Security Center.

Project: Joomla!
SubProject: All
Severity: Low
Versions: 3.0.0
Exploit type: XSS Vulnerability
Reported Date: 2012-October-01
Fixed Date: 2012-October-09

Description

Typographical error leads to XSS vulnerability in language search component.

Affected Installs

Joomla! version 3.0.0.

Solution

Upgrade to version 3.0.1

Reported by Jeff Channell

Contact

The JSST at the Joomla! Security Center.

Project: Joomla!
SubProject: All
Severity: Moderate
Versions: 3.0.1 and 3.0.0.
Exploit type: Clickjacking vulnerability
Reported Date: 2012-October-15
Fixed Date: 2012-November-08
CVE Number: CVE-2012-5827

Description

Inadequate protection leads to clickjacking vulnerability.

Affected Installs

Joomla! version 3.0.1 and 3.0.0.

Solution

Upgrade to version 3.0.2

Reported by Ajay Singh Negi

Contact

The JSST at the Joomla! Security Center.

Project: Joomla!
SubProject: All
Severity: Moderate
Versions: 2.5.7 and all earlier 2.5.x versions
Exploit type: Clickjacking vulnerability
Reported Date: 2012-October-15
Fixed Date: 2012-November-08
CVE Number: CVE-2012-5827

Description

Inadequate protection leads to clickjacking vulnerability.

Affected Installs

Joomla! version 2.5.7 and all earlier 2.5.x versions.

Solution

Upgrade to version 2.5.8

Reported by Ajay Singh Negi

Contact

The JSST at the Joomla! Security Center.

Project: Joomla!
SubProject: All
Severity: Low
Versions: 2.5.6 and all earlier 2.5.x versions
Exploit type: XSS Vulnerability
Reported Date: 2012-July-2
Fixed Date: 2012-September-13

Description

Inadequate escaping of output leads to XSS vulnerability in language switcher module.

Affected Installs

Joomla! versions 2.5.6 and all earlier 2.5.x versions

Solution

Upgrade to version 2.5.7

Reported by S. Schurtz

Contact

The JSST at the Joomla! Security Center.

Project: Joomla!
SubProject: All
Severity: Low
Versions: 2.5.6 and all earlier 2.5.x versions
Exploit type: XSS Vulnerability
Reported Date: 2012-April-30
Fixed Date: 2012-September-13

Description

Inadequate escaping of output leads to XSS vulnerability.

Affected Installs

Joomla! versions 2.5.6 and all earlier 2.5.x versions

Solution

Upgrade to version 2.5.7

Reported by Janek Vind and Antoine Cervoise

Contact

The JSST at the Joomla! Security Center.

Project: Joomla!
SubProject: All
Severity: Medium High
Versions: 2.5.4 and all earlier 2.5.x versions
Exploit type: Privilege Escalation
Reported Date: 2012-April-29
Fixed Date: 2012-June-18

Description

Inadequate checking leads to possible user privilege escalation.

Affected Installs

Joomla! versions 2.5.4 and all earlier 2.5.x versions

Solution

Upgrade to version 2.5.5

Reported by Nils Rückmann

Contact

The JSST at the Joomla! Security Center.

Project: Joomla!
SubProject: All
Severity: Low
Versions: 2.5.4 and all earlier 2.5.x versions
Exploit type: Information Disclosure
Reported Date: 2012-May-1
Fixed Date: 2012-June-18

Description

Inadequate filtering leads SQL error and information disclosure.

Affected Installs

Joomla! versions 2.5.4 and all earlier 2.5.x versions

Solution

Upgrade to version 2.5.5

Reported by Jakub Galczyk

Contact

The JSST at the Joomla! Security Center.

Project: Joomla!
SubProject: All
Severity: Low
Versions: 2.5.3 and all earlier 2.5.x versions
Exploit type: Information Disclosure
Reported Date: 2012-January-7
Fixed Date: 2012-April-2

Description

Inadequate permission checking allows unauthorised viewing of some administrative back end information.

Affected Installs

Joomla! versions 2.5.3 and all earlier 2.5.x versions

Solution

Upgrade to version 2.5.4

Reported by Cyrille Barthelemy

Contact

The JSST at the Joomla! Security Center.

Project: Joomla!
SubProject: All
Severity: Low
Versions: 2.5.3 and all earlier 2.5.x versions
Exploit type: XSS Vulnerability
Reported Date: 2012-February-3
Fixed Date: 2012-April-2

Description

Inadequate filtering in update manager leads to XSS vulnerability.

Affected Installs

Joomla! versions 2.5.3 and all earlier 2.5.x versions

Solution

Upgrade to version 2.5.4

Reported by Alex Andreae

Contact

The JSST at the Joomla! Security Center.

Project: Joomla!
SubProject: All
Severity: High
Versions: 1.5.25 and all earlier 1.5.x versions
Exploit type: Password Change
Reported Date: 2012-March-8
Fixed Date: 2012-March-27

Description

Insufficient randomness leads to password reset vulnerability.

Affected Installs

Joomla! versions 1.5.25 and all earlier 1.5.x versions

Solution

Upgrade to version 1.5.26

Reported by George Argyros and Aggelos Kiayias

Contact

The JSST at the Joomla! Security Center.

Project: Joomla!
SubProject: All
Severity: Low
Versions: 1.5.25 and all earlier 1.5.x versions
Exploit type: Information Disclosure
Reported Date: 2012-January-7
Fixed Date: 2012-March-27

Description

Inadequate permission checking allows unauthorised viewing of administrative back end information.

Affected Installs

Joomla! versions 1.5.25 and all earlier 1.5.x versions

Solution

Upgrade to version 1.5.26

Reported by Cyrille Barthelemy

Contact

The JSST at the Joomla! Security Center.

Project: Joomla!
SubProject: All
Severity: High
Versions: 2.5.2, 2.5.1, 2.5.0, and all 1.7.x and 1.6.x releases
Exploit type: Password Change
Reported Date: 2012-March-8
Fixed Date: 2012-March-15

Description

Insufficient randomness leads to password reset vulnerability.

Affected Installs

Joomla! versions 2.5.2, 2.5.1, 2.5.0, and all 1.7.x and 1.6.x versions

Solution

Upgrade to version 2.5.3

Reported by George Argyros and Aggelos Kiayias

Contact

The JSST at the Joomla! Security Center.

";s:7:"attribs";a:0:{}s:8:"xml_base";s:0:"";s:17:"xml_base_explicit";b:0;s:8:"xml_lang";s:0:"";}}s:6:"author";a:1:{i:0;a:5:{s:4:"data";s:36:"dextercowley@gmail.com (Mark Dexter)";s:7:"attribs";a:0:{}s:8:"xml_base";s:0:"";s:17:"xml_base_explicit";b:0;s:8:"xml_lang";s:0:"";}}s:8:"category";a:1:{i:0;a:5:{s:4:"data";s:13:"Core Security";s:7:"attribs";a:0:{}s:8:"xml_base";s:0:"";s:17:"xml_base_explicit";b:0;s:8:"xml_lang";s:0:"";}}s:7:"pubDate";a:1:{i:0;a:5:{s:4:"data";s:31:"Fri, 16 Mar 2012 07:21:02 +0000";s:7:"attribs";a:0:{}s:8:"xml_base";s:0:"";s:17:"xml_base_explicit";b:0;s:8:"xml_lang";s:0:"";}}}s:42:"http://rssnamespace.org/feedburner/ext/1.0";a:1:{s:8:"origLink";a:1:{i:0;a:5:{s:4:"data";s:80:"http://developer.joomla.org/security/news/394-20120304-core-password-change.html";s:7:"attribs";a:0:{}s:8:"xml_base";s:0:"";s:17:"xml_base_explicit";b:0;s:8:"xml_lang";s:0:"";}}}}}}}s:27:"http://www.w3.org/2005/Atom";a:1:{s:4:"link";a:2:{i:0;a:5:{s:4:"data";s:0:"";s:7:"attribs";a:1:{s:0:"";a:3:{s:3:"rel";s:4:"self";s:4:"type";s:19:"application/rss+xml";s:4:"href";s:42:"http://feeds.joomla.org/JoomlaSecurityNews";}}s:8:"xml_base";s:0:"";s:17:"xml_base_explicit";b:0;s:8:"xml_lang";s:0:"";}i:1;a:5:{s:4:"data";s:0:"";s:7:"attribs";a:1:{s:0:"";a:2:{s:3:"rel";s:3:"hub";s:4:"href";s:32:"http://pubsubhubbub.appspot.com/";}}s:8:"xml_base";s:0:"";s:17:"xml_base_explicit";b:0;s:8:"xml_lang";s:0:"";}}}s:42:"http://rssnamespace.org/feedburner/ext/1.0";a:3:{s:4:"info";a:1:{i:0;a:5:{s:4:"data";s:0:"";s:7:"attribs";a:1:{s:0:"";a:1:{s:3:"uri";s:18:"joomlasecuritynews";}}s:8:"xml_base";s:0:"";s:17:"xml_base_explicit";b:0;s:8:"xml_lang";s:0:"";}}s:14:"emailServiceId";a:1:{i:0;a:5:{s:4:"data";s:18:"JoomlaSecurityNews";s:7:"attribs";a:0:{}s:8:"xml_base";s:0:"";s:17:"xml_base_explicit";b:0;s:8:"xml_lang";s:0:"";}}s:18:"feedburnerHostname";a:1:{i:0;a:5:{s:4:"data";s:28:"http://feedburner.google.com";s:7:"attribs";a:0:{}s:8:"xml_base";s:0:"";s:17:"xml_base_explicit";b:0;s:8:"xml_lang";s:0:"";}}}}}}}}}}}}s:4:"type";i:128;s:7:"headers";a:11:{s:12:"content-type";s:23:"text/xml; charset=UTF-8";s:4:"etag";s:27:"vASUJ6k//YtuwJnIlOnGLB9NtGg";s:13:"last-modified";s:29:"Thu, 07 Mar 2013 14:31:02 GMT";s:16:"content-encoding";s:4:"gzip";s:17:"transfer-encoding";s:7:"chunked";s:4:"date";s:29:"Thu, 07 Mar 2013 14:35:18 GMT";s:7:"expires";s:29:"Thu, 07 Mar 2013 14:35:18 GMT";s:13:"cache-control";s:18:"private, max-age=0";s:22:"x-content-type-options";s:7:"nosniff";s:16:"x-xss-protection";s:13:"1; mode=block";s:6:"server";s:3:"GSE";}s:5:"build";s:14:"20090627192103";}