Thanks Donna, I missed this totally in my avalanche of work and deadlines. -- Mitch
On Thu, Jul 23, 2009 at 8:38 AM, Donna Marie Vincent<donnamarievinc...@yahoo.com> wrote: > Joomla! Security News > > ________________________________ > > [20090722] - Core - Missing JEXEC Check > > Posted: 22 Jul 2009 04:36 PM PDT > > Project: Joomla! > SubProject: Framework > Severity: Moderate > Versions: 1.5.12 and all previous 1.5 releases > Exploit type: XSS > Reported Date: 2009-July-21 > Fixed Date: 2009-July-22 > > Description > > Some files were missing the check for JEXEC. These scripts will then expose > internal path information of the host. > > Affected Installs > > All 1.5.x installs prior to and including 1.5.12 are affected. > > Solution > > Upgrade to latest Joomla! version (1.5.13 or newer). > > Reported by Juan Galiana Lara (Internet Security Auditors) > > Contact > > The JSST at the Joomla! Security Center. > > [20090722] - Core - File Upload > > Posted: 22 Jul 2009 04:17 PM PDT > > Project: Joomla! > SubProject: TinyMCE editor > Severity: Critical > Versions: 1.5.12 > Exploit type: Image File upload > Reported Date: 2009-July-22 > Fixed Date: 2009-July-22 > > Description > > Tiny browser included with TinyMCE 3.0 editor allowed files to be uploaded > and removed without logging in. > > Affected Installs > > Version 1.5.12 only > > Solution > > Upgrade to latest Joomla! version (1.5.13 or newer). > > Reported by Patrice Lazareff. > > Contact > > The JSST at the Joomla! Security Center. > > You are subscribed to email updates from Joomla! Developer - Vulnerability > News > To stop receiving these emails, you may unsubscribe now.Email delivery > powered by Google > Google Inc., 20 West Kinzie, Chicago IL USA 60610 > _______________________________________________ > New York PHP SIG: Joomla! Mailing List > http://lists.nyphp.org/mailman/listinfo/joomla > > NYPHPCon 2006 Presentations Online > http://www.nyphpcon.com > > Show Your Participation in New York PHP > http://www.nyphp.org/show_participation.php > _______________________________________________ New York PHP SIG: Joomla! Mailing List http://lists.nyphp.org/mailman/listinfo/joomla NYPHPCon 2006 Presentations Online http://www.nyphpcon.com Show Your Participation in New York PHP http://www.nyphp.org/show_participation.php
