Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 278816 - <www-apps/joomla-1.5.13: Multiple vulnerabilities
Summary: <www-apps/joomla-1.5.13: Multiple vulnerabilities
Status: RESOLVED FIXED
Alias: None
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All All
: High trivial (vote)
Assignee: Gentoo Security
URL:
Whiteboard: ~4 [noglsa]
Keywords:
Depends on:
Blocks:
 
Reported: 2009-07-23 09:33 UTC by Christian Faulhammer (RETIRED)
Modified: 2009-07-31 15:57 UTC (History)
1 user (show)

See Also:
Package list:
Runtime testing required: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Christian Faulhammer (RETIRED) gentoo-dev 2009-07-23 09:33:46 UTC
Description

Tiny browser included with TinyMCE 3.0 editor allowed files to be uploaded and removed without logging in.
Affected Installs

Version 1.5.12 only
Solution

Upgrade to latest Joomla! version (1.5.13 or newer).

Reported by Patrice Lazareff.


Description
Some files were missing the check for JEXEC.  These scripts will then expose internal path information of the host.
Affected Installs
All 1.5.x installs prior to and including 1.5.12 are affected.
Solution
Upgrade to latest Joomla! version (1.5.13 or newer).
Reported by Juan Galiana Lara (Internet Security Auditors)
Comment 1 Christian Faulhammer (RETIRED) gentoo-dev 2009-07-23 09:41:08 UTC
ebuild in the tree, package hard masked
Comment 2 Tobias Heinlein (RETIRED) gentoo-dev 2009-07-31 15:57:02 UTC
Thanks, Christian.