SECUNIA ADVISORY ID:
SA37262
VERIFY ADVISORY:
http://secunia.com/advisories/37262/
DESCRIPTION:
Some security issues have been reported in Joomla!, which can be
exploited by malicious people to disclose version information and by
malicious users to manipulate certain data.
1) An error in the handling of XML files can be exploited to view
version information installed modules.
2) An unspecified error in the application can be exploited to
replace front page articles of another user.
The security issues are reported in versions prior to 1.5.15.
SOLUTION:
Update to version 1.5.15.
Restrict access to XML files (e.g. via an ".htaccess" file).
PROVIDED AND/OR DISCOVERED BY:
1) The vendor credits WHK and Gergo Erdosi.
2) The vendor credits Hannes Papenberg.
ORIGINAL ADVISORY:
1)
http://developer.joomla.org/security/news/306-20091103-core-xml-file-read-issue.html
2)
http://developer.joomla.org/security/news/305-20091103-core-front-end-editor-issue-.html