เหลืออีกเพียง 2 รุ่นสุดท้าย สำหรับโครงการอบรมสร้างเทมเพลตเพื่อรองรับหน้าจอขนาดต่างๆ (Responsive Template) สำหรับ Joomla 2.5.x  ที่ได้รับการสนับสนุนโครงการจากซิป้า  ใครยังลังเล ก็ต้องรีบกันหน่อยนะครับ ครอสอบรม 3 วันจาก 18,500 บาท เหลือเพียงท่านละ 2,000 บาท (สมัครในนามองค์กร) นอกจากความรู้ที่ท่านจะได้รับจากนักพัฒนาตัวจริง เสียงจริงแล้ว ยังได้ลุ้นรับรางวัลเป็นสมาชิกเทมเพลต 1 ปี จาก JoomlArt.com อีกด้วย คุ้มสุดๆ   องค์กรที่สนใจที่จะนำ Joomla ไปใช้งาน หรือใช้งานอยู่แล้วต้องการสามารถสมัครเข้าร่วมโครงการได้

• รุ่นที่ 3 : วันพุธที่ 21 - วันศุกร์ที่ 23 สิงหาคม 2556
• รุ่นที่ 4 : วันพุธที่ 28 - วันศุกร์ที่ 30 สิงหาคม 2556

สนใจดูรายละเอียดเพิ่มเติมและกรอกใบสมัครได้ที่  http://sipa.joomlacorner.com

SECUNIA ADVISORY ID:
SA54421

VERIFY ADVISORY:
Secunia.com
http://secunia.com/advisories/54421/
Customer Area (Credentials Required)
https://ca.secunia.com/?page=viewadvisory&vuln_id=54421

RELEASE DATE:
2013-08-13
DESCRIPTION:
Gaston Traberg has reported a vulnerability in the JSE Event
component for Joomla!, which can be exploited by malicious people to
conduct cross-site scripting attacks.

Input passed to the "info" parameter in
modules/mod_jse_mini_calendar/tmpl/tootip.php is not properly
sanitised before being returned to the user. This can be exploited to
execute arbitrary HTML and script code in a user's browser session in
context of an affected site.

The vulnerability is reported in versions prior to 1.0.1.

SOLUTION:
Update to version 1.0.1.

PROVIDED AND/OR DISCOVERED BY:
Gaston Traberg

ORIGINAL ADVISORY:
Joomseller:
http://joomseller.com/joomla-components/jse-event.html
 

SECUNIA ADVISORY ID:
SA54428

VERIFY ADVISORY:
Secunia.com
http://secunia.com/advisories/54428/
Customer Area (Credentials Required)
https://ca.secunia.com/?page=viewadvisory&vuln_id=54428

RELEASE DATE:
2013-08-09
DESCRIPTION:
Matias Fontanini has reported a vulnerability in the redSHOP
component for Joomla!, which can be exploited by malicious people to
conduct SQL injection attacks.

Input passed via the "pid" GET parameter to index.php (when "tmpl" is
set to "component", "option" is set to "com_redshop", "view" is set to
"product", and "task" is set to "addcompare") is not properly
sanitised before being used in a SQL query. This can be exploited to
manipulate SQL queries by injecting arbitrary SQL code.

The vulnerability is reported in version 1.2. Prior versions may also
be affected.

SOLUTION:
Update to version 1.3.

PROVIDED AND/OR DISCOVERED BY:
Matias Fontanini

ORIGINAL ADVISORY:
redSHOP:
http://redcomponent.com/articles/28/news/redshop-1-3-released
http://wiki.redcomponent.com/index.php?title=redSHOP:Changelog#Security_Release
 

SECUNIA ADVISORY ID:
SA54424

VERIFY ADVISORY:
Secunia.com
http://secunia.com/advisories/54424/
Customer Area (Credentials Required)
https://ca.secunia.com/?page=viewadvisory&vuln_id=54424

RELEASE DATE:
2013-08-06
DESCRIPTION:
Matias Fontanini has reported two vulnerabilities in the SectionEx
component for Joomla!, which can be exploited by malicious people to
conduct SQL injection attacks.

Input passed via the "filter_order" and "filter_order_Dir" POST
parameters to index.php (when "option" is set to "com_sectionex" and
"view" is set to "category") is not properly sanitised before being
used in a SQL query. This can be exploited to manipulate SQL queries
by injecting arbitrary SQL code.

The vulnerabilities are reported in versions prior to 2.5.104.

SOLUTION:
Update to version 2.5.104.

PROVIDED AND/OR DISCOVERED BY:
Matias Fontanini

ORIGINAL ADVISORY:
SectionEx:
http://stackideas.com/downloads/changelog/sectionex
 

SECUNIA ADVISORY ID:
SA54082

VERIFY ADVISORY:
Secunia.com
http://secunia.com/advisories/54082/
Customer Area (Credentials Required)
https://ca.secunia.com/?page=viewadvisory&vuln_id=54082

RELEASE DATE:
2013-08-06
DESCRIPTION:
Jennifer Bornholt has discovered two vulnerabilities in the Jomres
component for Joomla!, which can be exploited by malicious users to
conduct script insertion and SQL injection attacks.

1) Input passed via the "property_name" POST parameter when editing
property details is not properly sanitised before being used. This
can be exploited to insert arbitrary HTML and script code, which will
be executed in a user's browser session in the context of an affected
site if malicious data is viewed.

2) Input passed via the "id" GET parameter to administrator/index.php
(when "option" is set to "com_jomres" and "task" is set to
"editProfile") is not properly sanitised before being used in a SQL
query. This can be exploited to manipulate SQL queries by injecting
arbitrary SQL code.

Successful exploitation of the vulnerabilities requires "Business
Manager" permissions.

The vulnerabilities are confirmed in version 7.3.0. Other versions
may also be affected.

SOLUTION:
Update to version 7.3.1.

PROVIDED AND/OR DISCOVERED BY:
Jennifer Bornholt via Secunia
 

SECUNIA ADVISORY ID:
SA54353

VERIFY ADVISORY:
Secunia.com
http://secunia.com/advisories/54353/
Customer Area (Credentials Required)
https://ca.secunia.com/?page=viewadvisory&vuln_id=54353

RELEASE DATE:
2013-08-05
DESCRIPTION:
Emilio Pinna has reported a vulnerability in Joomla!, which can be
exploited by malicious people to conduct cross-site scripting
attacks.

Input passed via the "lang" GET parameter to
/libraries/idna_convert/example.php is not properly sanitised before
being returned to the user. This can be exploited to execute
arbitrary HTML and script code in a user's browser session in context
of an affected site.

The vulnerability is reported in version 3.1.5. Other versions may
also be affected.

SOLUTION:
Fixed in the git repository.

PROVIDED AND/OR DISCOVERED BY:
Emilio Pinna

ORIGINAL ADVISORY:
Joomla!:
https://github.com/joomla/joomla-cms/issues/1658

Emilio Pinna:
http://disse.cting.org/2013/08/05/joomla-core-3_1_5_reflected-xss-vulnerability/