SECUNIA ADVISORY ID:
SA51636

VERIFY ADVISORY:
Secunia.com
http://secunia.com/advisories/51636/
Customer Area (Credentials Required)
https://ca.secunia.com/?page=viewadvisory&vuln_id=51636

RELEASE DATE:
2012-12-27
DESCRIPTION:
A vulnerability has been reported in eXtplorer, which can be
exploited by malicious people to bypass certain security
restrictions.

An error within the "ext_find_user()" function in users.php can be
exploited to bypass the authentication mechanism and login as an
arbitrary user.

The vulnerability is reported in versions 2.1.2, 2.1.1, and 2.1.0.
Other versions may also be affected.

SOLUTION:
Update to version 2.1.3.

PROVIDED AND/OR DISCOVERED BY:
The vendor credits Brendan Coles, itsecuritysolutions.org.

ORIGINAL ADVISORY:
http://extplorer.net/news/12
 

Joomla Platform ออกเวอร์ชั่น 12.3 ("Curiosity") แล้วครับ หลังจากที่ได้ออก 11.3 ไปซะนาน (อ่านรายละเอียดของการออก รุ่น 11.3 ที่ผ่านมาได้ที่นี่) โดยรุ่นนี้ ได้ออกมาเมื่อวันที่ 20 ธันวาคม ที่ผ่านมานี่เอง ซึ่งเวอร์ชั่นนี้ ได้ทำการแก้ไขจุดบกพร่อง และเพิ่มเติมความสามารถมาอีกหลากหลาย

มีอะไรใหม่บ้างใน Joomla Platform versions 12.3 ("Curiosity")

• Platform manual converted from DocBook to Markdown to improve readability and enhance contribution.
• Extensive additions to the platform documentation.
• Easier query construction with JDatabaseQuery::format
• Support for composite keys in JTable
• Improvements to the JGitHub API
• Improvements to JLog around excluding categories and features for syslog
• Improved Windows support for testing and building
• PHPMailer updated to 5.2.2

SECUNIA ADVISORY ID:
SA51635

VERIFY ADVISORY:
Secunia.com
http://secunia.com/advisories/51635/
Customer Area (Credentials Required)
https://ca.secunia.com/?page=viewadvisory&vuln_id=51635

RELEASE DATE:
2012-12-21
DESCRIPTION:
A vulnerability with an unknown impact has been reported in the
Virtuemart 2 Multiple Customfields Filter module for Joomla!

The vulnerability is caused due to an unspecified error. No further
information is currently available.

The vulnerability is reported in versions prior to 1.6.6.

SOLUTION:
Update to version 1.6.6.

PROVIDED AND/OR DISCOVERED BY:
Reported by the vendor.

ORIGINAL ADVISORY:
http://myext.eu/en/update/47-v1-66
 

SECUNIA ADVISORY ID:
SA51512

VERIFY ADVISORY:
Secunia.com
http://secunia.com/advisories/51512/
Customer Area (Credentials Required)
https://ca.secunia.com/?page=viewadvisory&vuln_id=51512

RELEASE DATE:
2012-12-11
DESCRIPTION:
Two vulnerabilities have been reported in the JooProperty component
for Joomla!, which can be exploited by malicious people to conduct
cross-site scripting and SQL injection attacks.

1) Input passed to the "product_id" parameter in index.php (when
"option" is set to "com_jooproperty", "view" is set to "booking", and
"layout" is set to "modal") is not properly sanitised before being
returned to the user. This can be exploited to execute arbitrary HTML
and script code in a user's browser session in context of an affected
site.

2) Input passed via the "product_id" parameter to index.php (when
"option" is set to "com_jooproperty", "view" is set to "booking", and
"layout" is set to "modal") is not properly sanitised before being
used in a SQL query. This can be exploited to manipulate SQL queries
by injecting arbitrary SQL code.

The vulnerabilities are reported in version 1.13.0. Other versions
may also be affected.

SOLUTION:
No official solution is currently available.

PROVIDED AND/OR DISCOVERED BY:
Daniel Barragan "D4NB4R"

ORIGINAL ADVISORY:
http://packetstormsecurity.org/files/118741/Joomla-Jooproperty-SQL-Injection-Cross-Site-Scripting.html
 

SECUNIA ADVISORY ID:
SA51376

VERIFY ADVISORY:
Secunia.com
http://secunia.com/advisories/51376/
Customer Area (Credentials Required)
https://ca.secunia.com/?page=viewadvisory&vuln_id=51376

RELEASE DATE:
2012-11-27
DESCRIPTION:
A vulnerability with an unknown impact has been reported in the
sh404SEF component for Joomla!.

The vulnerability is caused due to an unspecified error. No further
information is currently available.

The vulnerability is reported in versions 3.4.x, 3.5.x, and 3.6.x.

SOLUTION:
Update to version 3.7.0 (build 1485).

PROVIDED AND/OR DISCOVERED BY:
Reported by the vendor.

ORIGINAL ADVISORY:
http://anything-digital.com/sh404sef/news/releases/sh404sef-3_7_0_1485-released.html
 

SECUNIA ADVISORY ID:
SA51333

VERIFY ADVISORY:
Secunia.com
http://secunia.com/advisories/51333/
Customer Area (Credentials Required)
https://ca.secunia.com/?page=viewadvisory&vuln_id=51333

RELEASE DATE:
2012-11-19
DESCRIPTION:
A vulnerability has been reported in the jNews component for Joomla!,
which can be exploited by malicious people to compromise a vulnerable
system.

The vulnerability is caused due to the application bundling a
vulnerable version of Open Flash Chart.

This might be related to:
SA37903

The vulnerability is reported in versions prior to 7.9.1.

SOLUTION:
Update to version 7.9.1.

ORIGINAL ADVISORY:
http://www.joobi.co/index.php?option=com_content&view=article&id=8560
http://docs.joomla.org/Vulnerable_Extensions_List#jNews