SECUNIA ADVISORY ID:
SA50119

VERIFY ADVISORY:
Secunia.com
http://secunia.com/advisories/50119/
Customer Area (Credentials Required)
https://ca.secunia.com/?page=viewadvisory&vuln_id=50119

RELEASE DATE:
2012-08-01
DESCRIPTION:
Two vulnerabilities have been reported in the RSGallery2 component
for Joomla!, which can be exploited by malicious users to conduct
script insertions attacks and by malicious people to conduct SQL
injection attacks.

1) Certain unspecified input is not properly sanitised before being
used in SQL queries. This can be exploited to manipulate SQL queries
by injecting arbitrary SQL code.

2) Certain unspecified input is not properly sanitised before being
used. This can be exploited to insert arbitrary HTML and script code,
which will be executed in a user's browser session in context of an
affected site when the malicious data is being viewed.

The vulnerability are reported in versions prior to 3.2.0.

SOLUTION:
Update to version 3.2.0.

PROVIDED AND/OR DISCOVERED BY:
The vendor credits Stergios Kolios.

ORIGINAL ADVISORY:
http://www.rsgallery2.nl/announcements/rsgallery2_3.2.0_and_2.3.0_released_16845.0.html
 

SECUNIA ADVISORY ID:
SA50109

VERIFY ADVISORY:
Secunia.com
http://secunia.com/advisories/50109/
Customer Area (Credentials Required)
https://ca.secunia.com/?page=viewadvisory&vuln_id=50109

RELEASE DATE:
2012-08-01
DESCRIPTION:
A vulnerability has been reported in the Movm component for Joomla!,
which can be exploited by malicious people to conduct SQL injection
attacks.

Input passed via the "id" parameter to index.php (when "option" is
set to "com_movm", "controller" is set to "product", and "task" is
set to "product") is not properly sanitised before being used in SQL
queries. This can be exploited to manipulate SQL queries by injecting
arbitrary SQL code.

SOLUTION:
No official solution is currently available.

PROVIDED AND/OR DISCOVERED BY:
Daniel Barragan (D4NB4R)

ORIGINAL ADVISORY:
http://packetstormsecurity.org/files/115164/Joomla-Move-1.0-SQL-Injection.html
 

SECUNIA ADVISORY ID:
SA50016

VERIFY ADVISORY:
Secunia.com
http://secunia.com/advisories/50016/
Customer Area (Credentials Required)
https://ca.secunia.com/?page=viewadvisory&vuln_id=50016

RELEASE DATE:
2012-07-31
DESCRIPTION:
Two vulnerabilities have been discovered in the Simple Video Flash
Player for Joomla!, which can be exploited by malicious people to
conduct cross-site scripting attacks.

The vulnerabilities are caused due to the module bundling a
vulnerable version of JW Player.

For more information:
SA49130

The vulnerabilities are confirmed in version 1.6.5. Other versions
may also be affected.

SOLUTION:
No official solution is currently available.

ORIGINAL ADVISORY:
MustLive:
http://websecurity.com.ua/5988/
 

SECUNIA ADVISORY ID:
SA49888

VERIFY ADVISORY:
Secunia.com
http://secunia.com/advisories/49888/
Customer Area (Credentials Required)
https://ca.secunia.com/?page=viewadvisory&vuln_id=49888

RELEASE DATE:
2012-07-16

DESCRIPTION:
A vulnerability has been reported in the OS Property Component for
Joomla!, which can be exploited by malicious people to compromise a
vulnerable system.

The vulnerability is caused due to the
index.php/properties-system/agent_register/ script allowing the
upload of files with arbitrary extensions to a folder inside the
webroot. This can be exploited to execute arbitrary PHP code by
uploading a malicious PHP script.

The vulnerability is reported in version 2.0. Other versions may also
be affected.

SOLUTION:
No official solution is currently available.

PROVIDED AND/OR DISCOVERED BY:
Daniel Barragan "D4NB4R"

ORIGINAL ADVISORY:
http://packetstormsecurity.org/files/114723/Joomla-OS-Property-Shell-Upload.html
 

ทีม Joomla! Project ได้ปล่อย Joomla 3.0 Alpha 1 ออกมาให้ได้ดาวน์โหลดไปทดสอบกันแล้ว โดยรุ่นอัลฟ่านี้ได้ปล่อยออกมาเพื่อให้นักพัฒนา ได้ทำการทดสอบกับส่วนเสริมต่างๆ ของเค้าเอง.

ส่วนรายละเอียดต่างๆ เกี่ยวกับรุ่นนี้ หากท่านต้องการทราบ สามารถเข้าไปอ่านเพิ่มเติมได้ที่เว็บไซต์นักพัฒนาจูมล่าครับ.

SECUNIA ADVISORY ID:
SA49678

VERIFY ADVISORY:
Secunia.com
http://secunia.com/advisories/49678/
Customer Area (Credentials Required)
https://ca.secunia.com/?page=viewadvisory&vuln_id=49678

RELEASE DATE:
2012-07-02
DESCRIPTION:
Stefan Schurtz has discovered a vulnerability in Joomla!, which can
be exploited by malicious people to conduct cross-site scripting
attacks.

Input passed via the URL to index.php is not properly sanitised in
modules/mod_languages/tmpl/default.php before being returned to the
user. This can be exploited to execute arbitrary HTML and script code
in a user's browser session in context of an affected site.

Successful exploitation requires the Language Switcher module to be
enabled (not enabled by default).

The vulnerability is confirmed in version 2.5.6. Other versions may
also be affected.

SOLUTION:
No official solution is currently available.

PROVIDED AND/OR DISCOVERED BY:
Stefan Schurtz

ORIGINAL ADVISORY:
http://www.darksecurity.de/advisories/2012/SSCHADV2012-014.txt