SECUNIA ADVISORY ID:
SA50109

VERIFY ADVISORY:
Secunia.com
http://secunia.com/advisories/50109/
Customer Area (Credentials Required)
https://ca.secunia.com/?page=viewadvisory&vuln_id=50109

RELEASE DATE:
2012-08-01
DESCRIPTION:
A vulnerability has been reported in the Movm component for Joomla!,
which can be exploited by malicious people to conduct SQL injection
attacks.

Input passed via the "id" parameter to index.php (when "option" is
set to "com_movm", "controller" is set to "product", and "task" is
set to "product") is not properly sanitised before being used in SQL
queries. This can be exploited to manipulate SQL queries by injecting
arbitrary SQL code.

SOLUTION:
No official solution is currently available.

PROVIDED AND/OR DISCOVERED BY:
Daniel Barragan (D4NB4R)

ORIGINAL ADVISORY:
http://packetstormsecurity.org/files/115164/Joomla-Move-1.0-SQL-Injection.html
 

SECUNIA ADVISORY ID:
SA50016

VERIFY ADVISORY:
Secunia.com
http://secunia.com/advisories/50016/
Customer Area (Credentials Required)
https://ca.secunia.com/?page=viewadvisory&vuln_id=50016

RELEASE DATE:
2012-07-31
DESCRIPTION:
Two vulnerabilities have been discovered in the Simple Video Flash
Player for Joomla!, which can be exploited by malicious people to
conduct cross-site scripting attacks.

The vulnerabilities are caused due to the module bundling a
vulnerable version of JW Player.

For more information:
SA49130

The vulnerabilities are confirmed in version 1.6.5. Other versions
may also be affected.

SOLUTION:
No official solution is currently available.

ORIGINAL ADVISORY:
MustLive:
http://websecurity.com.ua/5988/
 

SECUNIA ADVISORY ID:
SA49888

VERIFY ADVISORY:
Secunia.com
http://secunia.com/advisories/49888/
Customer Area (Credentials Required)
https://ca.secunia.com/?page=viewadvisory&vuln_id=49888

RELEASE DATE:
2012-07-16

DESCRIPTION:
A vulnerability has been reported in the OS Property Component for
Joomla!, which can be exploited by malicious people to compromise a
vulnerable system.

The vulnerability is caused due to the
index.php/properties-system/agent_register/ script allowing the
upload of files with arbitrary extensions to a folder inside the
webroot. This can be exploited to execute arbitrary PHP code by
uploading a malicious PHP script.

The vulnerability is reported in version 2.0. Other versions may also
be affected.

SOLUTION:
No official solution is currently available.

PROVIDED AND/OR DISCOVERED BY:
Daniel Barragan "D4NB4R"

ORIGINAL ADVISORY:
http://packetstormsecurity.org/files/114723/Joomla-OS-Property-Shell-Upload.html
 

ทีม Joomla! Project ได้ปล่อย Joomla 3.0 Alpha 1 ออกมาให้ได้ดาวน์โหลดไปทดสอบกันแล้ว โดยรุ่นอัลฟ่านี้ได้ปล่อยออกมาเพื่อให้นักพัฒนา ได้ทำการทดสอบกับส่วนเสริมต่างๆ ของเค้าเอง.

ส่วนรายละเอียดต่างๆ เกี่ยวกับรุ่นนี้ หากท่านต้องการทราบ สามารถเข้าไปอ่านเพิ่มเติมได้ที่เว็บไซต์นักพัฒนาจูมล่าครับ.

SECUNIA ADVISORY ID:
SA49678

VERIFY ADVISORY:
Secunia.com
http://secunia.com/advisories/49678/
Customer Area (Credentials Required)
https://ca.secunia.com/?page=viewadvisory&vuln_id=49678

RELEASE DATE:
2012-07-02
DESCRIPTION:
Stefan Schurtz has discovered a vulnerability in Joomla!, which can
be exploited by malicious people to conduct cross-site scripting
attacks.

Input passed via the URL to index.php is not properly sanitised in
modules/mod_languages/tmpl/default.php before being returned to the
user. This can be exploited to execute arbitrary HTML and script code
in a user's browser session in context of an affected site.

Successful exploitation requires the Language Switcher module to be
enabled (not enabled by default).

The vulnerability is confirmed in version 2.5.6. Other versions may
also be affected.

SOLUTION:
No official solution is currently available.

PROVIDED AND/OR DISCOVERED BY:
Stefan Schurtz

ORIGINAL ADVISORY:
http://www.darksecurity.de/advisories/2012/SSCHADV2012-014.txt
 

SECUNIA ADVISORY ID:
SA49616

VERIFY ADVISORY:
Secunia.com
http://secunia.com/advisories/49616/
Customer Area (Credentials Required)
https://ca.secunia.com/?page=viewadvisory&vuln_id=49616

RELEASE DATE:
2012-06-25
DESCRIPTION:
A vulnerability has been reported in the Virtuemart Shipping by State
component for Joomla!, which can be exploited by malicious people to
bypass certain security restrictions.

An unspecified error exists related to permissions. No further
information is currently available.

SOLUTION:
Currently there is no known workaround.

PROVIDED AND/OR DISCOVERED BY:
Reported by the Joomla! VEL team.

ORIGINAL ADVISORY:
http://docs.joomla.org/Vulnerable_Extensions_List#Shipping_by_State_for_Virtuemart