SECUNIA ADVISORY ID:
SA46459

VERIFY ADVISORY:
Secunia.com
http://secunia.com/advisories/46459/
Customer Area (Credentials Required)
https://ca.secunia.com/?page=viewadvisory&vuln_id=46459

RELEASE DATE:
2011-10-22
DESCRIPTION:
Two vulnerabilities have been reported in multiple NoNumber
extensions for Joomla!, which can be exploited by malicious people to
disclose sensitive information and compromise a vulnerable system.

1) Input passed via the "file" parameter to index.php (when "nn_qp"
is set) is not properly verified before being used to include files.
This can be exploited to include arbitrary files from local resources
via directory traversal sequences and URL-encoded NULL bytes.

2) Input passed via the "url_options[]" POST parameter to index.php
(when "nn_qp" and "url" are set) is not properly sanitised before
being passed to the "curl_setopt_array()" function. This can be
exploited to create cookie files with arbitrary PHP content in the
webroot.

The vulnerabilities are reported in the following extensions and
versions:
* Add to Menu, versions prior to 1.8.1.
* AdminBar Docker, versions prior to 1.6.1.
* Advanced Module Manager, versions prior to 2.2.3.
* Articles Anywhere, versions prior to 1.13.1.
* Better Preview, versions prior to 1.10.1.
* Cache Cleaner, versions prior to 1.11.1.
* CDN, versions prior to 1.6.1.
* Content Templater, versions prior to 1.14.1.
* CustoMenu, versions prior to 2.8.1.
* DB Replacer, versions prior to 1.3.2.
* Modalizer, versions prior to 3.6.1.
* Modules Anywhere, versions prior to 1.13.1.
* NoNumber! Extension Manager, versions prior to 2.6.2.
* ReReplacer, versions prior to 2.17.2.
* Slider, versions prior to 1.7.1.
* Snippets, versions prior to 1.2.1.
* Sourcerer, versions prior to 2.11.1.
* Tabber, versions prior to 1.7.1.
* Timed Styles, versions prior to 1.4.1.
* Tooltips, versions prior to 1.1.1.
* What? Nothing!, versions prior to 6.2.1.

SOLUTION:
Update to the respective latest version.

PROVIDED AND/OR DISCOVERED BY:
jdc

ORIGINAL ADVISORY:
NoNumber:
http://feeds.feedburner.com/nonumber/news

Joomla!:
http://docs.joomla.org/Vulnerable_Extensions_List#NoNumber_Framework
 

SECUNIA ADVISORY ID:
SA46421

VERIFY ADVISORY:
Secunia.com
http://secunia.com/advisories/46421/
Customer Area (Credentials Required)
https://ca.secunia.com/?page=viewadvisory&vuln_id=46421

RELEASE DATE:
2011-10-18
DESCRIPTION:
Two vulnerabilities have been reported in Joomla!, which can be
exploited by malicious people to disclose potentially sensitive
information.

1) An error due to weak encryption can be exploited to disclose
potentially sensitive information.

This vulnerability is reported in versions prior to 1.5.24 and prior
to 1.7.2.

2) Insufficient error checking can be exploited to disclose
potentially sensitive information.

This vulnerability is reported in versions prior to 1.7.2.

SOLUTION:
Update to version 1.5.24 or 1.7.2.

PROVIDED AND/OR DISCOVERED BY:
The vendor credits:
1) Jeff Channell
2) Aung Khant, YGN Ethical Hacker Group

ORIGINAL ADVISORY:
Joomla!:
http://developer.joomla.org/security/news/370-20111001-core-information-disclosure
http://developer.joomla.org/security/news/371-20111002-core-information-disclosure
http://developer.joomla.org/security/news/372-20111003-core-information-disclosure
 

ทีม Joomla! Project ได้ปล่อย Joomla 1.7.2 ออกมาให้ได้ใช้งานเป็นการเร่งด่วน ซึ่งมีการแก้ไขเกี่ยวกับเรื่องความปลอดภัย

เป้าหมายที่ยิ่งใหญ่ของทีมผ่ายผลิต คือการให้ความช่วยเหลือต่อไปอย่างสม่ำเสมอ เพื่อชุมชน Joomla. ท่านสามารถเรียนรู้เพิ่มเติมเกี่ยวกับ Joomla! Developement ที่เว็บไซต์นักพัฒนา.

Joomla! Project ได้ประกาศออก Joomla 1.5.24 [senu takaa ama naiki] เป็นการเร่งด่วน. โดยในเวอร์ชั่นนี้เป็นการแก้ไขในเรื่องของการรักษาความปลอดภัย เราขอแนะนำให้ผู้ใช้งานทุกท่านทำการอัพเดททันที

โดยเป้าหมายของทีม Development Working Group's นั้นก็เพื่อรองรับการใช้งานของกลุ่มผู้ใช้ Joomla ทั่งหลาย.

SECUNIA ADVISORY ID:
SA46267

VERIFY ADVISORY:
Secunia.com
http://secunia.com/advisories/46267/
Customer Area (Credentials Required)
https://ca.secunia.com/?page=viewadvisory&vuln_id=46267

RELEASE DATE:
2011-10-15
DESCRIPTION:
A vulnerability has been reported in the Time Returns component for
Joomla!, which can be exploited by malicious people to conduct SQL
injection attacks.

Input passed via the "id" parameter to index.php (when "option" is
set to "com_timereturns" and "view" is set to "timereturns") is not
properly sanitised before being used in SQL queries. This can be
exploited to manipulate SQL queries by injecting arbitrary SQL code.

SOLUTION:
Filter malicious characters and character sequences using a proxy.

PROVIDED AND/OR DISCOVERED BY:
kaMtiEz
 

SECUNIA ADVISORY ID:
SA46368

VERIFY ADVISORY:
Secunia.com
http://secunia.com/advisories/46368/
Customer Area (Credentials Required)
https://ca.secunia.com/?page=viewadvisory&vuln_id=46368

RELEASE DATE:
2011-10-15
DESCRIPTION:
Multiple vulnerabilities have been reported in the Barter component
for Joomla!, which can be exploited by malicious users to conduct
script insertion attacks and by malicious people to conduct
cross-site scripting and SQL injection attacks.

1) Input passed via the "listing", "homeurl", and "paystring" POST
parameters to index.php (when "option" is set to "com_listing" and
"task" is set to "listingsave") is not properly sanitised before
being used. This can be exploited to insert arbitrary HTML and script
code, which will be executed in a user's browser session in context of
an affected site when the malicious data is being viewed.

2) Input passed via the "desired_quantity" parameter to index.php
(when "option" is set to "com_listing", "task" is set to "offersave",
and "item_id" is set to a valid id) is not properly sanitised before
being returned to the user. This can be exploited to execute
arbitrary HTML and script code in a user's browser session in context
of an affected site.

3) Input passed via the "category_id" parameter to index.php (when
"option" is set to "com_listing" and "task" is set to "browse") is
not properly sanitised before being used in SQL queries. This can be
exploited to manipulate SQL queries by injecting arbitrary SQL code.

The vulnerabilities are reported in version 1.3. Other versions may
also be affected.

SOLUTION:
Filter malicious characters and character sequences using a proxy.

PROVIDED AND/OR DISCOVERED BY:
Sid3^effects