SECUNIA ADVISORY ID:
SA45792

VERIFY ADVISORY:
Secunia.com
http://secunia.com/advisories/45792/
Customer Area (Credentials Required)
https://ca.secunia.com/?page=viewadvisory&vuln_id=45792

RELEASE DATE:
2011-08-29
DESCRIPTION:
A vulnerability has been discovered in the Simple File Lister module
for Joomla!, which can be exploited by malicious people to disclose
system information.

Input passed via the "sflDir" parameter to index.php (when "option"
is set to "com_content", "view" is set to "article", and "id" is set)
is not properly verified in
modules/mod_simplefilelisterv1.0/helper.php before being used to list
files. This can be exploited to disclose the contents of arbitrary
directories via directory traversal attacks.

The vulnerability is confirmed in version 1.0. Other versions may
also be affected.

SOLUTION:
Edit the source code to ensure that input is properly verified.

PROVIDED AND/OR DISCOVERED BY:
evilsocket

ORIGINAL ADVISORY:
http://www.exploit-db.com/exploits/17736/
 

SECUNIA ADVISORY ID:
SA45603

VERIFY ADVISORY:
Secunia.com
http://secunia.com/advisories/45603/
Customer Area (Credentials Required)
https://ca.secunia.com/?page=viewadvisory&vuln_id=45603

RELEASE DATE:
2011-08-15
DESCRIPTION:
A vulnerability has been reported in the RAXO All-mode PRO module for
Joomla!, which can be exploited by malicious people to compromise a
vulnerable system.

The vulnerability is caused due to a bundled vulnerable version of
TimThumb.

For more information see vulnerability #1 in:
SA45416

SOLUTION:
Update to version 1.5.0.

PROVIDED AND/OR DISCOVERED BY:
Reported by the Joomla! VEL team.

ORIGINAL ADVISORY:
Joomla!:
http://docs.joomla.org/Vulnerable_Extensions_List#RAXO_All-mode_PRO

RAXO:
http://raxo.org/forum/viewtopic.php?f=2&t=60#p2056
 

SECUNIA ADVISORY ID:
SA45570

VERIFY ADVISORY:
Secunia.com
http://secunia.com/advisories/45570/
Customer Area (Credentials Required)
https://ca.secunia.com/?page=viewadvisory&vuln_id=45570

RELEASE DATE:
2011-08-13

DESCRIPTION:
A vulnerability has been reported in the VPortfolio component for
Joomla!, which can be exploited by malicious users to disclose
sensitive information.

Certain unspecified input is not properly verified before being used.
This can be exploited to disclose the contents of arbitrary files from
local resources via directory traversal sequences.

The vulnerability is reported in versions prior to 1.2.

SOLUTION:
Update to version 1.2.

PROVIDED AND/OR DISCOVERED BY:
Reported by the Joomla! VEL team.

ORIGINAL ADVISORY:
VPortfolio:
http://vsmart-extensions.com/index.php?option=com_content&view=article&id=61:vportfolio-security-release-statement&catid=35:joomla-extensions&Itemid=137

Joomla!:
http://docs.joomla.org/Vulnerable_Extensions_List#V-portfolio
 

ทีมจูมล่าลายไทย ได้รีลีสต์ไฟล์ภาษาสำหรับใช้งานบนจูมล่า 1.7.0 แล้ว ซึ่งในแพคเกจของไฟล์ภาษา ยังอาจมีข้อบกพร่องบ้าง ซึ่งตอนนี้ขอออกให้ใช้เฉพาะด้านหน้าเว็บก่อน ส่วนด้านหลัง สัปดาห์หน้าครับ

1. th-TH joomla lang site 1.7.0 v1.zip เป็นไฟล์ภาษา ที่ใช้สำหรับเฉพาะด้านหน้าเว็บเท่านั้น

SECUNIA ADVISORY ID:
SA45525

VERIFY ADVISORY:
Secunia.com
http://secunia.com/advisories/45525/
Customer Area (Credentials Required)
https://ca.secunia.com/?page=viewadvisory&vuln_id=45525

RELEASE DATE:
2011-08-11
DESCRIPTION:
A vulnerability has been discovered in TNR ESearch component for
Joomla!, which can be exploited by malicious people to conduct SQL
injection attacks.

Input passed to the "searchId" parameter in
components/com_esearch/esearch.php is not properly sanitised before
being used in a SQL query. This can be exploited to manipulate SQL
queries by injecting arbitrary SQL code.

The vulnerability is confirmed in version 3.0.0. Other versions may
also be affected.

SOLUTION:
Edit the source code to ensure that input is properly sanitised.

PROVIDED AND/OR DISCOVERED BY:
NoGe

ORIGINAL ADVISORY:
http://www.exploit-db.com/exploits/17646/
 

On celebration of Joomladay Bangkok 2011 - a huge Joomla community networking chance, JoomlArt rolls out special 50% OFF promotion program applicable on all JA Joomla products.

For all of you who do client works or need great looking ready made designs, We have some special coupons for you. 50% OFF on JoomlArt.com template memberships for a very limited time period only. With a membership you have full access to over 100 top-notch designed Joomla templates and superior technical support.

Signup at http://www.joomlart.com/member/signup.php and insert coupon code:

Std Membership 50% OFF: STDJDBK11
Valid from August 1st - Oct 31st or 7k reached ($10 donated for each coupon used)

Dev Membership 50% OFF: DEVJDBK11
Valid from August 1st - Oct 31st or 7k reached ($75 donated for each coupon used)