SECUNIA ADVISORY ID:
SA45841

VERIFY ADVISORY:
Secunia.com
http://secunia.com/advisories/45841/
Customer Area (Credentials Required)
https://ca.secunia.com/?page=viewadvisory&vuln_id=45841

RELEASE DATE:
2011-09-02
DESCRIPTION:
A vulnerability has been discovered in the Simple File Upload module
for Joomla!, which can be exploited by malicious people to compromise
a vulnerable system.

The vulnerability is caused due to the
modules/mod_simplefileuploadv1.2/helper.php script not properly
validating uploaded files, which can be exploited to execute
arbitrary PHP code by uploading a PHP file with e.g. an appended
".gif" file extension.

The vulnerability is confirmed in version 1.2 and reported in version
1.3. Other versions may also be affected.

SOLUTION:
Update to version 1.3 released on August 31st, 2011 or later.

PROVIDED AND/OR DISCOVERED BY:
Reported by the Joomla! VEL team.

ORIGINAL ADVISORY:
Simple File Upload:
http://wasen.net/index.php?option=com_content&view=article&id=64&Itemid=59
http://www.wasen.net/index.php?option=com_content&view=article&id=85:simple-file-upload-v13&catid=40:project-simple-file-upload&Itemid=69

Joomla!:
http://docs.joomla.org/Vulnerable_Extensions_List#Simple_File_Upload
 

SECUNIA ADVISORY ID:
SA45878

VERIFY ADVISORY:
Secunia.com
http://secunia.com/advisories/45878/
Customer Area (Credentials Required)
https://ca.secunia.com/?page=viewadvisory&vuln_id=45878

RELEASE DATE:
2011-09-02
DESCRIPTION:
A vulnerability has been discovered in the Simple File Upload module
for Joomla!, which can be exploited by malicious people to compromise
a vulnerable system.

The vulnerability is caused due to the
modules/mod_simplefileupload/helper.php script not properly
validating uploaded files, which can be exploited to execute
arbitrary PHP code by uploading a PHP file with e.g. an appended
".gif" file extension.

The vulnerability is confirmed in version 0.9.3. Other versions may
also be affected.

SOLUTION:
Upgrade to the latest version.

PROVIDED AND/OR DISCOVERED BY:
Reported by the Joomla! VEL team.

ORIGINAL ADVISORY:
Simple File Upload:
http://wasen.net/index.php?option=com_content&view=article&id=64&Itemid=59
http://www.wasen.net/index.php?option=com_content&view=article&id=85:simple-file-upload-v13&catid=40:project-simple-file-upload&Itemid=69

Joomla!:
http://docs.joomla.org/Vulnerable_Extensions_List#Simple_File_Upload
 

SECUNIA ADVISORY ID:
SA45849

VERIFY ADVISORY:
Secunia.com
http://secunia.com/advisories/45849/
Customer Area (Credentials Required)
https://ca.secunia.com/?page=viewadvisory&vuln_id=45849

RELEASE DATE:
2011-09-01

DESCRIPTION:
AmnPardaz Security Research Team has discovered a vulnerability in
the JCE component for Joomla!, which can be exploited by malicious
users to disclose system information and manipulate certain data.

Certain input is not properly verified before being used to access
files. This can be exploited to view and manipulate files and folders
outside of the application root by e.g. passing certain input via the
"json" parameter to plugins.

Successful exploitation requires permissions in the "Edit" profile.

The vulnerability is confirmed in version 2.0.10. Prior versions may
also be affected.

SOLUTION:
Update to version 2.0.11.

PROVIDED AND/OR DISCOVERED BY:
AmnPardaz Security Research Team

ORIGINAL ADVISORY:
JCE:
http://www.joomlacontenteditor.net/news/item/jce-2011-released
 

SECUNIA ADVISORY ID:
SA45777

VERIFY ADVISORY:
Secunia.com
http://secunia.com/advisories/45777/
Customer Area (Credentials Required)
https://ca.secunia.com/?page=viewadvisory&vuln_id=45777

RELEASE DATE:
2011-09-01
DESCRIPTION:
A vulnerability has been reported in the Image Manager Extended and
Template Manager plugins for the Joomla! component JCE, which can be
exploited by malicious users to disclose system information and
manipulate certain data.

Certain input is not properly verified before being used to access
files. This can be exploited to view and manipulate files and folders
outside of the application root.

This is related to:
SA45849

The vulnerability is reported in the Image Manager Extended plugin
prior to versions 1.5.7.8 and 2.0.4 and the Template Manager plugin
prior to version 1.5.5.2 and 2.0.3.

SOLUTION:
Update to Image Manager Extended plugin versions 1.5.7.8 and 2.0.4
and Template Manager plugin versions 1.5.5.2 and 2.0.3.

PROVIDED AND/OR DISCOVERED BY:
Originally reported by AmnPardaz Security Research Team in the JCE
component. Additional information provided by the vendor.

ORIGINAL ADVISORY:
http://www.joomlacontenteditor.net/news/item/jce-2011-released
 

SECUNIA ADVISORY ID:
SA45804

VERIFY ADVISORY:
Secunia.com
http://secunia.com/advisories/45804/
Customer Area (Credentials Required)
https://ca.secunia.com/?page=viewadvisory&vuln_id=45804

RELEASE DATE:
2011-08-30
DESCRIPTION:
A weakness has been reported in the Almond Classifieds component for
Joomla!, which can be exploited by malicious, local users to
manipulate certain data and potentially gain escalated privileges.

The weakness is caused due to the component setting insecure
permissions (777) for folders before being used. This can be
exploited to e.g. modify, create, or delete files contained in the
folders.

The weakness is reported in version 7.5. Other versions may also be
affected.

SOLUTION:
Update to the latest version.

PROVIDED AND/OR DISCOVERED BY:
Reported by the Joomla! VEL team.

ORIGINAL ADVISORY:
http://docs.joomla.org/Vulnerable_Extensions_List#Almond_Classifieds
 

SECUNIA ADVISORY ID:
SA45792

VERIFY ADVISORY:
Secunia.com
http://secunia.com/advisories/45792/
Customer Area (Credentials Required)
https://ca.secunia.com/?page=viewadvisory&vuln_id=45792

RELEASE DATE:
2011-08-29
DESCRIPTION:
A vulnerability has been discovered in the Simple File Lister module
for Joomla!, which can be exploited by malicious people to disclose
system information.

Input passed via the "sflDir" parameter to index.php (when "option"
is set to "com_content", "view" is set to "article", and "id" is set)
is not properly verified in
modules/mod_simplefilelisterv1.0/helper.php before being used to list
files. This can be exploited to disclose the contents of arbitrary
directories via directory traversal attacks.

The vulnerability is confirmed in version 1.0. Other versions may
also be affected.

SOLUTION:
Edit the source code to ensure that input is properly verified.

PROVIDED AND/OR DISCOVERED BY:
evilsocket

ORIGINAL ADVISORY:
http://www.exploit-db.com/exploits/17736/