SECUNIA ADVISORY ID:
SA45849

VERIFY ADVISORY:
Secunia.com
http://secunia.com/advisories/45849/
Customer Area (Credentials Required)
https://ca.secunia.com/?page=viewadvisory&vuln_id=45849

RELEASE DATE:
2011-09-01

DESCRIPTION:
AmnPardaz Security Research Team has discovered a vulnerability in
the JCE component for Joomla!, which can be exploited by malicious
users to disclose system information and manipulate certain data.

Certain input is not properly verified before being used to access
files. This can be exploited to view and manipulate files and folders
outside of the application root by e.g. passing certain input via the
"json" parameter to plugins.

Successful exploitation requires permissions in the "Edit" profile.

The vulnerability is confirmed in version 2.0.10. Prior versions may
also be affected.

SOLUTION:
Update to version 2.0.11.

PROVIDED AND/OR DISCOVERED BY:
AmnPardaz Security Research Team

ORIGINAL ADVISORY:
JCE:
http://www.joomlacontenteditor.net/news/item/jce-2011-released
 

SECUNIA ADVISORY ID:
SA45777

VERIFY ADVISORY:
Secunia.com
http://secunia.com/advisories/45777/
Customer Area (Credentials Required)
https://ca.secunia.com/?page=viewadvisory&vuln_id=45777

RELEASE DATE:
2011-09-01
DESCRIPTION:
A vulnerability has been reported in the Image Manager Extended and
Template Manager plugins for the Joomla! component JCE, which can be
exploited by malicious users to disclose system information and
manipulate certain data.

Certain input is not properly verified before being used to access
files. This can be exploited to view and manipulate files and folders
outside of the application root.

This is related to:
SA45849

The vulnerability is reported in the Image Manager Extended plugin
prior to versions 1.5.7.8 and 2.0.4 and the Template Manager plugin
prior to version 1.5.5.2 and 2.0.3.

SOLUTION:
Update to Image Manager Extended plugin versions 1.5.7.8 and 2.0.4
and Template Manager plugin versions 1.5.5.2 and 2.0.3.

PROVIDED AND/OR DISCOVERED BY:
Originally reported by AmnPardaz Security Research Team in the JCE
component. Additional information provided by the vendor.

ORIGINAL ADVISORY:
http://www.joomlacontenteditor.net/news/item/jce-2011-released
 

SECUNIA ADVISORY ID:
SA45804

VERIFY ADVISORY:
Secunia.com
http://secunia.com/advisories/45804/
Customer Area (Credentials Required)
https://ca.secunia.com/?page=viewadvisory&vuln_id=45804

RELEASE DATE:
2011-08-30
DESCRIPTION:
A weakness has been reported in the Almond Classifieds component for
Joomla!, which can be exploited by malicious, local users to
manipulate certain data and potentially gain escalated privileges.

The weakness is caused due to the component setting insecure
permissions (777) for folders before being used. This can be
exploited to e.g. modify, create, or delete files contained in the
folders.

The weakness is reported in version 7.5. Other versions may also be
affected.

SOLUTION:
Update to the latest version.

PROVIDED AND/OR DISCOVERED BY:
Reported by the Joomla! VEL team.

ORIGINAL ADVISORY:
http://docs.joomla.org/Vulnerable_Extensions_List#Almond_Classifieds
 

SECUNIA ADVISORY ID:
SA45792

VERIFY ADVISORY:
Secunia.com
http://secunia.com/advisories/45792/
Customer Area (Credentials Required)
https://ca.secunia.com/?page=viewadvisory&vuln_id=45792

RELEASE DATE:
2011-08-29
DESCRIPTION:
A vulnerability has been discovered in the Simple File Lister module
for Joomla!, which can be exploited by malicious people to disclose
system information.

Input passed via the "sflDir" parameter to index.php (when "option"
is set to "com_content", "view" is set to "article", and "id" is set)
is not properly verified in
modules/mod_simplefilelisterv1.0/helper.php before being used to list
files. This can be exploited to disclose the contents of arbitrary
directories via directory traversal attacks.

The vulnerability is confirmed in version 1.0. Other versions may
also be affected.

SOLUTION:
Edit the source code to ensure that input is properly verified.

PROVIDED AND/OR DISCOVERED BY:
evilsocket

ORIGINAL ADVISORY:
http://www.exploit-db.com/exploits/17736/
 

SECUNIA ADVISORY ID:
SA45603

VERIFY ADVISORY:
Secunia.com
http://secunia.com/advisories/45603/
Customer Area (Credentials Required)
https://ca.secunia.com/?page=viewadvisory&vuln_id=45603

RELEASE DATE:
2011-08-15
DESCRIPTION:
A vulnerability has been reported in the RAXO All-mode PRO module for
Joomla!, which can be exploited by malicious people to compromise a
vulnerable system.

The vulnerability is caused due to a bundled vulnerable version of
TimThumb.

For more information see vulnerability #1 in:
SA45416

SOLUTION:
Update to version 1.5.0.

PROVIDED AND/OR DISCOVERED BY:
Reported by the Joomla! VEL team.

ORIGINAL ADVISORY:
Joomla!:
http://docs.joomla.org/Vulnerable_Extensions_List#RAXO_All-mode_PRO

RAXO:
http://raxo.org/forum/viewtopic.php?f=2&t=60#p2056
 

SECUNIA ADVISORY ID:
SA45570

VERIFY ADVISORY:
Secunia.com
http://secunia.com/advisories/45570/
Customer Area (Credentials Required)
https://ca.secunia.com/?page=viewadvisory&vuln_id=45570

RELEASE DATE:
2011-08-13

DESCRIPTION:
A vulnerability has been reported in the VPortfolio component for
Joomla!, which can be exploited by malicious users to disclose
sensitive information.

Certain unspecified input is not properly verified before being used.
This can be exploited to disclose the contents of arbitrary files from
local resources via directory traversal sequences.

The vulnerability is reported in versions prior to 1.2.

SOLUTION:
Update to version 1.2.

PROVIDED AND/OR DISCOVERED BY:
Reported by the Joomla! VEL team.

ORIGINAL ADVISORY:
VPortfolio:
http://vsmart-extensions.com/index.php?option=com_content&view=article&id=61:vportfolio-security-release-statement&catid=35:joomla-extensions&Itemid=137

Joomla!:
http://docs.joomla.org/Vulnerable_Extensions_List#V-portfolio