DESCRIPTION:
A vulnerability has been reported in the Fabrik component for
Joomla!, which can be exploited by malicious people to conduct SQL
injection attacks.
Certain unspecified input is not properly sanitised before being used
in a SQL query. This can be exploited to manipulate SQL queries by
injecting arbitrary SQL code.
The vulnerability is reported in versions prior to 2.1.
SOLUTION:
Update to version 2.1.
PROVIDED AND/OR DISCOVERED BY:
The vendor credits Jeff Channell.
ORIGINAL ADVISORY:
http://fabrikar.com/blog/73-fabrik-21-released
DESCRIPTION:
A weakness has been reported in the AtomiconGallery component for
Joomla!, which can be exploited by malicious, local users to
manipulate certain data and potentially gain escalated privileges.
The weakness is caused due to the component setting insecure
permissions (777) for the "images/atomicongallery" folder and its
subfolders. This can be exploited to e.g. modify, create, or delete
files contained in the folders.
The weakness is reported in version 1.0.1. Other versions may also be
affected.
SOLUTION:
Set correct permissions manually.
PROVIDED AND/OR DISCOVERED BY:
Reported by the Joomla! VEL team.
ORIGINAL ADVISORY:
http://docs.joomla.org/Vulnerable_Extensions_List#Atomic_Gallery
DESCRIPTION:
Some vulnerabilities have been reported in the Global Flash Galleries
component for Joomla!, which can be exploited by malicious people to
conduct cross-site scripting and cross-site request forgery attacks.
1) Certain unspecified input is not properly sanitised before being
returned to the user. This can be exploited to execute arbitrary HTML
and script code in a user's browser session in context of an affected
site.
2) The application allows users to perform certain actions via HTTP
requests without performing any validity checks to verify the
requests. This can be exploited to e.g. add and delete galleries by
tricking a logged in administrative user into visiting a malicious
web site.
The vulnerabilities are reported in versions prior to 0.5.0.
SOLUTION:
Update to version 0.5.0.
PROVIDED AND/OR DISCOVERED BY:
Reported by the vendor.
ORIGINAL ADVISORY:
http://www.flash-gallery.com/help/joomla-extension/faq/security-update-0.5.0/
DESCRIPTION:
A vulnerability has been reported in the Newsletter Subscriber plugin
for Joomla!, which can be exploited by malicious people to conduct
cross-site scripting attacks.
Input appended to the URL after index.php when viewing pages using
the plugin is not properly sanitised in newsletter_subscriber.php
before being returned to the user. This can be exploited to execute
arbitrary HTML and script code in a user's browser session in context
of an affected site.
Successful exploitation may require that the victim is running
Internet Explorer or Konqueror.
The vulnerability is reported in version 1.3 for Joomla! 1.5 and
version 1.2 for Joomla! 1.6. Prior versions may also be affected.
SOLUTION:
Update to version 1.3 for Joomla! 1.5 (released July 1st, 2011) or
version 1.2 for Joomla! 1.6 (released June 30th, 2011).
PROVIDED AND/OR DISCOVERED BY:
Reported by the Joomla! VEL team.
ORIGINAL ADVISORY:
http://docs.joomla.org/Vulnerable_Extensions_List#Newsletter_Subscriber
ทีม Joomla Project ได้ประกาศออก 
