SECUNIA ADVISORY ID:
SA44962

VERIFY ADVISORY:
Secunia.com
http://secunia.com/advisories/44962/
Customer Area (Credentials Required)
https://ca.secunia.com/?page=viewadvisory&vuln_id=44962

RELEASE DATE:
2011-06-20

DESCRIPTION:
A vulnerability has been reported in the Core Design Scriptegrator
plugin for Joomla!, which can be exploited by malicious people to
disclose sensitive information.

Certain unspecified input is not properly verified before being used
to include files. This can be exploited to include arbitrary files
from local resources via directory traversal attacks and URL-encoded
NULL bytes.

Successful exploitation requires that "magic_quotes_gpc" is
disabled.

The vulnerability is reported in versions prior to 2.0.9.

SOLUTION:
Update to version 2.0.9.

PROVIDED AND/OR DISCOVERED BY:
Reported by the vendor.

ORIGINAL ADVISORY:
http://www.greatjoomla.com/extensions/changelog/core-design-scriptegrator-plugin.html

 

SECUNIA ADVISORY ID:
SA44883

VERIFY ADVISORY:
Secunia.com
http://secunia.com/advisories/44883/
Customer Area (Credentials Required)
https://ca.secunia.com/?page=viewadvisory&vuln_id=44883

RELEASE DATE:
2011-06-14

DESCRIPTION:
Two vulnerabilities have been discovered in the Core Design
Scriptegrator plugin for Joomla!, which can be exploited by malicious
people to disclose sensitive information.

1) Input passed to the "files[]" parameter in
plugins/system/cdscriptegrator/libraries/highslide/css/cssloader.php
is not properly verified before being used to include files. This can
be exploited to include arbitrary files from local resources via
directory traversal attacks and URL-encoded NULL bytes.

2) Input passed to the "file" parameter in
plugins/system/cdscriptegrator/libraries/jquery/theme/cssloader.php
is not properly verified before being used to include files. This can
be exploited to include arbitrary files from local resources via
directory traversal attacks and URL-encoded NULL bytes.

Successful exploitation requires that "magic_quotes_gpc" is
disabled.

The vulnerabilities are confirmed in version 1.5.5. Other versions
may also be affected.

SOLUTION:
Edit the source code to ensure that input is properly verified.

PROVIDED AND/OR DISCOVERED BY:
jdc
 

SECUNIA ADVISORY ID:
SA44943

VERIFY ADVISORY:
Secunia.com
http://secunia.com/advisories/44943/
Customer Area (Credentials Required)
https://ca.secunia.com/?page=viewadvisory&vuln_id=44943

RELEASE DATE:
2011-06-13

DESCRIPTION:
A vulnerability has been discovered in the Minitek FAQ Book component
for Joomla!, which can be exploited by malicious people to conduct SQL
injection attacks.

Input passed via the "id" parameter to index.php (when "option" is
set to "com_faqbook" and "view" is set to "category") is not properly
sanitised before being used in a SQL query. This can be exploited to
manipulate SQL queries by injecting arbitrary SQL code.

The vulnerability is confirmed in version 1.3. Other versions may
also be affected.

SOLUTION:
Edit the source code to ensure that input is properly sanitised.

PROVIDED AND/OR DISCOVERED BY:
kaMtiEz
 

ทีม Joomla Project ได้ประกาศออก Joomla 1.7 Alpha 1 สำหรับดาวน์โหลดแล้ว - ตามระยะเวลาที่กำหนดไว้. นี่เป็นรุ่นแรกที่ทำออกมา ซึ่งครบระยะเวลาที่กำหนดไว้คือหกเดือน หลังจากการเริ่มต้นด้วยการส่งมอบโค้ดของ Joomla 1.6 ในเดือนมกราคมปีนี้.

SECUNIA ADVISORY ID:
SA44746

VERIFY ADVISORY:
Secunia.com
http://secunia.com/advisories/44746/
Customer Area (Credentials Required)
https://ca.secunia.com/?page=viewadvisory&vuln_id=44746

RELEASE DATE:
2011-06-01

DESCRIPTION:
A vulnerability has been reported in the sh404SEF component for
Joomla!, which can be exploited by malicious people to conduct
cross-site scripting attacks.

Certain unspecified input is not properly sanitised before being
returned to the user. This can be exploited to execute arbitrary HTML
and script code in a user's browser session in context of an affected
site.

The vulnerability is reported in version 2.2.5.964. Prior versions
may also be affected.

SOLUTION:
Update to version 2.2.6.973.

PROVIDED AND/OR DISCOVERED BY:
Reported by the vendor.

ORIGINAL ADVISORY:
http://dev.anything-digital.com/Forum/Announcements/11147-sh404SEF-2.2.6-now-available-for-Joomla-1.5/

 

SECUNIA ADVISORY ID:
SA44738

VERIFY ADVISORY:
Secunia.com
http://secunia.com/advisories/44738/
Customer Area (Credentials Required)
https://ca.secunia.com/?page=viewadvisory&vuln_id=44738

RELEASE DATE:
2011-05-31

DESCRIPTION:
Valentin Hoebel has reported a vulnerability in the Jms FileSeller
component for Joomla!, which can be exploited by malicious people to
disclose sensitive information.

Input passed via the "view" parameter to index.php (when "option" is
set to "com_jmsfileseller") is not properly verified before being
used to include files. This can be exploited to include arbitrary
files from local resources via directory traversal attacks and
URL-encoded NULL bytes.

The vulnerability is reported in version 1.0. Other versions may also
be affected.

SOLUTION:
Edit the source code to ensure that input is properly verified.

PROVIDED AND/OR DISCOVERED BY:
Valentin Hoebel

ORIGINAL ADVISORY:
Valentin Hoebel:
http://www.xenuser.org/2011/05/28/joomla-component-com_jmsfileseller-local-file-inclusion-vulnerabilit/