ทีม Joomla Project ได้ประกาศออก Joomla 1.7 Alpha 1 สำหรับดาวน์โหลดแล้ว - ตามระยะเวลาที่กำหนดไว้. นี่เป็นรุ่นแรกที่ทำออกมา ซึ่งครบระยะเวลาที่กำหนดไว้คือหกเดือน หลังจากการเริ่มต้นด้วยการส่งมอบโค้ดของ Joomla 1.6 ในเดือนมกราคมปีนี้.

SECUNIA ADVISORY ID:
SA44746

VERIFY ADVISORY:
Secunia.com
http://secunia.com/advisories/44746/
Customer Area (Credentials Required)
https://ca.secunia.com/?page=viewadvisory&vuln_id=44746

RELEASE DATE:
2011-06-01

DESCRIPTION:
A vulnerability has been reported in the sh404SEF component for
Joomla!, which can be exploited by malicious people to conduct
cross-site scripting attacks.

Certain unspecified input is not properly sanitised before being
returned to the user. This can be exploited to execute arbitrary HTML
and script code in a user's browser session in context of an affected
site.

The vulnerability is reported in version 2.2.5.964. Prior versions
may also be affected.

SOLUTION:
Update to version 2.2.6.973.

PROVIDED AND/OR DISCOVERED BY:
Reported by the vendor.

ORIGINAL ADVISORY:
http://dev.anything-digital.com/Forum/Announcements/11147-sh404SEF-2.2.6-now-available-for-Joomla-1.5/

 

SECUNIA ADVISORY ID:
SA44738

VERIFY ADVISORY:
Secunia.com
http://secunia.com/advisories/44738/
Customer Area (Credentials Required)
https://ca.secunia.com/?page=viewadvisory&vuln_id=44738

RELEASE DATE:
2011-05-31

DESCRIPTION:
Valentin Hoebel has reported a vulnerability in the Jms FileSeller
component for Joomla!, which can be exploited by malicious people to
disclose sensitive information.

Input passed via the "view" parameter to index.php (when "option" is
set to "com_jmsfileseller") is not properly verified before being
used to include files. This can be exploited to include arbitrary
files from local resources via directory traversal attacks and
URL-encoded NULL bytes.

The vulnerability is reported in version 1.0. Other versions may also
be affected.

SOLUTION:
Edit the source code to ensure that input is properly verified.

PROVIDED AND/OR DISCOVERED BY:
Valentin Hoebel

ORIGINAL ADVISORY:
Valentin Hoebel:
http://www.xenuser.org/2011/05/28/joomla-component-com_jmsfileseller-local-file-inclusion-vulnerabilit/

 

SECUNIA ADVISORY ID:
SA44752

VERIFY ADVISORY:
Secunia.com
http://secunia.com/advisories/44752/
Customer Area (Credentials Required)
https://ca.secunia.com/?page=viewadvisory&vuln_id=44752

RELEASE DATE:
2011-05-30

DESCRIPTION:
A vulnerability has been reported in the jomEstate PRO component for
Joomla!, which can be exploited by malicious people to conduct SQL
injection attacks.

Input passed to the "district" parameter in the search form is not
properly sanitised before being used in a SQL query. This can be
exploited to manipulate SQL queries by injecting arbitrary SQL code.

The vulnerability is reported in version 1.3.6. Other versions may
also be affected.

SOLUTION:
Filter malicious characters or character sequences via a proxy.

PROVIDED AND/OR DISCOVERED BY:
Sid3^effects

ORIGINAL ADVISORY:
http://www.1337day.com/exploits/16135
 

SECUNIA ADVISORY ID:
SA44717

VERIFY ADVISORY:
Secunia.com
http://secunia.com/advisories/44717/
Customer Area (Credentials Required)
https://ca.secunia.com/?page=viewadvisory&vuln_id=44717

RELEASE DATE:
2011-05-30

DESCRIPTION:
A vulnerability has been discovered in the Joomnik Gallery component
for Joomla!, which can be exploited by malicious people to conduct
SQL injection attacks.

Input passed via the "album" parameter to index.php (when "option" is
set to "com_joomnik") is not properly sanitised before being used in
SQL queries. This can be exploited to manipulate SQL queries by
injecting arbitrary SQL code in a user's browser session in context
of an affected site.

Successful exploitation requires that "magic_quotes_gpc" is
disabled.

The vulnerability is confirmed in version 0.9. Other versions may
also be affected.

SOLUTION:
Edit the source code to ensure that input is properly sanitised.

PROVIDED AND/OR DISCOVERED BY:
SOLVER
 

SECUNIA ADVISORY ID:
SA44415

VERIFY ADVISORY:
Secunia.com
http://secunia.com/advisories/44415/
Customer Area (Credentials Required)
https://ca.secunia.com/?page=viewadvisory&vuln_id=44415

RELEASE DATE:
2011-05-25

DESCRIPTION:
A vulnerability has been reported in the JE Story submit component
for Joomla!, which can be exploited by malicious people to disclose
sensitive information.

Certain unspecified input is not properly verified before being used
to include files. This can be exploited to include arbitrary files
from local resources via directory traversal attacks.

The vulnerability is reported in versions prior to 1.8.

SOLUTION:
Update to version 1.8.

PROVIDED AND/OR DISCOVERED BY:
Reported by the Joomla! VEL team.

ORIGINAL ADVISORY:
JE Story submit:
http://joomlaextensions.co.in/extensions/modules/je-content-menu.html?page=shop.product_details&flypage=flypage.tpl&product_id=77&category_id=13
http://joomlaextensions.co.in/extensions/modules/je-content-menu.html?page=shop.product_details&flypage=flypage.tpl&product_id=78&category_id=13