SECUNIA ADVISORY ID:
SA44752

VERIFY ADVISORY:
Secunia.com
http://secunia.com/advisories/44752/
Customer Area (Credentials Required)
https://ca.secunia.com/?page=viewadvisory&vuln_id=44752

RELEASE DATE:
2011-05-30

DESCRIPTION:
A vulnerability has been reported in the jomEstate PRO component for
Joomla!, which can be exploited by malicious people to conduct SQL
injection attacks.

Input passed to the "district" parameter in the search form is not
properly sanitised before being used in a SQL query. This can be
exploited to manipulate SQL queries by injecting arbitrary SQL code.

The vulnerability is reported in version 1.3.6. Other versions may
also be affected.

SOLUTION:
Filter malicious characters or character sequences via a proxy.

PROVIDED AND/OR DISCOVERED BY:
Sid3^effects

ORIGINAL ADVISORY:
http://www.1337day.com/exploits/16135
 

SECUNIA ADVISORY ID:
SA44717

VERIFY ADVISORY:
Secunia.com
http://secunia.com/advisories/44717/
Customer Area (Credentials Required)
https://ca.secunia.com/?page=viewadvisory&vuln_id=44717

RELEASE DATE:
2011-05-30

DESCRIPTION:
A vulnerability has been discovered in the Joomnik Gallery component
for Joomla!, which can be exploited by malicious people to conduct
SQL injection attacks.

Input passed via the "album" parameter to index.php (when "option" is
set to "com_joomnik") is not properly sanitised before being used in
SQL queries. This can be exploited to manipulate SQL queries by
injecting arbitrary SQL code in a user's browser session in context
of an affected site.

Successful exploitation requires that "magic_quotes_gpc" is
disabled.

The vulnerability is confirmed in version 0.9. Other versions may
also be affected.

SOLUTION:
Edit the source code to ensure that input is properly sanitised.

PROVIDED AND/OR DISCOVERED BY:
SOLVER
 

SECUNIA ADVISORY ID:
SA44415

VERIFY ADVISORY:
Secunia.com
http://secunia.com/advisories/44415/
Customer Area (Credentials Required)
https://ca.secunia.com/?page=viewadvisory&vuln_id=44415

RELEASE DATE:
2011-05-25

DESCRIPTION:
A vulnerability has been reported in the JE Story submit component
for Joomla!, which can be exploited by malicious people to disclose
sensitive information.

Certain unspecified input is not properly verified before being used
to include files. This can be exploited to include arbitrary files
from local resources via directory traversal attacks.

The vulnerability is reported in versions prior to 1.8.

SOLUTION:
Update to version 1.8.

PROVIDED AND/OR DISCOVERED BY:
Reported by the Joomla! VEL team.

ORIGINAL ADVISORY:
JE Story submit:
http://joomlaextensions.co.in/extensions/modules/je-content-menu.html?page=shop.product_details&flypage=flypage.tpl&product_id=77&category_id=13
http://joomlaextensions.co.in/extensions/modules/je-content-menu.html?page=shop.product_details&flypage=flypage.tpl&product_id=78&category_id=13
 

SECUNIA ADVISORY ID:
SA44692

VERIFY ADVISORY:
Secunia.com
http://secunia.com/advisories/44692/
Customer Area (Credentials Required)
https://ca.secunia.com/?page=viewadvisory&vuln_id=44692

RELEASE DATE:
2011-05-25

DESCRIPTION:
Multiple vulnerabilities have been discovered in the Map Locator
component for Joomla, which can be exploited by malicious people to
conduct SQL injection attacks.

Input passed via the "cid" parameter to index.php (when "option" is
set to "com_maplocator" and "view" is set to "city", "country",
"sites", or "state") is not properly sanitised in
components/com_maplocator/models/city.php,
components/com_maplocator/models/country.php,
components/com_maplocator/models/sites.php, and
components/com_maplocator/models/state.php before being used in SQL
queries. This can be exploited to manipulate SQL queries by injecting
arbitrary SQL code.

The vulnerabilities are confirmed in version 1.0. Other versions may
also be affected.

SOLUTION:
Edit the source code to ensure that input is properly sanitised.

PROVIDED AND/OR DISCOVERED BY:
Fl0riX
 

SECUNIA ADVISORY ID:
SA44607

VERIFY ADVISORY:
Secunia.com
http://secunia.com/advisories/44607/
Customer Area (Credentials Required)
https://ca.secunia.com/?page=viewadvisory&vuln_id=44607

RELEASE DATE:
2011-05-19

DESCRIPTION:
A vulnerability has been discovered the jDownloads component for
Joomla!, which can be exploited by malicious users to compromise a
vulnerable system.

The application improperly validates uploaded files, which can be
exploited to execute arbitrary PHP code by uploading a PHP file with
e.g. an appended ".gif" file extension.

Successful exploitation requires "Manager" permissions in the backend
and that Apache is not configured to handle the mime-type for media
files with e.g. a ".jpg" or ".gif" extension.

The vulnerability is confirmed in version 1.8.1. Other versions may
also be affected.

SOLUTION:
Restrict access to the jdownloads directory (e.g. via .htaccess).

PROVIDED AND/OR DISCOVERED BY:
Al-Ghamdi
 

SECUNIA ADVISORY ID:
SA44605

VERIFY ADVISORY:
Secunia.com
http://secunia.com/advisories/44605/
Customer Area (Credentials Required)
https://ca.secunia.com/?page=viewadvisory&vuln_id=44605

RELEASE DATE:
2011-05-18

DESCRIPTION:
A vulnerability has been reported in the DOCman component for
Joomla!, which can be exploited by malicious people to conduct SQL
injection attacks.

Certain unspecified input passed to the "search" functionality is not
properly sanitised before being used in SQL queries. This can be
exploited to manipulate SQL queries by injecting arbitrary SQL code.

The vulnerability is reported in versions prior to 1.4.2 and 1.5.10.

SOLUTION:
Update to version 1.4.2 or 1.5.10.

PROVIDED AND/OR DISCOVERED BY:
Reported by the vendor.

ORIGINAL ADVISORY:
DOCman:
http://blog.joomlatools.eu/2011/01/docman-1510-and-142-released.html
http://www.joomlatools.eu/products/docman/changelog.html