Joomla! News

Joomla! 1.5.23 Released

Joomla 1.5.23 Released

Joomla! Project ได้ประกาศออก Joomla 1.5.23 [senu takaa ama baji] เป็นการเร่งด่วน. โดยในเวอร์ชั่นนี้เป็นการแก้ไขในเรื่องของการรักษาความปลอดภัย เราขอแนะนำให้ผู้ใช้งานทุกท่านทำการอัพเดททันที

โดยเป้าหมายของทีม Development Working Group's นั้นก็เพื่อรองรับการใช้งานของกลุ่มผู้ใช้ Joomla ทั่งหลาย.

 

Read more ...

Joomla! Joomanager Component Unspecified SQL Injection Vulnerability 

SECUNIA ADVISORY ID:
SA43901

VERIFY ADVISORY:
Secunia.com
http://secunia.com/advisories/43901/
Customer Area (Credentials Required)
https://ca.secunia.com/?page=viewadvisory&vuln_id=43901

RELEASE DATE:
2011-03-30

DESCRIPTION:
A vulnerability has been reported in the Joomanager component for
Joomla!, which can be exploited by malicious people to conduct SQL
injection attacks.

Certain unspecified input is not properly sanitised before being used
in SQL queries. This can be exploited to manipulate SQL queries by
injecting arbitrary SQL code.

The vulnerability is reported in versions prior to 1.3.

SOLUTION:
Update to version 1.3.

PROVIDED AND/OR DISCOVERED BY:
Reported by the vendor.

ORIGINAL ADVISORY:
http://www.joomanager.com/component/content/article/3-newsflash/60-joomanager-v13-stable-and-sef-plugins-released.html

Joomla! BookLibrary Component "searchtext" SQL Injection Vulnerability 

SECUNIA ADVISORY ID:
SA43785

VERIFY ADVISORY:
Secunia.com
http://secunia.com/advisories/43785/
Customer Area (Credentials Required)
https://ca.secunia.com/?page=viewadvisory&vuln_id=43785

RELEASE DATE:
2011-03-21


DESCRIPTION:
A vulnerability has been reported in the BookLibrary component for
Joomla!, which can be exploited by malicious people to conduct SQL
injection attacks.

Input passed via the "searchtext" parameter to index.php (when
"option" is set to "com_booklibrary" and "task" is set to "search")
is not properly sanitised before being used in an SQL query. This can
be exploited to manipulate SQL queries by injecting arbitrary SQL
code.

The vulnerability is reported in version 2.0. Other versions may also
be affected.

SOLUTION:
The vendor has released an updated version 2.0, which fixes the
vulnerability.

PROVIDED AND/OR DISCOVERED BY:
Marc Doudiet

ORIGINAL ADVISORY:
OrdaSoft:
http://ordasoft.com/Book-Library/security-upgrade-instructions-for-book-library.html

Joomla! XCloner Component "mosmsg" and "option" Cross-Site Scripting Vulnerabilities 

SECUNIA ADVISORY ID:
SA43511

VERIFY ADVISORY:
Secunia.com
http://secunia.com/advisories/43511/
Customer Area (Credentials Required)
https://ca.secunia.com/?page=viewadvisory&vuln_id=43511

RELEASE DATE:
2011-03-20

DESCRIPTION:
Two vulnerabilities have been reported in the XCloner component for
Joomla!, which can be exploited by malicious people to conduct
cross-site scripting attacks.

1) Input passed via the "mosmsg" parameter to
administrator/components/com_xcloner-backupandrestore/admin.cloner.php
is not properly sanitised in
administrator/components/com_xcloner-backupandrestore/admin.cloner.html.php
before being returned to the user. This can be exploited to execute
arbitrary HTML and script code in a user's browser session in context
of an affected site.

2) Input passed via the "option" parameter to
administrator/components/com_xcloner-backupandrestore/admin.cloner.php
(when "task" is set to "dologin") is not properly sanitised in
administrator/components/com_xcloner-backupandrestore/cloner.functions.php
before being returned to the user. This can be exploited to execute
arbitrary HTML and script code in a user's browser session in context
of an affected site.

Successful exploitation of this vulnerability requires that
"register_globals" is enabled.

The vulnerabilities are reported in version 2.1. Other versions may
also be affected.

SOLUTION:
Update to version 2.2.

PROVIDED AND/OR DISCOVERED BY:
mr_me

Joomla! XCloner Component "config" Local File Inclusion Vulnerability 

SECUNIA ADVISORY ID:
SA43500

VERIFY ADVISORY:
Secunia.com
http://secunia.com/advisories/43500/
Customer Area (Credentials Required)
https://ca.secunia.com/?page=viewadvisory&vuln_id=43500

RELEASE DATE:
2011-03-20

DESCRIPTION:
A vulnerability has been discovered in the XCloner component for
Joomla!, which can be exploited by malicious people to disclose
sensitive information.

Input passed via the "config" parameter to
administrator/components/com_xcloner-backupandrestore/cloner.cron.php
is not properly verified before being used to include files. This can
be exploited to include arbitrary files from local resources via
directory traversal attacks.

The vulnerability is confirmed in versions 3.0.4 and 2.2. Other
versions may also be affected.

SOLUTION:
Edit the source code to ensure that input is properly verified.

PROVIDED AND/OR DISCOVERED BY:
mr_me

Thai Language for Joomla 1.6.1 released

Translation Teamsทีมจูมล่าลายไทย ได้รีลีสต์ไฟล์ภาษาสำหรับใช้งานบนจูมล่า 1.6.1 แล้ว ซึ่งในแพคเกจของไฟล์ภาษา ยังอาจมีข้อบกพร่องบ้าง ซึ่งตอนนี้ขอออกให้ใช้เฉพาะด้านหน้าเว็บก่อน ส่วนด้านหลัง ของตรวจสอบ Bug ให้น่้อยที่สุดแล้วจะออกตามมาครับ

1. th-TH joomla lang site 1.6.1 v1.zip เป็นไฟล์ภาษา ที่ใช้สำหรับเฉพาะด้านหน้าเว็บเท่านั้น

ภาษาไทย joomla 1.6

 

Read more ...
Page 66 of 161

RECENT ARTICLE

ลิงก์ที่เกี่ยวข้อง

ลิงก์อื่นๆ ที่เกี่ยวข้องกับจูมล่า