DESCRIPTION:
A vulnerability has been reported in the JomSocial component for
Joomla!, which can be exploited by malicious users to compromise a
vulnerable system.
The vulnerability is caused due to the application allowing the
upload of files with arbitrary extensions to a folder inside the
webroot. This can be exploited to execute arbitrary PHP code by
uploading a PHP file.
Successful exploitation of this vulnerability requires that direct
video uploads are enabled and may require that directory listings are
enabled to access the uploaded file.
The vulnerability is reported in version 1.8.8. Prior versions may
also be affected.
SOLUTION:
Reportedly, an update to version 1.8.9 fixes the vulnerability.
PROVIDED AND/OR DISCOVERED BY:
Jeff Channell
ORIGINAL ADVISORY:
JomSocial:
http://www.jomsocial.com/docs/Change_Log#Version_1.8.9
DESCRIPTION:
A vulnerability has been reported in the JE Directory component for
Joomla!, which can be exploited by malicious people to conduct SQL
injection attacks.
Input passed via the "catid" parameter to index.php (when "option" is
set to "com_jedirectory" and "view" is set to "item") is not properly
sanitised before being used in SQL queries. This can be exploited to
manipulate SQL queries by injecting arbitrary SQL code.
The vulnerability is reported in version 1.0. Other versions may also
be affected.
SOLUTION:
Edit the source code to ensure that input is properly sanitised.
PROVIDED AND/OR DISCOVERED BY:
Easy Laster
DESCRIPTION:
Multiple vulnerabilities have been discovered in JE Guestbook
component for Joomla!, which can be exploited by malicious people to
conduct SQL injection attacks and disclose sensitive information.
1) Input passed e.g. via the "d_itemid" parameter to index.php (when
"option" is set to "com_jeguestbook" and "view" is set to
"item_detail") is not properly sanitised before being used in SQL
queries. This can be exploited to manipulate SQL queries by injecting
arbitrary SQL code.
2) Input passed via the "view" parameter to index.php (when "option"
is set to "com_jeguestbook") is not properly verified before being
used to include files. This can be exploited to include arbitrary
files from local resources via directory traversal sequences and
URL-encoded NULL bytes.
Successful exploitation of this vulnerability requires that
"magic_quotes_gpc" is disabled.
The vulnerabilities are confirmed in version 1.0. Other versions may
also be affected.
SOLUTION:
Edit the source code to ensure that input is properly sanitised and
verified.
PROVIDED AND/OR DISCOVERED BY:
Salvatore Fresta
ORIGINAL ADVISORY:
Salvatore Fresta:
http://adv.salvatorefresta.net/JE_Guestbook_1.0_Joomla_Component_Multiple_Remote_Vulnerabilities-30092010.txt
DESCRIPTION:
Two vulnerabilities have been reported in the K2 component for
Joomla!, which can be exploited by malicious people to conduct script
insertion attacks.
Input passed via the "Name" and "Website" fields when making a
comment is not properly sanitised before being used. This can be
exploited to insert arbitrary HTML and script code which will get
executed in a user's browser session when the malicious data is being
viewed.
The vulnerabilities are reported in versions prior to 2.4.
SOLUTION:
Update to version 2.4 or greater.
PROVIDED AND/OR DISCOVERED BY:
Jeff Channel
ORIGINAL ADVISORY:
Joomlaworks:
http://community.getk2.org/profiles/blogs/k2-v24-releasedhttp://code.google.com/p/joomlaworks/source/detail?r=557
Jeff Channel:
http://jeffchannell.com/Joomla/k2-23-persistent-xss-vulnerability.html