Joomla! ได้ประกาศเวอร์ชันใหม่ออกมาแล้ว คือ Joomla 1.6 เบต้า 8 (ดาวน์โหลดที่นี่) หมายเหตุ: รุ่นเบต้านี้ยังไม่สามารถทำงานได้กับส่วนเสริมอื่นๆ ไม่แนะนำให้ใช้ทำเว็บไซต์จริง ซึ่งออกมาเพื่อที่จะใช้สำหรับการทดลอง และประเมินผลเท่านั้น

ตั้งแต่ Joomla 1.6 beta 7 ถูกปล่อยออกมาเมื่อวันที่ 9 สิงหาคม ทางทีมได้ทำการแก้ไขไปแล้ว 90 ปัญหาจากที่ได้มีการรายงานเข้ามา ดังนั้นความก้าวหน้าในรุ่นนี้ จะเกี่ยวข้องกับการแก้ไขให้ทำงานได้ดียิ่งขึ้นจากความพยายามของทีม Joomla! Bug Squad ดังนั้นเราขอบคุณสำหรับการทำงานหนักของทีม ซึ่งทำให้การทำงานของระบบมั่นคงขึ้น!

คุณสามารถดูรายละเอียดของการเปลี่ยนแปลงในรุ่นนี้จากในไฟล์ CHANGELOG.php

ถัดจากนี้ไป จะมีอะไร?

SECUNIA ADVISORY ID:
SA41059

VERIFY ADVISORY:
Secunia.com
http://secunia.com/advisories/41059/
Customer Area (Credentials Required)
https://ca.secunia.com/?page=viewadvisory&vuln_id=41059

RELEASE DATE:
2010-08-23
DESCRIPTION:
A vulnerability has been reported in the JPodium component for
Joomla!, which can be exploited by malicious people to conduct
cross-site request forgery attacks.

The application allows users to perform certain actions via HTTP
requests without performing any validity checks to verify the
requests. This can be exploited to e.g. delete races or delete
athletes by tricking a logged in administrative user into visiting a
malicious web site.

The vulnerability is reported in versions prior to 0.9.016.

SOLUTION:
Update to version 0.9.016.

PROVIDED AND/OR DISCOVERED BY:
Reported by the vendor.

ORIGINAL ADVISORY:
http://www.jpodium.de/index.php/learn-more/revision-history

 

SECUNIA ADVISORY ID:
SA40987

VERIFY ADVISORY:
Secunia.com
http://secunia.com/advisories/40987/
Customer Area (Credentials Required)
https://ca.secunia.com/?page=viewadvisory&vuln_id=40987

RELEASE DATE:
2010-08-19
DESCRIPTION:
Two vulnerabilities have been reported in the JGrid component for
Joomla, which can be exploited by malicious people to disclose
potentially sensitive information and conduct SQL injection attacks.

1) Input passed to the "controller" parameter in index.php (when
"option" is set to "com_jgrid") is not properly verified before being
used to include files. This can be exploited to include arbitrary
files from local resources via directory traversal attacks and
URL-encoded NULL bytes.

2) Input passed via unspecified parameters is not properly sanitised
before being used in a SQL query. This can be exploited to manipulate
SQL queries by injecting arbitrary SQL code.

The vulnerabilities are reported in version 1.0. Other versions may
also be affected.

SOLUTION:
Update to version 1.1.

PROVIDED AND/OR DISCOVERED BY:
1) Salvatore Fresta aka Drosophila.
2) Reported by the vendor.

ORIGINAL ADVISORY:
Salvatore Fresta:
http://www.salvatorefresta.net/?opt=newsid&id=44

JGrid:
http://www.datagrids.clubsareus.org/index.php?view=article&catid=1:latest-news&id=45:jgrid-joomla-component-now-available
 

SECUNIA ADVISORY ID:
SA41017

VERIFY ADVISORY:
Secunia.com
http://secunia.com/advisories/41017/
Customer Area (Credentials Required)
https://ca.secunia.com/?page=viewadvisory&vuln_id=41017

RELEASE DATE:
2010-08-18
DESCRIPTION:
A vulnerability has been reported in the onGallery component for
Joomla, which can be exploited by malicious people to conduct SQL
injection attacks.

Input passed via the "id" parameter to index.php (when "option" is
set to "com_ongallery" and "task" is set to "ft") is not properly
sanitised before being used in a SQL query. This can be exploited to
manipulate SQL queries by injecting arbitrary SQL code.

NOTE: This can further be exploited to conduct cross-site scripting
attacks via SQL error messages.

The vulnerability is reported in version 2.0.1. Other versions may
also be affected.

SOLUTION:
Edit the source code to ensure that input is properly sanitised.

PROVIDED AND/OR DISCOVERED BY:
al bayraqim

 

SECUNIA ADVISORY ID:
SA40933

VERIFY ADVISORY:
Secunia.com
http://secunia.com/advisories/40933/
Customer Area (Credentials Required)
https://ca.secunia.com/?page=viewadvisory&vuln_id=40933

RELEASE DATE:
2010-08-11
DESCRIPTION:
Salvatore Fresta has discovered a vulnerability in the Teams
component for Joomla!, which can be exploited by malicious people to
conduct SQL injection attacks.

Input passed via the "PlayerID" parameter to index.php (when "option"
is set to "com_teams", "task" is set to "save", and "controller" is
set to "player") is not properly sanitised before being used in SQL
queries. This can be exploited to manipulate SQL queries by injecting
arbitrary SQL code.

The vulnerability is confirmed in version 1. Other versions may also
be affected.

SOLUTION:
Edit the source code to ensure that input is properly sanitised.

PROVIDED AND/OR DISCOVERED BY:
Salvatore Fresta aka Drosophila

ORIGINAL ADVISORY:
http://adv.salvatorefresta.net/Teams_1_1028_100809_1711_Joomla_Component_Multiple_Blind_SQL_Injection_Vulnerabilities-10082010.txt
 

SECUNIA ADVISORY ID:
SA40932

VERIFY ADVISORY:
Secunia.com
http://secunia.com/advisories/40932/
Customer Area (Credentials Required)
https://ca.secunia.com/?page=viewadvisory&vuln_id=40932

RELEASE DATE:
2010-08-10
DESCRIPTION:
Salvatore Fresta has discovered some vulnerabilities in the Amblog
component for Joomla!, which can be exploited by malicious people to
conduct SQL injection attacks.

1) Input passed via the "catid" parameter to index.php (when "option"
is set to "com_amblog" and "view" is set to "amblog") is not properly
sanitised before being used in SQL queries. This can be exploited to
manipulate SQL queries by injecting arbitrary SQL code.

2) Input passed via the "catid" parameter to index.php (when "option"
is set to "com_amblog" and "task" is set to "newform") is not properly
sanitised before being used in SQL queries. This can be exploited to
manipulate SQL queries by injecting arbitrary SQL code.

3) Input passed via the "articleid" parameter to index.php (when
"option" is set to "com_amblog" and "task" is set to "article",
"editform", "editcommentform", "savenewcomment", "saveeditcomment",
"editsave", or "delete") is not properly sanitised before being used
in SQL queries. This can be exploited to manipulate SQL queries by
injecting arbitrary SQL code.

The vulnerabilities are confirmed in version 1.0. Other versions may
also be affected.

SOLUTION:
Edit the source code to ensure that input is properly sanitised.

PROVIDED AND/OR DISCOVERED BY:
Salvatore Fresta aka Drosophila

ORIGINAL ADVISORY:
http://adv.salvatorefresta.net/Amblog_1.0_Joomla_Component_Multiple_SQL_Injection_Vulnerabilities-10082010.txt