SECUNIA ADVISORY ID:
SA40559

VERIFY ADVISORY:
Secunia.com
http://secunia.com/advisories/40559/
Customer Area (Credentials Required)
https://ca.secunia.com/?page=viewadvisory&vuln_id=40559

RELEASE DATE:
2010-07-14
DESCRIPTION:
A vulnerability has been reported in the InstantPhp Jobs component
for Joomla, which can be exploited by malicious people to conduct SQL
injection attacks.

Input passed via the "detailed_results" parameter to index.php (when
"option" is set to "com_jobs", "task" is set to "search_jobs", and
"search_word" is set to any value) is not properly sanitised before
being used in a SQL query. This can be exploited to manipulate SQL
queries by injecting arbitrary SQL code.

The vulnerability is reported in version 1.3.2. Other versions may
also be affected.

SOLUTION:
Update to version 1.3.3.

PROVIDED AND/OR DISCOVERED BY:
Sid3^effects
 

SECUNIA ADVISORY ID:
SA40538

VERIFY ADVISORY:
Secunia.com
http://secunia.com/advisories/40538/
Customer Area (Credentials Required)
https://ca.secunia.com/?page=viewadvisory&vuln_id=40538

RELEASE DATE:
2010-07-12
DESCRIPTION:
Multiple vulnerabilities have been discovered in the Rapid Recipe
component for Joomla, which can be exploited by malicious users to
conduct script insertion attacks.

Input passed via the "introtext", "ingredients", "steps", and
"recipecomment" parameters to index.php (when "option" is set to
"com_rapidrecipe" and "page" is set to "submitrecipe") when adding a
recipe is not properly sanitised before being used. This can be
exploited to insert arbitrary HTML and script code, which will be
executed in a user's browser session in context of an affected site
when the malicious data is being viewed.

The vulnerabilities are confirmed in version 1.7.2. Other versions
may also be affected.

SOLUTION:
Edit the source code to ensure that input is properly sanitised.

PROVIDED AND/OR DISCOVERED BY:
Sid3^effects
 

SECUNIA ADVISORY ID:
SA40535

VERIFY ADVISORY:
Secunia.com
http://secunia.com/advisories/40535/
Customer Area (Credentials Required)
https://ca.secunia.com/?page=viewadvisory&vuln_id=40535

RELEASE DATE:
2010-07-12
DESCRIPTION:
A vulnerability has been discovered in the redSHOP component for
Joomla, which can be exploited by malicious people to conduct SQL
injection attacks.

Input passed via the "pid" parameter to index.php (when "option" is
set to "com_redshop" and "view" is set to "product") is not properly
sanitised before being used in a SQL query. This can be exploited to
manipulate SQL queries by injecting arbitrary SQL code.

The vulnerability is confirmed in version 1.0 RC1. Other versions may
also be affected.

SOLUTION:
Edit the source code to ensure that input is properly sanitised.

PROVIDED AND/OR DISCOVERED BY:
v3n0m
 

Joomla! ได้ประกาศเวอร์ชันใหม่ออกมาแล้ว คือ Joomla 1.6 เบต้า 5 (ดาวน์โหลดที่นี่) หมายเหตุ: รุ่นเบต้านี้ยังไม่สามารถทำงานได้กับส่วนเสริมอื่นๆ ไม่แนะนำให้ใช้ทำเว็บไซต์จริง ซึ่งออกมาเพื่อที่จะใช้สำหรับการทดลอง และประเมินผลเท่านั้น

ตั้งแต่ Joomla 1.6 beta 4 ถูกปล่อยออกมาเมื่อวันที่ 28 มิถุนายน ทางทีมได้ทำการแก้ไขไปแล้ว 65 ปัญหาจากที่ได้มีการรายงานเข้ามา ดังนั้นความก้าวหน้าในรุ่นนี้ จะเกี่ยวข้องกับการแก้ไขให้ทำงานได้ดียิ่งขึ้นจากความพยายามของทีม Joomla! Bug Squad ดังนั้นเราขอบคุณสำหรับการทำงานหนักของทีม ซึ่งทำให้การทำงานของระบบมั่นคงขึ้น!

คุณสามารถดูรายละเอียดของการเปลี่ยนแปลงในรุ่นนี้จากในไฟล์ CHANGELOG.php

ถัดจากนี้ไป จะมีอะไร?

SECUNIA ADVISORY ID:
SA40449

VERIFY ADVISORY:
Secunia.com
http://secunia.com/advisories/40449/
Customer Area (Credentials Required)
https://ca.secunia.com/?page=viewadvisory&vuln_id=40449

RELEASE DATE:
2010-07-07
DESCRIPTION:
A vulnerability has been discovered in the AutarTimonial component
for Joomla, which can be exploited by malicious people to conduct SQL
injection attacks.

Input passed via the "limit" parameter to index.php (when "option" is
set to "com_autartimonial") is not properly sanitised before being
used in a SQL query. This can be exploited to manipulate SQL queries
by injecting arbitrary SQL code.

The vulnerability is confirmed in version 1.0.8. Other versions may
also be affected.

SOLUTION:
Edit the source code to ensure that input is properly sanitised.

PROVIDED AND/OR DISCOVERED BY:
Sid3^effects
 

SECUNIA ADVISORY ID:
SA40503

VERIFY ADVISORY:
Secunia.com
http://secunia.com/advisories/40503/
Customer Area (Credentials Required)
https://ca.secunia.com/?page=viewadvisory&vuln_id=40503

RELEASE DATE:
2010-07-07
DESCRIPTION:
Salvatore Fresta has discovered multiple vulnerabilities in the
Canteen component for Joomla, which can be exploited by malicious
users to conduct SQL injection attacks and by malicious people to
disclose potentially sensitive information.

1) Input passed via the "mealid" parameter to index.php (when
"option" is set to "com_canteen", "view" is set to "menu",
"controller" is set to "menu", and "task" is set to "saveOrder",
"removeOrder", or "saveFromBursa") is not properly sanitised before
being used in a SQL query. This can be exploited to manipulate SQL
queries by injecting arbitrary SQL code.

2) Input passed to the "controller" parameter in index.php (when
"option" is set to "com_canteen") is not properly verified before
being used to include files. This can be exploited to include
arbitrary files from local resources via directory traversal attacks
and URL-encoded NULL bytes.

The vulnerabilities are confirmed in version 1.0. Other versions may
also be affected.

SOLUTION:
Edit the source code to ensure that input is properly sanitised and
verified.

PROVIDED AND/OR DISCOVERED BY:
Salvatore Fresta