SECUNIA ADVISORY ID:
SA40130

VERIFY ADVISORY:
Secunia.com
http://secunia.com/advisories/40130/
Customer Area (Credentials Required)
https://ca.secunia.com/?page=viewadvisory&vuln_id=40130

RELEASE DATE:
2010-07-06
DESCRIPTION:
Secunia Research has discovered a vulnerability in the BookLibrary
>From Same Author module for Joomla, which can be exploited by
malicious people to conduct SQL injection attacks.

1) Input passed via the "id" parameter to index.php (when "option" is
set to "com_booklibrary" and "task" is set to "view") is not properly
sanitised before being used in a SQL query. This can be exploited to
manipulate SQL queries by injecting arbitrary SQL code.

The vulnerability is confirmed in version 1.5. Other versions may
also be affected.

SOLUTION:
Update to version 1.5_2010_06_25.

PROVIDED AND/OR DISCOVERED BY:
Secunia Research
 

SECUNIA ADVISORY ID:
SA40314

VERIFY ADVISORY:
Secunia.com
http://secunia.com/advisories/40314/
Customer Area (Credentials Required)
https://ca.secunia.com/?page=viewadvisory&vuln_id=40314

RELEASE DATE:
2010-07-03
DESCRIPTION:
A vulnerability has been reported in the JoomDOC component for
Joomla, which can be exploited by malicious users to disclose
potentially sensitive information.

For more information:
SA40291

The vulnerability is reported in version 2.0.2. Other versions may
also be affected.

SOLUTION:
Restrict access for accounts with "upload" and "edit" permissions to
trusted users only.

PROVIDED AND/OR DISCOVERED BY:
An anonymous person.
 

SECUNIA ADVISORY ID:
SA40131

VERIFY ADVISORY:
Secunia.com
http://secunia.com/advisories/40131/
Customer Area (Credentials Required)
https://ca.secunia.com/?page=viewadvisory&vuln_id=40131

RELEASE DATE:
2010-07-01
DESCRIPTION:
Secunia Research has discovered multiple vulnerabilities in the
BookLibrary component for Joomla, which can be exploited by malicious
people to conduct SQL injection attacks.

1) Input passed via the "bid[]" parameter to index.php (when "option"
is set to "com_booklibrary" and "task" is set to "lend_request") is
not properly sanitised before being used in a SQL query. This can be
exploited to manipulate SQL queries by injecting arbitrary SQL code.

2) Input passed via the "bid[]" parameter to index.php (when "option"
is set to "com_booklibrary" and "task" is set to "save_lend_request")
is not properly sanitised before being used in a SQL query. This can
be exploited to manipulate SQL queries by injecting arbitrary SQL
code.

Successful exploitation requires that "magic_quotes_gpc" is
disabled.

3) Input passed via the "id" parameter to index.php (when "option" is
set to "com_booklibrary" and "task" is set to "mdownload" or
"downitsf") is not properly sanitised before being used in a SQL
query. This can be exploited to manipulate SQL queries by injecting
arbitrary SQL code.

4) Input passed via the "searchtext" parameter to index.php (when
"option" is set to "com_booklibrary" and "task" is set to "search")
is not properly sanitised before being used in a SQL query. This can
be exploited to manipulate SQL queries by injecting arbitrary SQL
code.

Successful exploitation requires that "magic_quotes_gpc" is
disabled.

The vulnerabilities are confirmed in version 1.5.3 Basic. Other
versions may also be affected.

SOLUTION:
Update to version 1.5.3_2010_06_20.

PROVIDED AND/OR DISCOVERED BY:
Secunia Research
 

SECUNIA ADVISORY ID:
SA40127

VERIFY ADVISORY:
Secunia.com
http://secunia.com/advisories/40127/
Customer Area (Credentials Required)
https://ca.secunia.com/?page=viewadvisory&vuln_id=40127

RELEASE DATE:
2010-06-30
DESCRIPTION:
Secunia Research has discovered some vulnerabilities in the CKForms
component for Joomla, which can be exploited by malicious people to
conduct SQL injection attacks and compromise a vulnerable system.

1) Input passed via the "articleid" parameter to index.php (when
"option" is set to "com_ckforms", "view" is set to "ckforms", "task"
is set to "send", and "id" is set to a valid form id) is not properly
sanitised before being used in a SQL query. This can be exploited to
manipulate SQL queries by injecting arbitrary SQL code.

Successful exploitation requires that the "Save result" is enabled in
the form's configuration (disabled by default).

2) Input passed via the "sortd" parameter to index.php (when "option"
is set to "com_ckforms", "view" is set to "ckformsdata", "layout" is
set to "data", and "id" is set to "f") is not properly sanitised
before being used in a SQL query. This can be exploited to manipulate
SQL queries by injecting arbitrary SQL code.

3) The "CkformsModelCkforms::saveData()" method in models/ckforms.php
allows uploading of files with arbitrary extensions to a folder inside
the web root. This can be exploited to execute arbitrary PHP code by
uploading a PHP file.

Successful exploitation requires the "fileupload" field to be
configured.

NOTE: The stored file name is based on the original file name and a
time stamp, which is predictable.

The vulnerabilities are confirmed in version 1.3.4. Other versions
may also be affected.

SOLUTION:
Edit the source code to ensure that input is properly sanitised.
Change the "Uploaded files path" setting to a directory outside of
the web root.

PROVIDED AND/OR DISCOVERED BY:
Secunia Research
 

SECUNIA ADVISORY ID:
SA40259

VERIFY ADVISORY:
Secunia.com
http://secunia.com/advisories/40259/
Customer Area (Credentials Required)
https://ca.secunia.com/?page=viewadvisory&vuln_id=40259

RELEASE DATE:
2010-06-29
DESCRIPTION:
A vulnerability has been reported in Jamroom, which can be exploited
by malicious people to conduct cross-site scripting attacks.

Input passed via the "post_id" parameter in forum.php is not properly
sanitised before being returned to the user. This can be exploited to
execute arbitrary HTML and script code in an administrative user's
browser session in context of an affected site.

The vulnerability is reported in versions prior to 4.1.9.

SOLUTION:
Update to version 4.1.9.

PROVIDED AND/OR DISCOVERED BY:
High-Tech Bridge SA

ORIGINAL ADVISORY:
Jamroom:
http://www.jamroom.net/index.php?m=td_tracker&o=view&id=1756
 

SECUNIA ADVISORY ID:
SA40291

VERIFY ADVISORY:
Secunia.com
http://secunia.com/advisories/40291/
Customer Area (Credentials Required)
https://ca.secunia.com/?page=viewadvisory&vuln_id=40291

RELEASE DATE:
2010-06-29
DESCRIPTION:
A vulnerability has been reported in the DOCman component for Joomla,
which can be exploited by malicious users to disclose potentially
sensitive information.

The vulnerability is caused due to improper handling of the
document's metadata. This can be exploited to disclose the contents
of arbitrary files by changing certain metadata fields of a
document.

Successful exploitation requires the "upload" and "edit"
permissions.

The vulnerability is reported in version 1.3.x, 1.4.0, and 1.5.x up
to 1.5.7.

SOLUTION:
Update to version 1.4.1 and 1.5.8.

PROVIDED AND/OR DISCOVERED BY:
Reported by the vendor.