SECUNIA ADVISORY ID:
SA39870

VERIFY ADVISORY:
Secunia.com
http://secunia.com/advisories/39870/
Customer Area (Credentials Required)
https://ca.secunia.com/?page=viewadvisory&vuln_id=39870

RELEASE DATE:
2010-05-21

DISCUSS ADVISORY:
http://secunia.com/advisories/39870/#comments

AVAILABLE ON SITE AND IN CUSTOMER AREA:
 * Last Update
 * Popularity
 * Comments
 * Criticality Level
 * Impact
 * Where
 * Solution Status
 * Operating System / Software
 * CVE Reference(s)

http://secunia.com/advisories/39870/

ONLY AVAILABLE IN CUSTOMER AREA:
 * Authentication Level
 * Report Reliability
 * Secunia PoC
 * Secunia Analysis
 * Systems Affected
 * Approve Distribution
 * Remediation Status
 * Secunia CVSS Score
 * CVSS

https://ca.secunia.com/?page=viewadvisory&vuln_id=39870

ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI:
 * AUTOMATED SCANNING

http://secunia.com/vulnerability_scanning/personal/
http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/

DESCRIPTION:
Valentin Hoebel has discovered a vulnerability in the ActiveHelper
LiveHelp component for Joomla, which can be exploited by malicious
people to conduct cross-site scripting attacks.

Input passed to the "DOMAINID" parameter in
administrator/components/com_activehelper_livehelp/server/cookies.php
is not properly sanitised before being returned to the user. This can
be exploited to execute arbitrary HTML and script code in a user's
browser session in context of an affected site.

The vulnerability is confirmed in version 2.0.3. Other versions may
also be affected.

SOLUTION:
Edit the source code to ensure that input is properly sanitised.

PROVIDED AND/OR DISCOVERED BY:
Valentin Hoebel

ORIGINAL ADVISORY:
http://www.xenuser.org/2010/05/19/joomla-component-activehelper-livehelp-xss-vulnerabilities/

OTHER REFERENCES:
Further details available in Customer Area:
http://secunia.com/products/corporate/EVM/

DEEP LINKS:
Further details available in Customer Area:
http://secunia.com/products/corporate/EVM/

EXTENDED DESCRIPTION:
Further details available in Customer Area:
http://secunia.com/products/corporate/EVM/

EXTENDED SOLUTION:
Further details available in Customer Area:
http://secunia.com/products/corporate/EVM/

EXPLOIT:
Further details available in Customer Area:
http://secunia.com/products/corporate/EVM/

SECUNIA ADVISORY ID:
SA39842

VERIFY ADVISORY:
http://secunia.com/advisories/39842/

DESCRIPTION:
High-Tech Bridge SA has discovered a vulnerability in the JComments
component for Joomla, which can be exploited by malicious users to
conduct script insertion attacks.

Input passed via the "name" parameter to administrator/index.php
(when "option" is set to "com_jcomments", "task" is set to "edit",
"hiddenmenu" is set to "1", and "cid" is set to a valid comment id)
when editing a comment is not properly sanitised before being used.
This can be exploited to insert arbitrary HTML and script code, which
will be executed in a user's browser session in context of an affected
site when the malicious data is being viewed.

Successful exploitation requires "Public Back-end" permissions.

The vulnerability is confirmed in version 2.1.0.0. Other versions may
also be affected.

SOLUTION:
Update to version 2.2.0.0 or later.

PROVIDED AND/OR DISCOVERED BY:
High-Tech Bridge SA

ORIGINAL ADVISORY:
HTB22368:
http://www.htbridge.ch/advisory/xss_vulnerability_in_jcomments_joomla.html

JComments:
http://www.joomlatune.com/jcomments-v.2.2-release-notes.html

SECUNIA ADVISORY ID:
SA39871

VERIFY ADVISORY:
http://secunia.com/advisories/39871/

DESCRIPTION:
A vulnerability has been reported in the SimpleDownload component for
Joomla, which can be exploited by malicious people to disclose
potentially sensitive information.

Input passed to the "controller" parameter in index.php (when
"option" is set to "com_simpledownload") is not properly verified
before being used to include files. This can be exploited to include
arbitrary files from local resources via directory traversal attacks
and URL-encoded NULL bytes.

The vulnerability is reported in version 0.9.5. Other versions may
also be affected.

SOLUTION:
Update to version 0.9.6 or later.

PROVIDED AND/OR DISCOVERED BY:
* Xr0b0t
* The vendor also credits Jerzy Patraszewski

ORIGINAL ADVISORY:
Xr0b0t:
http://www.exploit-db.com/exploits/12618

SimpleDownload:
http://joomla.joelrowley.com/
http://extensions.joomla.org/extensions/directory-a-documentation/downloads/10717

Joomla!? ได้ประกาศเวอร์ชันใหม่ออกมาแล้ว คือ Joomla 1.6 เบต้า (ดาวน์โหลดที่นี่)? หมายเหตุ: รุ่นเบต้านี้ยังไม่สามารถทำงานได้กับส่วนเสริมอื่นๆ? ไม่แนะนำให้ใช้ทำเว็บไซต์จริง?? ซึ่งออกมาเพื่อที่จะใช้สำหรับการทดลอง และประเมินผลเท่านั้น

รายละเอียดของรุ่นนี้ มีดังนี้

Joomla! 1.6 รุ่นเบต้า ? ระบบการจัดการเนื้อหาเว็บไซต์ที่เขียนด้วยภาษา PHP ที่เป็นที่นิยมของโลก และง่ายต่อการใช้สร้างเว็บไซต์และแอพพลิเคชันออนไลน์

New York, 17 พฤษภาคม 2010 ?? โครงงาน Joomla, ฟรี, ได้รับรางวัล PHP-Based? Content Management System ที่ผู้ใช้สามารถสร้าง เว็บไซต์และแอพพลิเคชันออนไลน์ที่มีประสิทธิภาพ ได้ประกาศรุ่นเบต้าของ Joomla 1.6 โดยได้ทำการออกแบบเพื่อให้การควบคุมจัดการ และการใช้งานเว็บไซต์ได้ดีขึ้น Joomla 1.6 จะให้ความหลากหลายของเครื่องมือใหม่ๆ ในการปรับปรุงการจัดการ และการเข้าใช้งานเว็บไซต์ ซึ่งมีส่วนของโครงสร้างการควบคุมการเข้าใช้งานที่ดีขึ้น (Content control) และมีการปรับปรุงต่างๆ โดยใช้ประสบการณ์ที่ผ่านมานำมาปรับปรุง

SECUNIA ADVISORY ID:
SA39832

VERIFY ADVISORY:
http://secunia.com/advisories/39832/

DESCRIPTION:
A vulnerability has been discovered in the JE Quotation Form
component for Joomla, which can be exploited by malicious people to
disclose potentially sensitive information.

Input passed to the "view" parameter in index.php (when "option" is
set to "com_jequoteform") is not properly verified before being used
to include files. This can be exploited to include arbitrary files
from local resources via directory traversal attacks and URL-encoded
NULL bytes.

The vulnerability is confirmed in version 1.0b1. Other versions may
also be affected.

SOLUTION:
Edit the source code to ensure that input is properly verified.

PROVIDED AND/OR DISCOVERED BY:
altbta

SECUNIA ADVISORY ID:
SA39837

VERIFY ADVISORY:
http://secunia.com/advisories/39837/

DESCRIPTION:
Valentin Hoebel has reported two vulnerabilities in the JE Job
component for Joomla, which can be exploited by malicious people to
disclose potentially sensitive information and conduct SQL injection
attacks.

1) Input passed to the "view" parameter in index.php (when "option"
is set to "com_jejob") is not properly verified before being used to
include files. This can be exploited to include arbitrary files from
local resources via directory traversal attacks and URL-encoded NULL
bytes.

2) Input passed via the "catid" parameter to index.php (when "option"
is set to "com_jejob" and "view" is set to "item") is not properly
sanitised before being used in a SQL query. This can be exploited to
manipulate SQL queries by injecting arbitrary SQL code.

The vulnerabilities are reported in version 1.0. Other versions may
also be affected.

SOLUTION:
Edit the source code to ensure that input is properly verified and
sanitised.

PROVIDED AND/OR DISCOVERED BY:
Valentin Hoebel

ORIGINAL ADVISORY:
http://www.xenuser.org/2010/05/14/joomla-component-je-job-local-file-inclusion-vulnerability/