SECUNIA ADVISORY ID:
SA39836

VERIFY ADVISORY:
http://secunia.com/advisories/39836/

DESCRIPTION:
Valentin Hoebel has reported a vulnerability in the JE Ajax Event
Calendar component for Joomla, which can be exploited by malicious
people to disclose potentially sensitive information.

Input passed to the "view" parameter in index.php (when "option" is
set to "com_jeajaxeventcalendar") is not properly verified before
being used to include files. This can be exploited to include
arbitrary files from local resources via directory traversal attacks
and URL-encoded NULL bytes.

The vulnerability is reported in version 1.0.1. Other versions may
also be affected.

SOLUTION:
Edit the source code to ensure that input is properly verified.

PROVIDED AND/OR DISCOVERED BY:
Valentin Hoebel

ORIGINAL ADVISORY:
http://www.xenuser.org/2010/05/14/joomla-component-je-ajax-event-calendar-local-file-inclusion-vulnerability/

SECUNIA ADVISORY ID:
SA39829

VERIFY ADVISORY:
http://secunia.com/advisories/39829/

DESCRIPTION:
MustLive has reported a vulnerability in the 3D Users Cloud module
for Joomla, which can be exploited by malicious people to conduct
cross-site scripting attacks.

Input passed via the "tagcloud" parameter to
modules/mod_usr3dcloud/tagcloud_rus.swf (when "mode" is set to
"tags") is not properly sanitised before being returned to the user.
This can be exploited to execute arbitrary HTML and script code in a
user's browser session in context of an affected site.

The vulnerability is reported in version 1.8. Other versions may also
be affected.

SOLUTION:
Filter malicious characters and character sequences using a proxy.

PROVIDED AND/OR DISCOVERED BY:
MustLive

ORIGINAL ADVISORY:
http://websecurity.com.ua/4198/

SECUNIA ADVISORY ID:
SA39755

VERIFY ADVISORY:
http://secunia.com/advisories/39755/

DESCRIPTION:
A vulnerability has been reported in the Dione Form Wizard component
for Joomla, which can be exploited by malicious people to disclose
potentially sensitive information.

Input passed to the "controller" parameter in index.php (when
"option" is set to "com_dioneformwizard") is not properly verified
before being used to include files. This can be exploited to include
arbitrary files from local resources via directory traversal attacks
and URL-encoded NULL bytes.

The vulnerability is reported in version 1.0.2. Other versions may
also be affected.

SOLUTION:
Edit the source code to ensure that input is properly verified.

PROVIDED AND/OR DISCOVERED BY:
Chip D3 Bi0s

SECUNIA ADVISORY ID:
SA39816

VERIFY ADVISORY:
http://secunia.com/advisories/39816/

DESCRIPTION:
A vulnerability has been discovered in the Konsultasi component for
Joomla, which can be exploited by malicious people to conduct SQL
injection attacks.

Input passed via the "sid" parameter to index.php (when "option" is
set to "com_konsultasi" and "act" is set to "detail") is not properly
sanitised before being used in a SQL query. This can be exploited to
manipulate SQL queries by injecting arbitrary SQL code.

The vulnerability is confirmed in version 1.0.0. Other versions may
also be affected.

SOLUTION:
Edit the source code to ensure that input is properly sanitised.

PROVIDED AND/OR DISCOVERED BY:
c4uR

SECUNIA ADVISORY ID:
SA39707

VERIFY ADVISORY:
http://secunia.com/advisories/39707/

DESCRIPTION:
A vulnerability has been discovered in the Camp26 VisitorData module
for Joomla, which can be exploited by malicious people to compromise
a vulnerable system.

Input passed via the "X-Forwarded-For" HTTP header is not properly
sanitised before being used as a command line argument in
tmpl/default.php. This can be exploited to inject arbitrary shell
commands

The vulnerability is confirmed in version 1.1. Other versions may
also be affected.

SOLUTION:
Edit the source code to ensure that input is properly sanitised.

PROVIDED AND/OR DISCOVERED BY:
Chip D3 Bi0s

ORIGINAL ADVISORY:
http://elotrolad0.blogspot.com/2010/05/modvisitordata-joomla-remoce-code.html

SECUNIA ADVISORY ID:
SA39693

VERIFY ADVISORY:
http://secunia.com/advisories/39693/

DESCRIPTION:
Valentin Hoebel has reported some vulnerabilities in the Table JX
component for Joomla!, which can be exploited by malicious people to
conduct cross-site scripting attacks.

Input passed via the "data_search" and "rpp" parameters to index.php
(when "option" is set to "com_grid" and "gid" is set) is not properly
sanitised before being returned to the user. This can be exploited to
execute arbitrary HTML and script code in a user's browser session in
context of an affected site.

The vulnerabilities are reported in version 1.5. Other versions may
also be affected.

SOLUTION:
Edit the source code to ensure that input is properly sanitised.

PROVIDED AND/OR DISCOVERED BY:
Valentin Hoebel

ORIGINAL ADVISORY:
http://www.xenuser.org/documents/security/joomla_com_table_jx_xss.txt