SECUNIA ADVISORY ID:
SA39829

VERIFY ADVISORY:
http://secunia.com/advisories/39829/

DESCRIPTION:
MustLive has reported a vulnerability in the 3D Users Cloud module
for Joomla, which can be exploited by malicious people to conduct
cross-site scripting attacks.

Input passed via the "tagcloud" parameter to
modules/mod_usr3dcloud/tagcloud_rus.swf (when "mode" is set to
"tags") is not properly sanitised before being returned to the user.
This can be exploited to execute arbitrary HTML and script code in a
user's browser session in context of an affected site.

The vulnerability is reported in version 1.8. Other versions may also
be affected.

SOLUTION:
Filter malicious characters and character sequences using a proxy.

PROVIDED AND/OR DISCOVERED BY:
MustLive

ORIGINAL ADVISORY:
http://websecurity.com.ua/4198/

SECUNIA ADVISORY ID:
SA39755

VERIFY ADVISORY:
http://secunia.com/advisories/39755/

DESCRIPTION:
A vulnerability has been reported in the Dione Form Wizard component
for Joomla, which can be exploited by malicious people to disclose
potentially sensitive information.

Input passed to the "controller" parameter in index.php (when
"option" is set to "com_dioneformwizard") is not properly verified
before being used to include files. This can be exploited to include
arbitrary files from local resources via directory traversal attacks
and URL-encoded NULL bytes.

The vulnerability is reported in version 1.0.2. Other versions may
also be affected.

SOLUTION:
Edit the source code to ensure that input is properly verified.

PROVIDED AND/OR DISCOVERED BY:
Chip D3 Bi0s

SECUNIA ADVISORY ID:
SA39816

VERIFY ADVISORY:
http://secunia.com/advisories/39816/

DESCRIPTION:
A vulnerability has been discovered in the Konsultasi component for
Joomla, which can be exploited by malicious people to conduct SQL
injection attacks.

Input passed via the "sid" parameter to index.php (when "option" is
set to "com_konsultasi" and "act" is set to "detail") is not properly
sanitised before being used in a SQL query. This can be exploited to
manipulate SQL queries by injecting arbitrary SQL code.

The vulnerability is confirmed in version 1.0.0. Other versions may
also be affected.

SOLUTION:
Edit the source code to ensure that input is properly sanitised.

PROVIDED AND/OR DISCOVERED BY:
c4uR

SECUNIA ADVISORY ID:
SA39707

VERIFY ADVISORY:
http://secunia.com/advisories/39707/

DESCRIPTION:
A vulnerability has been discovered in the Camp26 VisitorData module
for Joomla, which can be exploited by malicious people to compromise
a vulnerable system.

Input passed via the "X-Forwarded-For" HTTP header is not properly
sanitised before being used as a command line argument in
tmpl/default.php. This can be exploited to inject arbitrary shell
commands

The vulnerability is confirmed in version 1.1. Other versions may
also be affected.

SOLUTION:
Edit the source code to ensure that input is properly sanitised.

PROVIDED AND/OR DISCOVERED BY:
Chip D3 Bi0s

ORIGINAL ADVISORY:
http://elotrolad0.blogspot.com/2010/05/modvisitordata-joomla-remoce-code.html

SECUNIA ADVISORY ID:
SA39693

VERIFY ADVISORY:
http://secunia.com/advisories/39693/

DESCRIPTION:
Valentin Hoebel has reported some vulnerabilities in the Table JX
component for Joomla!, which can be exploited by malicious people to
conduct cross-site scripting attacks.

Input passed via the "data_search" and "rpp" parameters to index.php
(when "option" is set to "com_grid" and "gid" is set) is not properly
sanitised before being returned to the user. This can be exploited to
execute arbitrary HTML and script code in a user's browser session in
context of an affected site.

The vulnerabilities are reported in version 1.5. Other versions may
also be affected.

SOLUTION:
Edit the source code to ensure that input is properly sanitised.

PROVIDED AND/OR DISCOVERED BY:
Valentin Hoebel

ORIGINAL ADVISORY:
http://www.xenuser.org/documents/security/joomla_com_table_jx_xss.txt

SECUNIA ADVISORY ID:
SA39681

VERIFY ADVISORY:
http://secunia.com/advisories/39681/

DESCRIPTION:
Some vulnerabilities have been discovered in the DJ-Classifieds
component for Joomla!, which can be exploited by malicious users to
conduct script insertion attacks and compromise a vulnerable system.

1) Input passed via the "description" parameter to index.php (when
"option" is set to "com_djclassifieds" and "view" is set to
"additem") is not properly sanitised before being displayed to the
user. This can be exploited to insert arbitrary HTML and script code,
which will be executed in a user's browser session in context of an
affected site when the malicious data is being viewed.

2) A vulnerability is caused due to the application improperly
validating uploaded files. This can be exploited to execute arbitrary
PHP code by uploading a malicious PHP script with multiple
extensions.

Successful exploitation of this vulnerability requires that Apache is
not configured to handle the mime-type for files with an e.g. "pjpeg"
extension.

The vulnerabilities are confirmed in version 0.9.1. Other versions
may also be affected.

SOLUTION:
Grant only trusted users access to the affected component.

PROVIDED AND/OR DISCOVERED BY:
Sid3^effects