SECUNIA ADVISORY ID:
SA39533

VERIFY ADVISORY:
http://secunia.com/advisories/39533/

DESCRIPTION:
A vulnerability has been discovered in the MMS Blog component for
Joomla, which can be exploited by malicious people to disclose
potentially sensitive information.

Input passed to the "controller" parameter in index.php (when
"option" is set to "com_mmsblog") is not properly verified before
being used to include files. This can be exploited to include
arbitrary files from local resources via directory traversal attacks
and URL-encoded NULL bytes.

The vulnerability is confirmed in version 2.3.0. Other versions may
also be affected.

SOLUTION:
Edit the source code to ensure that input is properly verified.

PROVIDED AND/OR DISCOVERED BY:
AntiSecurity

SECUNIA ADVISORY ID:
SA39546

VERIFY ADVISORY:
http://secunia.com/advisories/39546/

DESCRIPTION:
A vulnerability has been reported in the Media Mall Factory component
for Joomla, which can be exploited by malicious people to conduct SQL
injection attacks.

Input passed via the "category" parameter to index.php (when "option"
is set to "com_mediamall") is not properly sanitised before being used
in a SQL query. This can be exploited to manipulate SQL queries by
injecting arbitrary SQL code.

The vulnerability is reported in version 1.0.4. Other versions may
also be affected.

SOLUTION:
Update to version 1.0.5 or later.

PROVIDED AND/OR DISCOVERED BY:
AntiSecurity

ORIGINAL ADVISORY:
Media Mall Factory:
http://www.thefactory.ro/shop/joomla-components/media-mall.html

SECUNIA ADVISORY ID:
SA39553

VERIFY ADVISORY:
http://secunia.com/advisories/39553/

DESCRIPTION:
Some vulnerabilities have been reported in the AWDwall component for
Joomla!, which can be exploited by malicious people to disclose
sensitive information and conduct SQL injection attacks.

1) Input passed via the "cbuser" parameter to index.php (if "option"
is set to "com_awdwall" and "view" is set to "awdwall") is not
properly sanitised before being used in SQL queries. This can be
exploited to manipulate SQL queries by injecting arbitrary SQL code.

2) Input passed via the "controller" parameter to index.php (if
"option" is set to "com_awdwall") is not properly verified before
being used to include files. This can be exploited to include
arbitrary file from local resources via directory traversal sequences
and URL-encoded NULL bytes.

The vulnerabilities are reported in versions prior to 1.5.5.

SOLUTION:
Update to version 1.5.5.

PROVIDED AND/OR DISCOVERED BY:
1) Jeff Channell
2) AntiSecurity

CHANGELOG:
AWDwall:
http://www.awdwall.com/index.php/awdwall-updates-logs-

Jeff Channell:
http://jeffchannell.com/Joomla/awd-wall-15-blind-sql-injection-vulnerability.html

SECUNIA ADVISORY ID:
SA39531

VERIFY ADVISORY:
http://secunia.com/advisories/39531/

DESCRIPTION:
A vulnerability has been discovered in the iNetLanka Multiple root
component for Joomla, which can be exploited by malicious people to
disclose potentially sensitive information.

Input passed to the "controller" parameter in index.php (when
"option" is set to "com_multiroot") is not properly verified before
being used to include files. This can be exploited to include
arbitrary files from local resources via directory traversal
sequences and URL-encoded NULL bytes.

The vulnerability is confirmed in version 1.1. Other versions may
also be affected.

SOLUTION:
Edit the source code to ensure that input is properly verified.

PROVIDED AND/OR DISCOVERED BY:
AntiSecurity

SECUNIA ADVISORY ID:
SA39536

VERIFY ADVISORY:
http://secunia.com/advisories/39536/

DESCRIPTION:
Two vulnerabilities have been discovered in the Online News Paper
Manager component for Joomla, which can be exploited by malicious
people to conduct SQL injection attacks.

Input passed via the "cid" and "date_info" parameters to index.php
(when "option" is set to "com_jnewspaper") is not properly sanitised
before being used in a SQL query. This can be exploited to manipulate
SQL queries by injecting arbitrary SQL code.

Successful exploitation via the "date_info" parameter requires that
"magic_quotes_gpc" is disabled.

The vulnerability is confirmed in version 1.0. Other versions may
also be affected.

SOLUTION:
Edit the source code to ensure that input is properly sanitised.

PROVIDED AND/OR DISCOVERED BY:
Don Tukulesto

SECUNIA ADVISORY ID:
SA39487

VERIFY ADVISORY:
http://secunia.com/advisories/39487/

DESCRIPTION:
A vulnerability has been discovered in the GBU Facebook component for
Joomla, which can be exploited by malicious people to conduct SQL
injection attacks.

Input passed via the "face_id" parameter to index.php (when "option"
is set to "com_gbufacebook" and "task" is set to "show_face") is not
properly sanitised before being used in a SQL query. This can be
exploited to manipulate SQL queries by injecting arbitrary SQL code.

The vulnerability is confirmed in version 1.0.5. Other versions may
also be affected.

SOLUTION:
Edit the source code to ensure that input is properly sanitised.

PROVIDED AND/OR DISCOVERED BY:
kaMtiEz