DESCRIPTION: andresg888 has discovered a vulnerability in YJ Whois module for Joomla, which can be exploited by malicious people to conduct cross-site scripting attacks.
Input passed in a HTTP POST request via the "domain" form field to index.php (when form field "top_com" is set to "on" and "submitBtn" is set to "Check") is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site.
The vulnerability is confirmed in version 1.0. Prior versions may also be affected.
DESCRIPTION: A security issue has been discovered in the Kide Shoutbox component for Joomla, which can be exploited by malicious people to bypass certain security restrictions.
The vulnerability is caused due to improper authentication for posted messages. This can be exploited to bypass the "Only to registered users" configuration setting and post messages with an arbitrary user name via index.php (when "option" is set to "com_kide" and "task" is set to "insertar").
The vulnerability is confirmed in version 0.4.6. Other versions may also be vulnerable.
SOLUTION: Do not rely on the product's user restriction.
PROVIDED AND/OR DISCOVERED BY: An anonymous person
DESCRIPTION: Don Tukulesto has discovered a vulnerability in the Joaktree component for Joomla, which can be exploited by malicious people to conduct SQL injection attacks.
Input passed via the "treeId" parameter to index.php (when "option" is set to "com_joaktree") is not properly sanitised before being used in a SQL query. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code.
The vulnerability is confirmed in version 1.0. Other versions may also be affected.
SOLUTION: Edit the source code to ensure that input is properly sanitised.
DESCRIPTION: kaMtiEz has discovered a vulnerability in the LyftenBloggie component for Joomla, which can be exploited by malicious people to conduct SQL injection attacks.
Input passed via the "author" parameter to index.php (when "option" is set to "com_lyftenbloggie") is not properly sanitised before being used in an SQL query. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code.
The vulnerability is confirmed in version 1.0.4. Other versions may also be affected.
SOLUTION: Edit the source code to ensure that input is properly sanitised.
ขอเชิญ เพื่อนๆ สมาชิกทุกท่าน ทั้งหน้าใหม่? หน้าเก่า ร่วมงาน Joomla! User Group Meeting ครั้งที่ 6? 
ส่วนประกอบเสริมประจำเดือนนี้ครับ เป็นโมดูลแสดงเนื้อหาข่าว rss จากเว็บไซต์ที่เราต้องการเอาข่าวมาแสดงบนหน้าเว็บของเรา โดยโมดูล My RSS Reader นี้ ทางทีมลายไทย ได้ทำการทดสอบการดึงข่าว rss มาจากเว็บ 
