DESCRIPTION: ManhLuat93 has discovered a vulnerability in the Jobline component for Joomla!, which can be exploited by malicious people to conduct SQL injection attacks.
Input passed to the "search" parameter in components/com_jobline/jobline.php is not properly sanitised before being used in SQL queries. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code.
Successful exploitation requires that "magic_quotes_gpc" is disabled.
The vulnerability is confirmed in version 1.1.2.2. Other versions may also be affected.
SOLUTION: Edit the source code to ensure that input is properly sanitised.
The Joomla! Day is to be held in Bangkok next 22 ? 23 Aug 2009. This is a special occasion for Joomla fans around the world to learn, share and connect together.
JoomlArt has proposed to and been approved by the organizer of Joomla! Day 2009 a special sponsor programme so that we could share the hand with you to support & raise funds for this fantastic event. And now! It is my pleasure to announce
To celebrate this occasion, for those who participate in the event, we are offering our 1 Year Developer membership (new or renew) with a 30% discount - that's a saving of up to US$150! And, not only that, but all sales will be donated to the organizers! So, enjoy a year long membership at JoomlArt AND support Joomla! Just sign up using the coupon code JABANGKOK to take part in this offer! Expires 22 Aug 2009.
To Joomla & JoomlArt lovers, why not grasp this chance to meet each other for knowledge exchange & better networking.
If you are not able to be there with us, don't worry ! You still can help by spreading it to your network via Twitter, IM or emails.
DESCRIPTION: A security issue has been reported in the Acajoom GPL component for Joomla!, which can be exploited by malicious people to potentially compromise a vulnerable system.
The security issue is caused due to a backdoor in the application and can be exploited to potentially execute arbitrary PHP code.
The security issue is reported in versions downloaded between 2009-06-25 and 2009-06-28. Other versions may also be affected.
DESCRIPTION: Some vulnerabilities and a security issue have been reported in Joomla!, which can be exploited by malicious people to conduct cross-site scripting attacks or to disclose system information.
1) Input passed via the "HTTP_REFERER" is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site.
2) Input passed via the URL is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site.
3) A security issue exists due to certain files missing the check for JEXEC, which can lead to the disclosure of path information.
The security issue and the vulnerabilities are reported in versions prior to 1.5.12.
SOLUTION: Update to version 1.5.12.
PROVIDED AND/OR DISCOVERED BY: 1) The vendor credits Juan Galiana Lara (Internet Security Auditors). 2) The vendor credits Paul Boekholt (Byte Internet).
สมาคมสมาพันธ์โอเพนซอร์สแห่งประเทศไทย ร่วมกับ ศูนย์เทคโนโลยีอิเล็กทรอนิกส์และคอมพิวเตอร์แห่งชาติ และสำนักงานพัฒนาวิทยาศาสตร์และเทคโนโลยีแห่งชาติ ขอเชิญท่านเข้าร่วมงาน ?JoomlaDay Bangkok 2009? งานรวมพลคนใช้จูมล่าในประเทศไทยครั้งที่ 3 ในวันเสาร์ที่ 22 และอาทิตย์ที่ 23 สิงหาคม 2552 เวลา 8.30 น. - 17.00 น. ณ ห้องบัวหลวงแกรนด์รูม อาคาร ดร.สุข (อาคาร1) ชั้น 6 มหาวิทยาลัยศรีปทุม
