SECUNIA ADVISORY ID:
SA32622

VERIFY ADVISORY:
http://secunia.com/advisories/32622/

CRITICAL:
Moderately critical

IMPACT:
Cross Site Scripting

WHERE:
>From remote

SOFTWARE:
Joomla! 1.x
http://secunia.com/advisories/product/5788/

DESCRIPTION:
Some vulnerabilities have been reported in Joomla!, which can be
exploited by malicious users and potentially malicious people to
conduct script insertion attacks.

1) Unspecified input passed to the "com_content" component on article
submission is not properly sanitised before being used. This can be
exploited to insert arbitrary HTML and script code, which will be
executed in a user's browser session in context of an affected site
when the malicious data is viewed.

Successful exploitation of this vulnerability requires "Author"
privileges or higher, and that no filtering options are set.

2) Unspecified input passed to the "title" and "description" in the
"com_weblinks" component on weblink submissions is not properly
sanitised before being used. This can be exploited to insert
arbitrary HTML and script code, which will be executed in a user's
browser session in context of an affected site when the malicious
data is viewed.

Successful exploitation requires access to the weblink submission
form.

The vulnerabilities are reported in version 1.5.7 and prior.

SOLUTION:
Update to version 1.5.8..

PROVIDED AND/OR DISCOVERED BY:
The vendor credits:
1) Johan Janssens
2) Gergo Erdosi

ORIGINAL ADVISORY:
http://developer.joomla.org/security/news/283-20081101-core-comcontent-xss-vulnerability.html
http://developer.joomla.org/security/news/284-20081102-core-comweblinks-xss-vulnerability.html

ทีมจูมล่าลายไทย ได้รีลีสต์ไฟล์ภาษาสำหรับใช้งานบนจูมล่า 1.5.8 แล้ว ซึ่งในแพคเกจของไฟล์ภาษา ได้ถูกสร้างออกมา 3 รูปแบบ ดังนี้

1. th-TH_Joomla_1.5.8_admin.zip เป็นไฟล์ภาษา ที่ใช้สำหรับนำไปใช้แสดงการใช้งานเฉพาะด้านผู้ดูแลเท่านั้น
2. th-TH_Joomla_1.5.8_SiteWJdateTH.zip เป็นไฟล์ภาษา ที่ใช้สำหรับเฉพาะด้านหน้าเว็บเท่านั้น โดยมีการแสดงวัน เดือน ปี พ.ศ. เป็นภาษาไทย (JDate) จะทำงานได้เมื่อไม่มีการติดตั้งภาษาไทยในผู้ดูแล
3. th-TH_Joomla_1.5.8_site_admin.zip เป็นไฟล์ภาษา ที่ใช้สำหรับการแสดงผลภาษาไทย ทั้งในด้านผู้ดูแล และด้านหน้าเว็บ โดยด้านหน้า จะแสดงวัน เดือน ปี แบบปกติ

SECUNIA ADVISORY ID:
SA32551

VERIFY ADVISORY:
http://secunia.com/advisories/32551/

CRITICAL:
Highly critical

IMPACT:
System access

WHERE:
>From remote

SOFTWARE:
Dada Mail Manager 2.x (component for Joomla)
http://secunia.com/advisories/product/20413/

DESCRIPTION:
NoGe has discovered a vulnerability in the Dada Mail Manager
component for Joomla, which can be exploited by malicious people to
compromise a vulnerable system.

Input passed to the "mosConfig_absolute_path" parameter in
administrator/components/com_dadamail/config.dadamail.php is not
properly verified before being used to include files. This can be
exploited to include arbitrary files from local or external
resources.

This vulnerability is confirmed in Dada Mail Manager version 2.6.
Other versions may also be affected.

SOLUTION:
Edit the source code to ensure that input is properly verified.

PROVIDED AND/OR DISCOVERED BY:
NoGe

ORIGINAL ADVISORY:
http://milw0rm.com/exploits/7002

SECUNIA ADVISORY ID:
SA32523

VERIFY ADVISORY:
http://secunia.com/advisories/32523/

CRITICAL:
Moderately critical

IMPACT:
Exposure of system information, Exposure of sensitive information

WHERE:
>From remote

SOFTWARE:
Pro Desk 1.x (component for Joomla)
http://secunia.com/advisories/product/20406/

DESCRIPTION:
d3v1l has reported a vulnerability in the Pro Desk component for
Joomla, which can be exploited by malicious people to disclose
sensitive information.

Input passed to the "include_file" parameter in index.php (when
"option" is set to "com_pro_desk") is not properly verified before
being used to include files. This can be exploited to include
arbitrary files from local resources via directory traversal
attacks.

This vulnerability is reported in versions 1.0 and 1.2. Other
versions may also be affected.

SOLUTION:
Edit the source code to ensure that input is properly verified.

PROVIDED AND/OR DISCOVERED BY:
d3v1l

ORIGINAL ADVISORY:
http://milw0rm.com/exploits/6980

SECUNIA ADVISORY ID:
SA32533

VERIFY ADVISORY:
http://secunia.com/advisories/32533/

CRITICAL:
Highly critical

IMPACT:
System access

WHERE:
>From remote

SOFTWARE:
VirtueMart Google Base 1.x (component for Joomla)
http://secunia.com/advisories/product/20405/

DESCRIPTION:
NoGe has discovered a vulnerability in the VirtueMart Google Base
component for Joomla, which can be exploited by malicious people to
compromise a vulnerable system

Input passed to the "mosConfig_absolute_path" parameter in
administrator/components/com_googlebase/admin.googlebase.php is not
properly verified before being used to include files. This can be
exploited to include arbitrary files from local or external
resources.

This vulnerability is confirmed in VirtueMart Google Base version
1.3. Other versions may also be affected.

SOLUTION:
Edit the source code to ensure that input is properly verified.

PROVIDED AND/OR DISCOVERED BY:
NoGe

ORIGINAL ADVISORY:
http://milw0rm.com/exploits/6975

SECUNIA ADVISORY ID:
SA32520

VERIFY ADVISORY:
http://secunia.com/advisories/32520/

CRITICAL:
Highly critical

IMPACT:
System access

WHERE:
>From remote

SOFTWARE:
Flash Tree Gallery 1.x (component for Joomla!)
http://secunia.com/advisories/product/20313/

DESCRIPTION:
NoGe has reported a vulnerability in the Flash Tree Gallery component
for Joomla!, which can be exploited by malicious people to compromise
a vulnerable system.

Input passed to the "mosConfig_live_site" parameter in
administrator/components/com_treeg/admin.treeg.php is not properly
verified before being used to include files. This can be exploited to
include arbitrary files from local or external resources.

Successful exploitation requires that "register_globals" is enabled.

The vulnerability is reported in version 1.0. Other versions may also
be affected.

SOLUTION:
Edit the source code to ensure that input is properly verified.

PROVIDED AND/OR DISCOVERED BY:
NoGe

ORIGINAL ADVISORY:
http://milw0rm.com/exploits/6928