ทีมจูมล่าลายไทย ได้รีลีสต์ไฟล์ภาษาสำหรับใช้งานบนจูมล่า 1.5.8 แล้ว ซึ่งในแพคเกจของไฟล์ภาษา ได้ถูกสร้างออกมา 3 รูปแบบ ดังนี้

1. th-TH_Joomla_1.5.8_admin.zip เป็นไฟล์ภาษา ที่ใช้สำหรับนำไปใช้แสดงการใช้งานเฉพาะด้านผู้ดูแลเท่านั้น
2. th-TH_Joomla_1.5.8_SiteWJdateTH.zip เป็นไฟล์ภาษา ที่ใช้สำหรับเฉพาะด้านหน้าเว็บเท่านั้น โดยมีการแสดงวัน เดือน ปี พ.ศ. เป็นภาษาไทย (JDate) จะทำงานได้เมื่อไม่มีการติดตั้งภาษาไทยในผู้ดูแล
3. th-TH_Joomla_1.5.8_site_admin.zip เป็นไฟล์ภาษา ที่ใช้สำหรับการแสดงผลภาษาไทย ทั้งในด้านผู้ดูแล และด้านหน้าเว็บ โดยด้านหน้า จะแสดงวัน เดือน ปี แบบปกติ

SECUNIA ADVISORY ID:
SA32551

VERIFY ADVISORY:
http://secunia.com/advisories/32551/

CRITICAL:
Highly critical

IMPACT:
System access

WHERE:
>From remote

SOFTWARE:
Dada Mail Manager 2.x (component for Joomla)
http://secunia.com/advisories/product/20413/

DESCRIPTION:
NoGe has discovered a vulnerability in the Dada Mail Manager
component for Joomla, which can be exploited by malicious people to
compromise a vulnerable system.

Input passed to the "mosConfig_absolute_path" parameter in
administrator/components/com_dadamail/config.dadamail.php is not
properly verified before being used to include files. This can be
exploited to include arbitrary files from local or external
resources.

This vulnerability is confirmed in Dada Mail Manager version 2.6.
Other versions may also be affected.

SOLUTION:
Edit the source code to ensure that input is properly verified.

PROVIDED AND/OR DISCOVERED BY:
NoGe

ORIGINAL ADVISORY:
http://milw0rm.com/exploits/7002

SECUNIA ADVISORY ID:
SA32523

VERIFY ADVISORY:
http://secunia.com/advisories/32523/

CRITICAL:
Moderately critical

IMPACT:
Exposure of system information, Exposure of sensitive information

WHERE:
>From remote

SOFTWARE:
Pro Desk 1.x (component for Joomla)
http://secunia.com/advisories/product/20406/

DESCRIPTION:
d3v1l has reported a vulnerability in the Pro Desk component for
Joomla, which can be exploited by malicious people to disclose
sensitive information.

Input passed to the "include_file" parameter in index.php (when
"option" is set to "com_pro_desk") is not properly verified before
being used to include files. This can be exploited to include
arbitrary files from local resources via directory traversal
attacks.

This vulnerability is reported in versions 1.0 and 1.2. Other
versions may also be affected.

SOLUTION:
Edit the source code to ensure that input is properly verified.

PROVIDED AND/OR DISCOVERED BY:
d3v1l

ORIGINAL ADVISORY:
http://milw0rm.com/exploits/6980

SECUNIA ADVISORY ID:
SA32533

VERIFY ADVISORY:
http://secunia.com/advisories/32533/

CRITICAL:
Highly critical

IMPACT:
System access

WHERE:
>From remote

SOFTWARE:
VirtueMart Google Base 1.x (component for Joomla)
http://secunia.com/advisories/product/20405/

DESCRIPTION:
NoGe has discovered a vulnerability in the VirtueMart Google Base
component for Joomla, which can be exploited by malicious people to
compromise a vulnerable system

Input passed to the "mosConfig_absolute_path" parameter in
administrator/components/com_googlebase/admin.googlebase.php is not
properly verified before being used to include files. This can be
exploited to include arbitrary files from local or external
resources.

This vulnerability is confirmed in VirtueMart Google Base version
1.3. Other versions may also be affected.

SOLUTION:
Edit the source code to ensure that input is properly verified.

PROVIDED AND/OR DISCOVERED BY:
NoGe

ORIGINAL ADVISORY:
http://milw0rm.com/exploits/6975

SECUNIA ADVISORY ID:
SA32520

VERIFY ADVISORY:
http://secunia.com/advisories/32520/

CRITICAL:
Highly critical

IMPACT:
System access

WHERE:
>From remote

SOFTWARE:
Flash Tree Gallery 1.x (component for Joomla!)
http://secunia.com/advisories/product/20313/

DESCRIPTION:
NoGe has reported a vulnerability in the Flash Tree Gallery component
for Joomla!, which can be exploited by malicious people to compromise
a vulnerable system.

Input passed to the "mosConfig_live_site" parameter in
administrator/components/com_treeg/admin.treeg.php is not properly
verified before being used to include files. This can be exploited to
include arbitrary files from local or external resources.

Successful exploitation requires that "register_globals" is enabled.

The vulnerability is reported in version 1.0. Other versions may also
be affected.

SOLUTION:
Edit the source code to ensure that input is properly verified.

PROVIDED AND/OR DISCOVERED BY:
NoGe

ORIGINAL ADVISORY:
http://milw0rm.com/exploits/6928

SECUNIA ADVISORY ID:
SA32367

VERIFY ADVISORY:
http://secunia.com/advisories/32367/

CRITICAL:
Moderately critical

IMPACT:
Exposure of system information, Exposure of sensitive information

WHERE:
>From remote

SOFTWARE:
RWCards 3.x (component for Joomla)
http://secunia.com/advisories/product/20228/

DESCRIPTION:
Vrs-hCk has discovered a vulnerability in the RWCards component for
Joomla!, which can be exploited by malicious people to disclose
sensitive information.

Input passed to the "img" parameter in captcha/captcha_image.php is
not properly sanitised before being used. This can be exploited to
display arbitrary files via directory traversal attacks and
URL-encoded NULL bytes.

Successful exploitation requires that "magic_quotes_gpc" is
disabled.

The vulnerability is confirmed in version 3.0.11. Other versions may
also be affected.

SOLUTION:
Edit the source code to ensure that input is properly sanitised.

PROVIDED AND/OR DISCOVERED BY:
Vrs-hCk

ORIGINAL ADVISORY:
http://milw0rm.com/exploits/6817