SECUNIA ADVISORY ID:
SA32367

VERIFY ADVISORY:
http://secunia.com/advisories/32367/

CRITICAL:
Moderately critical

IMPACT:
Exposure of system information, Exposure of sensitive information

WHERE:
>From remote

SOFTWARE:
RWCards 3.x (component for Joomla)
http://secunia.com/advisories/product/20228/

DESCRIPTION:
Vrs-hCk has discovered a vulnerability in the RWCards component for
Joomla!, which can be exploited by malicious people to disclose
sensitive information.

Input passed to the "img" parameter in captcha/captcha_image.php is
not properly sanitised before being used. This can be exploited to
display arbitrary files via directory traversal attacks and
URL-encoded NULL bytes.

Successful exploitation requires that "magic_quotes_gpc" is
disabled.

The vulnerability is confirmed in version 3.0.11. Other versions may
also be affected.

SOLUTION:
Edit the source code to ensure that input is properly sanitised.

PROVIDED AND/OR DISCOVERED BY:
Vrs-hCk

ORIGINAL ADVISORY:
http://milw0rm.com/exploits/6817

SECUNIA ADVISORY ID:
SA32381

VERIFY ADVISORY:
http://secunia.com/advisories/32381/

CRITICAL:
Less critical

IMPACT:
Exposure of system information

WHERE:
>From remote

SOFTWARE:
Archaic Binary 1.x (component for Joomla)
http://secunia.com/advisories/product/20238/

DESCRIPTION:
H!tm@N has discovered a vulnerability in the Archaic Binary component
for Joomla, which can be exploited by malicious people to disclose
system information.

Input passed to the "gallery" parameter in index.php (when "option"
is set to "com_ab_gallery") is not properly sanitised before being
used. This can be exploited to display the contents of directories
via directory traversal attacks.

This vulnerability is confirmed in version 1.0. Other versions may
also be affected.

SOLUTION:
Edit the source code to ensure that input is properly sanitised.

PROVIDED AND/OR DISCOVERED BY:
H!tm@N

ORIGINAL ADVISORY:
http://milw0rm.com/exploits/6826

SECUNIA ADVISORY ID:
SA32365

VERIFY ADVISORY:
http://secunia.com/advisories/32365/

CRITICAL:
Moderately critical

IMPACT:
Manipulation of data

WHERE:
>From remote

SOFTWARE:
KBase 1.x (component for Joomla)
http://secunia.com/advisories/product/20234/

DESCRIPTION:
H!tm@N has discovered a vulnerability in the KBase component for
Joomla!, which can be exploited by malicious people to conduct SQL
injection attacks.

Input passed to the "id" parameter in the Joomla! installation's
index.php script (when "option" is set to "com_kbase" and "view" to
"article") is not properly sanitised before being used in SQL
queries. This can be exploited to manipulate SQL queries by injecting
arbitrary SQL code.

The vulnerability is confirmed in version 1.2. Other versions may
also be affected.

SOLUTION:
Edit the source code to ensure that input is properly sanitised.

PROVIDED AND/OR DISCOVERED BY:
H!tm@N

ORIGINAL ADVISORY:
http://milw0rm.com/exploits/6827

SECUNIA ADVISORY ID:
SA32377

VERIFY ADVISORY:
http://secunia.com/advisories/32377/

CRITICAL:
Moderately critical

IMPACT:
Exposure of system information, Exposure of sensitive information

WHERE:
>From remote

SOFTWARE:
ionFiles 4.x (component for Joomla)
http://secunia.com/advisories/product/20215/

DESCRIPTION:
Vrs-hCk has discovered a vulnerability in the ionFiles component for
Joomla!, which can be exploited by malicious people to disclose
sensitive information.

Input passed to the "file" parameter in download.php (when "download"
is set to "1") is not properly sanitised before being used. This can
be exploited to download arbitrary files via directory traversal
attacks.

The vulnerability is confirmed in version 4.4.2. Other versions may
also be affected.

SOLUTION:
Edit the source code to ensure that input is properly sanitised.

PROVIDED AND/OR DISCOVERED BY:
Vrs-hCk

ORIGINAL ADVISORY:
http://milw0rm.com/exploits/6809

SECUNIA ADVISORY ID:
SA32321

VERIFY ADVISORY:
http://secunia.com/advisories/32321/

CRITICAL:
Moderately critical

IMPACT:
Manipulation of data

WHERE:
>From remote

SOFTWARE:
DS-Syndicate 1.x (component for Joomla)
http://secunia.com/advisories/product/20188/

DESCRIPTION:
boom3rang has discovered a vulnerability in the DS-Syndicate
component for Joomla!, which can be exploited by malicious people to
conduct SQL injection attacks.

Input passed to the "feed_id" parameter in the Joomla! installation's
index.php script (when "option" is set to "ds-syndicate" and "version"
to "1") is not properly sanitised before being used in SQL queries.
This can be exploited to manipulate SQL queries by injecting
arbitrary SQL code.

The vulnerability is confirmed in version 1.1.1. Other versions may
also be affected.

SOLUTION:
Edit the source code to ensure that input is properly sanitised.

PROVIDED AND/OR DISCOVERED BY:
boom3rang

ORIGINAL ADVISORY:
http://milw0rm.com/exploits/6792

SECUNIA ADVISORY ID:
SA32235

VERIFY ADVISORY:
http://secunia.com/advisories/32235/

CRITICAL:
Moderately critical

IMPACT:
Manipulation of data, Exposure of sensitive information

WHERE:
>From remote

SOFTWARE:
OwnBiblio 1.x (component for Joomla)
http://secunia.com/advisories/product/20132/

DESCRIPTION:
H!tm@N has discovered a vulnerability in the OwnBiblio component for
Joomla!, which can be exploited by malicious people to conduct SQL
injection attacks.

Input passed to the "catid" parameter in the Joomla! installation's
index.php script (when "option" is set to "com_ownbiblio" and "view"
to "catalogue") is not properly sanitised before being used in SQL
queries. This can be exploited to manipulate SQL queries by injecting
arbitrary SQL code.

Successful exploitation allows e.g. retrieval of administrator
usernames and password hashes, but requires knowledge of the database
table prefix.

The vulnerability is confirmed in version 1.5.3 (1.5_fixed). Other
versions may also be affected.

SOLUTION:
Edit the source code to ensure that input is properly sanitised.

PROVIDED AND/OR DISCOVERED BY:
H!tm@N

ORIGINAL ADVISORY:
http://milw0rm.com/exploits/6730