SECUNIA ADVISORY ID:
SA25698

VERIFY ADVISORY:
http://secunia.com/advisories/25698/

CRITICAL:
Moderately critical

IMPACT:
Manipulation of data

WHERE:
>From remote

SOFTWARE:
VirtueMart 1.x
http://secunia.com/product/11832/

DESCRIPTION:
A vulnerability has been reported in VirtueMart, which can be
exploited by malicious people to conduct SQL injection attacks.

Input passed to unspecified parameters is not properly sanitised
before being used in SQL queries. This can be exploited to manipulate
SQL queries by injecting arbitrary SQL code.

The vulnerability is reported in versions prior to 1.0.11.

SOLUTION:
Update to version 1.0.11.

PROVIDED AND/OR DISCOVERED BY:
Reported by the vendor.

ORIGINAL ADVISORY:
http://virtuemart.net/index.php?option=com_content&task=view&id=250&Itemid=57
http://sourceforge.net/project/shownotes.php?release_id=516206

SECUNIA ADVISORY ID:
SA24675

VERIFY ADVISORY:
http://secunia.com/advisories/24675/

CRITICAL:
Moderately critical

IMPACT:
Manipulation of data

WHERE:
>From remote

SOFTWARE:
D4J eZine (Component for Joomla) 2.x
http://secunia.com/product/13798/

DESCRIPTION:
ajann has reported a vulnerability in D4J eZine, which can be
exploited by malicious people to conduct SQL injection attacks.

Input passed to the "article" parameter to the com_ezine component is
not properly sanitised before being used in SQL queries. This can be
exploited by malicious people to manipulate SQL queries by injecting
arbitrary SQL code.

The vulnerability is reported in version 2.8. Other versions may also
be affected.

SOLUTION:
Filter malicious input (e.g. using mod_security).

PROVIDED AND/OR DISCOVERED BY:
ajann

ORIGINAL ADVISORY:
http://milw0rm.com/exploits/3590

SECUNIA ADVISORY ID:
SA24399

VERIFY ADVISORY:
http://secunia.com/advisories/24399/

CRITICAL:
Less critical

IMPACT:
Cross Site Scripting

WHERE:
>From remote

SOFTWARE:
VirtueMart 1.x
http://secunia.com/product/11832/

DESCRIPTION:
Some vulnerabilities have been reported in VirtueMart, which can be
exploited by malicious people to conduct cross-site scripting
attacks.

Input passed to unspecified parameters within ps_cart.php and
virtuemart_parser.php is not properly sanitised before being returned
to the user. This can be exploited to execute arbitrary HTML and
script code in a user's browser session in context of an affected
site.

The vulnerabilities are reported in versions prior to 1.0.10.

SOLUTION:
Update to version 1.0.10.

PROVIDED AND/OR DISCOVERED BY:
Reported by the vendor.

ORIGINAL ADVISORY:
http://sourceforge.net/project/shownotes.php?release_id=490831

SECUNIA ADVISORY ID:
SA24058

VERIFY ADVISORY:
http://secunia.com/advisories/24058/

CRITICAL:
Moderately critical

IMPACT:
Cross Site Scripting, Manipulation of data

WHERE:
>From remote

SOFTWARE:
VirtueMart 1.x
http://secunia.com/product/11832/

DESCRIPTION:
Omid has reported some vulnerabilities in VirtueMart, which can be
exploited by malicious people to conduct SQL injection attacks and
cross-site scripting attacks.

1) Input passed to unspecified parameters is not properly sanitised
before being used in SQL queries. This can be exploited to manipulate
SQL queries by injecting arbitrary SQL code.

2) Input passed to unspecified parameters is not properly sanitised
before being returned to the user. This can be exploited to execute
arbitrary HTML and script code in a user's browser session in context
of an affected site.

The vulnerabilities are reported in version 1.0.7. Prior versions may
also be affected.

SOLUTION:
Update to version 1.0.8.

PROVIDED AND/OR DISCOVERED BY:
Omid

ORIGINAL ADVISORY:
http://sourceforge.net/forum/forum.php?forum_id=647996

SECUNIA ADVISORY ID:
SA23563

VERIFY ADVISORY:
http://secunia.com/advisories/23563/

CRITICAL:
Less critical

IMPACT:
Unknown, Cross Site Scripting

WHERE:
>From remote

SOFTWARE:
Joomla! 1.x
http://secunia.com/product/5788/

DESCRIPTION:
Some vulnerabilities have been reported in Joomla!, where some have
unknown impacts and one can be exploited by malicious people to
conduct cross-site scripting attacks.

1) Input passed to an unspecified parameter is not properly sanitised
before being returned to the user. This can be exploited to execute
arbitrary HTML and script code in a user's browser session in context
of an affected site.

2) The vulnerabilities are caused due to unspecified errors in
Joomla!. The vendor describes them as "several low level security
issues". No further information is currently available.

The vulnerabilities are reported in version 1.0.11. Prior versions
may also be affected.

SOLUTION:
Update to version 1.0.12.

PROVIDED AND/OR DISCOVERED BY:
1) Fukumori
2) Reported by the vendor.

ORIGINAL ADVISORY:
1) http://jvn.jp/jp/JVN%2345006961/index.html
2) http://www.joomla.org/content/view/2446/1/

SECUNIA ADVISORY ID:
SA23160

VERIFY ADVISORY:
http://secunia.com/advisories/23160/

CRITICAL:
Moderately critical

IMPACT:
Cross Site Scripting, Exposure of sensitive information

WHERE:
>From remote

SOFTWARE:
JCE Admin Component 1.x (component for Joomla)
http://secunia.com/product/12839/

DESCRIPTION:
Gummiente has discovered some vulnerabilities in the JCE Admin
component for Joomla, which can be exploited by malicious people to
conduct cross-site scripting attacks and disclose sensitive
information.

1) Input passed to the "img", "title", "w", and "h" parameters within
jce.php is not properly sanitised before being returned to the user.
This can be exploited to execute arbitrary HTML and script code in a
user's browser session in context of an affected site.

2) Input passed to the "plugin" and "file" parameters within jce.php
is not properly verified before being used to include files. This can
be exploited to include arbitrary files from local resources.

The vulnerabilities are confirmed in version 1.0.4 with Security
Patch (2006-08-21). Other versions  may also be affected.

SOLUTION:
Edit the source code to ensure that input is properly sanitised and
verified.

PROVIDED AND/OR DISCOVERED BY:
Gummiente