SECUNIA ADVISORY ID:
SA22142

VERIFY ADVISORY:
http://secunia.com/advisories/22142/

CRITICAL:
Moderately critical

IMPACT:
Cross Site Scripting, Manipulation of data

WHERE:
>From remote

SOFTWARE:
BSQ Sitestats 2.x (component for Joomla)
http://secunia.com/product/12257/
BSQ Sitestats 1.x (component for Joomla)
http://secunia.com/product/11854/

DESCRIPTION:
Secunia Research has discovered some vulnerabilities in the BSQ
Sitestats component for Joomla, which can be exploited by malicious
people to conduct script insertion or SQL injection attacks.

1) Input passed via the "HTTP Referer" Header is not properly
sanitised before being used. This can be exploited to insert
arbitrary HTML and script code, which is executed in an
administrative user's browser session in context of an affected site
when the site statistics are viewed.

2) Input passed via the URI string is not properly sanitised before
being used in SQL queries. This can be exploited to manipulate SQL
queries by injecting arbitrary SQL code.

Successful exploitation requires that "magic_quotes_gpc" is
disabled.

The vulnerabilities are confirmed in version 1.8.0 and 2.2.1. Other
versions may also be affected.

SOLUTION:
The vulnerabilities have been fixed in version 2.2.2.

PROVIDED AND/OR DISCOVERED BY:
Sven Krewitt, Secunia Research.

ORIGINAL ADVISORY:
Secunia Research:
http://secunia.com/secunia_research/2006-65/

SECUNIA ADVISORY ID:
SA22162

VERIFY ADVISORY:
http://secunia.com/advisories/22162/

CRITICAL:
Less critical

IMPACT:
Cross Site Scripting

WHERE:
>From remote

SOFTWARE:
VirtueMart Joomla! eCommerce Edition 1.x
http://secunia.com/product/12169/

DESCRIPTION:
Adrian Castro has discovered a vulnerability in VirtueMart Joomla!
eCommerce Edition, which can be exploited by malicious people to
conduct cross-site scripting attacks.

Input passed to the "Itemid" parameter in index.php isn't properly
sanitised before being returned to the user. This can be exploited to
execute arbitrary HTML and script code in a user's browser session in
context of an affected site.

Example:
http://[host]/index.php?option=com_contact&Itemid=[code]

The vulnerability has been confirmed in version 1.0.11. Other
versions may also be affected.

SOLUTION:
Edit the source code to ensure that input is properly sanitised.

PROVIDED AND/OR DISCOVERED BY:
Adrian Castro

SECUNIA ADVISORY ID:
SA21859

VERIFY ADVISORY:
http://secunia.com/advisories/21859/

CRITICAL:
Highly critical

IMPACT:
Cross Site Scripting, Manipulation of data, System access

WHERE:
>From remote

SOFTWARE:
BSQ Sitestats 1.x (component for Joomla)
http://secunia.com/product/11854/

DESCRIPTION:
Secunia Research has discovered some vulnerabilities in the BSQ
Sitestats component for Joomla, which can be exploited by malicious
people to conduct cross-site scripting and SQL injection attacks, and
to compromise a vulnerable system.

1) Input passed to the "ip" form field parameter when performing an
IP Address Lookup is not properly sanitised before being returned to
the user. This can be exploited to execute arbitrary HTML and script
code in a logged in administrator's browser session in context of an
affected site.

2) Input passed to multiple parameters when importing the
ip-to-country.csv file is not properly sanitised before being used in
a SQL query. This can be exploited to manipulate SQL queries by
injecting arbitrary SQL code when an administrator is tricked into
importing a malicious ip-to-country.csv file.

3) Input passed via the "HTTP Referer", the "HTTP User Agent", and
the "HTTP Accept Language" Header in bsqtemplateinc.php is not
properly sanitised before being used in SQL queries. This can be
exploited to manipulate SQL queries by injecting arbitrary SQL code.

Successful exploitation requires that "magic_quotes_gpc" is
disabled.

4) Input passed to the "baseDir" parameter in
components/com_bsq_sitestats/external/rssfeeds.php is not properly
verified before being used to include files. This can be exploited to
execute arbitrary PHP code by including files from local or external
resources.

Successful exploitation requires that "register_globals" is enabled.

The vulnerabilities have been confirmed in version 1.8.0. Other
versions may also be affected.

SOLUTION:
Update to version 2.2.1.

PROVIDED AND/OR DISCOVERED BY:
Sven Krewitt, Secunia Research.

ORIGINAL ADVISORY:
http://secunia.com/secunia_research/2006-63/

SECUNIA ADVISORY ID:
SA22125

VERIFY ADVISORY:
http://secunia.com/advisories/22125/

CRITICAL:
Less critical

IMPACT:
Cross Site Scripting

WHERE:
>From remote

SOFTWARE:
FacileForms 1.x
http://secunia.com/product/11829/

DESCRIPTION:
A vulnerability has been reported in FacileForms, which can be
exploited by malicious people to conduct cross-site scripting
attacks.

Input passed to an unspecified parameter is not properly sanitised
before being returned to the user. This can be exploited to execute
arbitrary HTML and script code in a user's browser session in context
of an affected site.

Successful exploitation requires that the "register_globals" setting
of PHP or the "RG_EMULATION" setting of Joomla/Mambo is enabled.

SOLUTION:
Update to version 1.4.7 or apply patch.
http://www.facileforms.biz/component/option,com_docman/task,cat_view/gid,89/Itemid,96/

PROVIDED AND/OR DISCOVERED BY:
Reported by the vendor.

ORIGINAL ADVISORY:
http://www.facileforms.biz/content/view/108/140/

SECUNIA ADVISORY ID:
SA21666

VERIFY ADVISORY:
http://secunia.com/advisories/21666/

CRITICAL:
Moderately critical

IMPACT:
Unknown, Security Bypass, Cross Site Scripting

WHERE:
>From remote

SOFTWARE:
Joomla! 1.x
http://secunia.com/product/5788/

DESCRIPTION:
Some vulnerabilities have been reported in Joomla!, where some have
unknown impacts, and others can be exploited by malicious people to
conduct cross-site scripting attacks and bypass certain security
restrictions.

1) Some input validation errors exists in the "mosMail()" and
"JosIsValidEmail()" functions.

2) An unspecified error exists in PEAR.php.

3) An unspecified error exists due to globals.php not being included
in administrator/index.php.

4) Insufficient access control checks exists due to missing defined(
'_VALID_MOS' ) checks and certain errors in the Admin "Upload Image",
Admin "Popups",  and "com_content"  functionalities.

5) Certain unspecified errors in the "do_pdf" functionality and in
the handling of the emailform com_content task can be exploited to
bypass the user authentication process.

6) Some unspecified input passed via the Admin "Module Manager",
Admin "Help", and Search functionalities isn't properly sanitised
before being returned to the user. This can be exploited to execute
arbitrary HTML and script code in a user's browser session in context
of an affected site.
 
Some other security related issues have also been reported.

The vulnerabilities have been reported in versions prior to 1.0.11.

SOLUTION:
Update to version 1.0.11.
http://forge.joomla.org/sf/frs/do/viewRelease/projects.joomla/frs.joomla_1_0.1_0_11

PROVIDED AND/OR DISCOVERED BY:
Reported by the vendor.

ORIGINAL ADVISORY:
http://www.joomla.org/content/view/1843/74/

SECUNIA ADVISORY ID:
SA21665

VERIFY ADVISORY:
http://secunia.com/advisories/21665/

CRITICAL:
Less critical

IMPACT:
Manipulation of data

WHERE:
>From remote

SOFTWARE:
Joomla! 1.x
http://secunia.com/product/5788/

DESCRIPTION:
A vulnerability has been discovered in Joomla!, which can be
exploited by malicious users to conduct SQL injection attacks.

For more information:
SA21644

The vulnerability has been confirmed in version 1.0.10. Other
versions may also be affected.

SOLUTION:
Edit the source code to ensure that input is properly sanitised.

Grant only trusted users "Editor" privileges.

OTHER REFERENCES:
SA21644:
http://secunia.com/advisories/21644/