SECUNIA ADVISORY ID:
SA21636

VERIFY ADVISORY:
http://secunia.com/advisories/21636/

CRITICAL:
Highly critical

IMPACT:
System access

WHERE:
>From remote

SOFTWARE:
Community Builder 1.x (component for Joomla)
http://secunia.com/product/11706/

DESCRIPTION:
Matdhule has reported a vulnerability in the Community Builder
component for Joomla, which can be exploited by malicious people to
compromise a vulnerable system.

Input passed to the "mosConfig_absolute_path" parameter in
administrator/components/com_comprofiler/plugin.class.php isn't
properly verified, before it is used to include files. This can be
exploited to include arbitrary files from external and local
resources.

Successful exploitation requires that "register_globals" is enabled.

The vulnerability has been reported in versions 1.0 RC 2 and 1.0.
Prior versions may also be affected.

SOLUTION:
Update to version 1.0.1.
http://www.joomlapolis.com/component/option,com_docman/task,cat_view/gid,46/Itemid,36/

PROVIDED AND/OR DISCOVERED BY:
Matdhule

SECUNIA ADVISORY ID:
SA21545

VERIFY ADVISORY:
http://secunia.com/advisories/21545/

CRITICAL:
Highly critical

IMPACT:
System access

WHERE:
>From remote

SOFTWARE:
JIM 1.x (component for Joomla)
http://secunia.com/product/11574/

DESCRIPTION:
XORON has discovered a vulnerability in the JIM component for Joomla,
which can be exploited by malicious people to compromise a vulnerable
system.

Input passed to the "mosConfig_absolute_path" parameter in
components/com_jim/install.jim.php is not properly verified, before
it is used to include files. This can be exploited to include
arbitrary files from external and local resources.

Successful exploitation requires that "register_globals" is enabled.

The vulnerability has been confirmed in version 1.0.1. Other versions
may also be affected.

SOLUTION:
Edit the source code to ensure that the input is properly verified.

Set "register_globals" to "Off".

PROVIDED AND/OR DISCOVERED BY:
XORON

ORIGINAL ADVISORY:
http://milw0rm.com/exploits/2203

SECUNIA ADVISORY ID:
SA21495

VERIFY ADVISORY:
http://secunia.com/advisories/21495/

CRITICAL:
Highly critical

IMPACT:
System access

WHERE:
>From remote

SOFTWARE:
Webring 1.x (component for Joomla)
http://secunia.com/product/11410/

DESCRIPTION:
xoron has discovered a vulnerability in the Webring component for
Joomla, which can be exploited by malicious people to compromise a
vulnerable system.

Input passed to the "component_dir" parameter in
administrator/components/com_webring/admin.webring.docs.php isn't
properly verified, before it is used to include files. This can be
exploited to include arbitrary files from external and local
resources.

Successful exploitation requires that "register_globals" is enabled.

The vulnerability has been confirmed in version 1.0. Other versions
may also be affected.

SOLUTION:
Edit the source code to ensure that input is properly verified.

Set "register_globals" to "Off".

PROVIDED AND/OR DISCOVERED BY:
xoron

ORIGINAL ADVISORY:
http://milw0rm.com/exploits/2177

SECUNIA ADVISORY ID:
SA21389

VERIFY ADVISORY:
http://secunia.com/advisories/21389/

CRITICAL:
Highly critical

IMPACT:
System access

WHERE:
>From remote

SOFTWARE:
JD-Wiki 1.x (component for Joomla)
http://secunia.com/product/11256/

DESCRIPTION:
jank0 has reported a vulnerability in the JD-Wiki component for
Joomla, which can be exploited by malicious people to compromise a
vulnerable system.

Input passed to the "mosConfig_absolute_path" parameter in
components/com_jd-wiki/lib/tpl/default/main.php isn't properly
verified, before it is used to include files. This can be exploited
to include arbitrary files from external and local resources.

Successful exploitation requires that "register_globals" is enabled.

SOLUTION:
Update to version 1.0.3:
http://forge.joomla.org/sf/frs/do/downloadFile/projects.joomladeveloping/frs.joomla_1_0_x.components/frs6415?dl=1

PROVIDED AND/OR DISCOVERED BY:
jank0

ORIGINAL ADVISORY:
http://www.joomladeveloping.org/component/option,com_jd-wp/Itemid,29/p,33/
http://milw0rm.com/exploits/2125

SECUNIA ADVISORY ID:
SA21260

VERIFY ADVISORY:
http://secunia.com/advisories/21260/

CRITICAL:
Highly critical

IMPACT:
System access

WHERE:
>From remote

SOFTWARE:
Security Images 3.x (component for Joomla)
http://secunia.com/product/11186/

DESCRIPTION:
Drago84 has discovered some vulnerabilities in the Security Images
component for Joomla, which can be exploited by malicious people to
compromise a vulnerable system.

Input passed to the "mosConfig_absolute_path" parameter is not
properly verified before being used to include files. This can be
exploited to execute arbitrary PHP code by including files from local
or external resources.

Affected files:
administrator/components/com_securityimages/configinsert.php
administrator/components/com_securityimages/lang.php

Successful exploitation requires that "register_globals" is enabled.

The vulnerabilities have been confirmed in version 3.0.5. Other
version may also be affected.

SOLUTION:
Edit the source code to ensure that input is properly verified.

Set "register_globals" to "Off".

PROVIDED AND/OR DISCOVERED BY:
Drago84

ORIGINAL ADVISORY:
http://milw0rm.com/exploits/2083

SECUNIA ADVISORY ID:
SA21288

VERIFY ADVISORY:
http://secunia.com/advisories/21288/

CRITICAL:
Highly critical

IMPACT:
System access

WHERE:
>From remote

SOFTWARE:
Colophon 1.x (component for Joomla)
http://secunia.com/product/11188/

DESCRIPTION:
Drago84 has discovered a vulnerability in the Colophon component for
Joomla, which can be exploited by malicious people to compromise a
vulnerable system.

Input passed to the "mosConfig_absolute_path" parameter in
administrator/components/com_colophon/admin.colophon.php is not
properly verified before being used to include files. This can be
exploited to execute arbitrary PHP code by including files from local
or external resources.

Successful exploitation requires that "register_globals" is enabled.

The vulnerability has been confirmed in version 1.1 and reported in
version 1.2. Other versions may also be affected.

SOLUTION:
Edit the source code to ensure that input is properly verified.

Set "register_globals" to "Off".

PROVIDED AND/OR DISCOVERED BY:
Drago84

ORIGINAL ADVISORY:
http://milw0rm.com/exploits/2085