Joomla! Multiple Vulnerabilities

SECUNIA ADVISORY ID:
SA31789

VERIFY ADVISORY:
http://secunia.com/advisories/31789/

CRITICAL:
Moderately critical

IMPACT:
Unknown, Brute force

WHERE:
>From remote

SOFTWARE:
Joomla! 1.x
http://secunia.com/advisories/product/5788/

DESCRIPTION:
Some vulnerabilities and a security issue have been reported in
Joomla!, where some have an unknown impact and others can potentially
be exploited by malicious people to conduct brute force attacks.

1) A security issue is caused due to an error when generating random
numbers and can potentially be exploited to guess a generated token
or password.

2) An input validation error exists within JRequest, which can be
exploited to inject certain characters into returned data.

3) An input validation error exists within the "mailto" component
before sending mails.

The vulnerabilities and security issue are reported in versions prior
to version 1.5.7.

SOLUTION:
Update to version 1.5.7.

PROVIDED AND/OR DISCOVERED BY:
1) The vendor credits Stefan Esser.
2) The vendor credits Andrew Eddie.
3) The vendor credits Phil Taylor.

ORIGINAL ADVISORY:
http://www.joomla.org/announcements/release-news/5212-joomla-157-security-release-now-available.html