SECUNIA ADVISORY ID:
SA49613

VERIFY ADVISORY:
Secunia.com
http://secunia.com/advisories/49613/
Customer Area (Credentials Required)
https://ca.secunia.com/?page=viewadvisory&vuln_id=49613

RELEASE DATE:
2012-06-18
DESCRIPTION:
Sammy Forgit has discovered a vulnerability in the Maian Media
component for Joomla!, which can be exploited by malicious people to
compromise a vulnerable system.

The vulnerability is caused due to the
administrator/components/com_maianmedia/utilities/charts/php-ofc-library/ofc_upload_image.php
script allowing the upload of files with arbitrary extensions to a
folder inside the webroot. This can be exploited to execute arbitrary
PHP code by uploading a malicious PHP script.

The vulnerability is confirmed in version 1.5.8.4. Other versions may
also be affected.

SOLUTION:
Restrict access to the
administrator/components/com_maianmedia/utilities/charts/php-ofc-library/ofc_upload_image.php
script (e.g. via .htaccess).

PROVIDED AND/OR DISCOVERED BY:
Sammy Forgit, OpenSysCom.

ORIGINAL ADVISORY:
http://www.opensyscom.fr/Actualites/joomla-components-maian-media-arbitrary-file-upload-vulnerability.html
 

ทีม Joomla! Project ได้ปล่อย Joomla 2.5.5 ออกมาให้ได้ใช้งานเป็นการเร่งด่วน ซึ่งมีการแก้ไขเกี่ยวกับเรื่องความปลอดภัยจากเวอร์ชันที่ถูกปล่อยออกมาก่อนหน้านี้ เป้าหมายที่ยิ่งใหญ่ของทีมผ่ายผลิต คือการให้ความช่วยเหลือต่อไปอย่างสม่ำเสมอ เพื่อชุมชน Joomla. ท่านสามารถเรียนรู้เพิ่มเติมเกี่ยวกับ Joomla! Developement ที่เว็บไซต์นักพัฒนา.

ขั้นตอนการปรับปรุงนั้นง่ายมาก และคำแนะนำที่สมบูรณ์มีอยู่ที่นี่ โปรดทราบว่าตอนนี้มีวิธีการที่ง่ายและดีกว่าการปรับปรุง FTPing ไฟล์

SECUNIA ADVISORY ID:
SA49535

VERIFY ADVISORY:
Secunia.com
http://secunia.com/advisories/49535/
Customer Area (Credentials Required)
https://ca.secunia.com/?page=viewadvisory&vuln_id=49535

RELEASE DATE:
2012-06-14
DESCRIPTION:
Sammy Forgit has reported a vulnerability in the Easy Flash Uploader
module for Joomla!, which can be exploited by malicious people to
compromise a vulnerable system.

The vulnerability is caused due to the
plugins/content/efup_files/helper.php script allowing the upload of
files with arbitrary extensions to a folder inside the webroot. This
can be exploited to execute arbitrary PHP code by uploading a
malicious PHP script.

The vulnerability is reported in version 2.0. Prior versions may also
be affected.

SOLUTION:
Update to version 2.1.

PROVIDED AND/OR DISCOVERED BY:
Sammy Forgit, OpenSysCom

ORIGINAL ADVISORY:
Easy Flash Uploader:
https://www.valorapps.com/12-notices/27-easy-flash-uploader-version-2-1-is-released.html
 

SECUNIA ADVISORY ID:
SA49531

VERIFY ADVISORY:
Secunia.com
http://secunia.com/advisories/49531/
Customer Area (Credentials Required)
https://ca.secunia.com/?page=viewadvisory&vuln_id=49531

RELEASE DATE:
2012-06-13
DESCRIPTION:
Sammy Forgit has discovered a vulnerability in the Art Uploader
module for Joomla!, which can be exploited by malicious people to
compromise a vulnerable system.

The vulnerability is caused due to the
modules/mod_artuploader/upload.php script allowing the upload of
files with arbitrary extensions to a folder inside the webroot. This
can be exploited to execute arbitrary PHP code by uploading a
malicious PHP script.

The vulnerability is confirmed in version 1.0.1. Other versions may
also be affected.

SOLUTION:
Restrict access to the modules/mod_artuploader/upload.php script
(e.g. via .htaccess).

PROVIDED AND/OR DISCOVERED BY:
Sammy Forgit, OpenSysCom.

ORIGINAL ADVISORY:
OpenSysCom:
http://www.opensyscom.fr/Actualites/joomla-modules-art-uploader-arbitrary-file-upload-vulnerability.html
 

SECUNIA ADVISORY ID:
SA46365

VERIFY ADVISORY:
Secunia.com
http://secunia.com/advisories/46365/
Customer Area (Credentials Required)
https://ca.secunia.com/?page=viewadvisory&vuln_id=46365

RELEASE DATE:
2012-05-21

DESCRIPTION:
Secunia Research has discovered two vulnerabilities in the JCE
component for Joomla!, which can be exploited by malicious users to
bypass certain security restrictions and by malicious people to
conduct cross-site scripting attacks.

1) Input passed to the "search" parameter in administrator/index.php
(when "option" is set to "com_jce" and "view" is set to "users") is
not properly sanitised before being returned to the user. This can be
exploited to execute arbitrary HTML and script code in a user's
browser session in context of an affected site.

2) An error due to the
components/com_jce/editor/extensions/browser/file.php script not
properly verifying requests to rename files can be exploited to
rename e.g. core Joomla! configuration files, resulting in the
application becoming unavailable.

Successful exploitation of this vulnerability requires "Author"
privileges.

The vulnerabilities are confirmed in version 2.1.0. Other versions
may also be affected.

SOLUTION:
Update to version 2.1.3.

PROVIDED AND/OR DISCOVERED BY:
Jon Butler, Secunia.

ORIGINAL ADVISORY:
JCE:
http://www.joomlacontenteditor.net/news/item/jce-213-released?category_id=32
 

SECUNIA ADVISORY ID:
SA49206

VERIFY ADVISORY:
Secunia.com
http://secunia.com/advisories/49206/
Customer Area (Credentials Required)
https://ca.secunia.com/?page=viewadvisory&vuln_id=49206

RELEASE DATE:
2012-05-16
DESCRIPTION:
Secunia Research has discovered two vulnerabilities in the JCE
component for Joomla!, which can be exploited by malicious users to
compromise a vulnerable system and by malicious people to conduct
cross-site scripting attacks.

1) Input passed to the "search" parameter in administrator/index.php
(when "option" is set to "com_jce" and "view" is set to "profiles")
is not properly sanitised before being returned to the user. This can
be exploited to execute arbitrary HTML and script code in a user's
browser session in context of an affected site.

2) An error due to the
components/com_jce/editor/extensions/browser/file.php script (when
"chunk" is set to a value greater than "0") not properly verifying
uploaded files can be exploited to execute arbitrary PHP code by
uploading a PHP file with e.g. a ".jpg.pht" file extension.

Successful exploitation of this vulnerability requires "Author"
privileges.

The vulnerabilities are confirmed in version 2.0.21. Prior versions
may also be affected.

SOLUTION:
Update to version 2.1.0.

PROVIDED AND/OR DISCOVERED BY:
Jon Butler, Secunia.

ORIGINAL ADVISORY:
Secunia Research:
http://secunia.com/secunia_research/2012-14/
http://secunia.com/secunia_research/2012-15/

JCE:
http://www.joomlacontenteditor.net/news/item/jce-21-released?category_id=32