DESCRIPTION:
A vulnerability has been discovered in the VirtueMart component for
Joomla!, which can be exploited by malicious users to conduct SQL
injection attacks.
Input passed via the "virtuemart_userinfo_id" POST parameter to
index.php/virtue-mart-edit-address (when "option" is set to
"com_virtuemart") is not properly sanitised before being used in a
SQL query. This can be exploited to manipulate SQL queries by
injecting arbitrary SQL code.
The vulnerability has been confirmed in version 2.0.2. Other versions
may also be affected.
SOLUTION:
Edit the source code to ensure that input is properly sanitised.
PROVIDED AND/OR DISCOVERED BY:
renangbarreto
ORIGINAL ADVISORY:
http://forum.virtuemart.net/index.php?topic=99999.0
DESCRIPTION:
A security issue and a vulnerability have been reported in Joomla!,
which can be exploited by malicious people to disclose potentially
sensitive information and conduct cross-site scripting attacks.
1) An error related to insufficient permission checking can be
exploited to disclose certain information from the administration
backend.
2) Certain input passed via the update manager is not properly
sanitised before being returned to the user. This can be exploited to
execute arbitrary HTML and script code in a user's browser session in
context of an affected site.
The security issue and vulnerability are reported in versions prior
to 2.5.4.
SOLUTION:
Update to version 2.5.4.
PROVIDED AND/OR DISCOVERED BY:
The vendor credits:
1) Cyrille Barthelemy.
2) Alex Andreae.
ORIGINAL ADVISORY:
http://www.joomla.org/announcements/release-news/5418-joomla-254-released.htmlhttp://developer.joomla.org/security/news/399-20120308-core-xss-vulnerabilityhttp://developer.joomla.org/security/news/9-security/10-core-security/397-20120306-core-information-disclosure
สำหรับท่านที่สนใจจะใช้บริการของทางบริษัท มาร์เวลิค เอ็นจิ้น ในการดูแลอับเดด Patch ให้กับเว็บไซต์ของท่าน สามารถติดต่อสอบถามค่าบริการได้ที่ This email address is being protected from spambots. You need JavaScript enabled to view it. ครับ
DESCRIPTION:
A security issue and a vulnerability have been reported in Joomla!,
which can be exploited by malicious people to bypass certain security
restrictions.
1) Input passed via the "jform[groups]" parameter to index.php when
registering a new user is not properly verified before storing in the
session variable. This can be exploited to register a new user with
administrator privileges.
2) The security issue is caused due to the password generation
algorithm generating predictable passwords, which can be exploited to
guess a generated password when e.g. a password reset for a user is
triggered.
The security issue and vulnerability are reported in versions 2.5.0
through 2.5.2.
SOLUTION:
Update to version 2.5.3.
PROVIDED AND/OR DISCOVERED BY:
1) Jeff Channel.
2) The vendor credits George Argyros and Aggelos Kiayias.
ORIGINAL ADVISORY:
http://www.joomla.org/announcements/release-news/5416-joomla-253-released.htmlhttp://jeffchannell.com/Joomla/joomla-161725-privilege-escalation-vulnerability.html
ขณะนี้ ทีมพัฒนา Joomla ได้ออก Joomla 2.5.4 มาเรียบร้อยแล้ว ซึ่งทีม Joomla Bug Squad ได้ทำการแก้ไข Bug ที่พบไปจำนวนมาก สามารถดูรายละเอียดการแก้ไขข้อผิดพลาดได้ที่ 
