SECUNIA ADVISORY ID:
SA40565

VERIFY ADVISORY:
Secunia.com
http://secunia.com/advisories/40565/
Customer Area (Credentials Required)
https://ca.secunia.com/?page=viewadvisory&vuln_id=40565

RELEASE DATE:
2010-07-14
DESCRIPTION:
A vulnerability has been reported in the SocialAds component for
Joomla, which can be exploited by malicious users to conduct script
insertion attacks.

Input passed via the "addata[][ad_body]" parameter to index.php (when
"option" is set to "com_socialads", "view" is set to "buildad", and
"Itemid" is set to a valid value) when creating an advertisement is
not properly sanitised before being used. This can be exploited to
insert arbitrary HTML and script code, which will be executed in a
user's browser session in context of an affected site when the
malicious data is being viewed.

The vulnerability is reported in versions prior to 1.0.1.

SOLUTION:
Update to version 1.0.1.

PROVIDED AND/OR DISCOVERED BY:
Sid3^effects
 

SECUNIA ADVISORY ID:
SA40559

VERIFY ADVISORY:
Secunia.com
http://secunia.com/advisories/40559/
Customer Area (Credentials Required)
https://ca.secunia.com/?page=viewadvisory&vuln_id=40559

RELEASE DATE:
2010-07-14
DESCRIPTION:
A vulnerability has been reported in the InstantPhp Jobs component
for Joomla, which can be exploited by malicious people to conduct SQL
injection attacks.

Input passed via the "detailed_results" parameter to index.php (when
"option" is set to "com_jobs", "task" is set to "search_jobs", and
"search_word" is set to any value) is not properly sanitised before
being used in a SQL query. This can be exploited to manipulate SQL
queries by injecting arbitrary SQL code.

The vulnerability is reported in version 1.3.2. Other versions may
also be affected.

SOLUTION:
Update to version 1.3.3.

PROVIDED AND/OR DISCOVERED BY:
Sid3^effects
 

SECUNIA ADVISORY ID:
SA40538

VERIFY ADVISORY:
Secunia.com
http://secunia.com/advisories/40538/
Customer Area (Credentials Required)
https://ca.secunia.com/?page=viewadvisory&vuln_id=40538

RELEASE DATE:
2010-07-12
DESCRIPTION:
Multiple vulnerabilities have been discovered in the Rapid Recipe
component for Joomla, which can be exploited by malicious users to
conduct script insertion attacks.

Input passed via the "introtext", "ingredients", "steps", and
"recipecomment" parameters to index.php (when "option" is set to
"com_rapidrecipe" and "page" is set to "submitrecipe") when adding a
recipe is not properly sanitised before being used. This can be
exploited to insert arbitrary HTML and script code, which will be
executed in a user's browser session in context of an affected site
when the malicious data is being viewed.

The vulnerabilities are confirmed in version 1.7.2. Other versions
may also be affected.

SOLUTION:
Edit the source code to ensure that input is properly sanitised.

PROVIDED AND/OR DISCOVERED BY:
Sid3^effects
 

SECUNIA ADVISORY ID:
SA40535

VERIFY ADVISORY:
Secunia.com
http://secunia.com/advisories/40535/
Customer Area (Credentials Required)
https://ca.secunia.com/?page=viewadvisory&vuln_id=40535

RELEASE DATE:
2010-07-12
DESCRIPTION:
A vulnerability has been discovered in the redSHOP component for
Joomla, which can be exploited by malicious people to conduct SQL
injection attacks.

Input passed via the "pid" parameter to index.php (when "option" is
set to "com_redshop" and "view" is set to "product") is not properly
sanitised before being used in a SQL query. This can be exploited to
manipulate SQL queries by injecting arbitrary SQL code.

The vulnerability is confirmed in version 1.0 RC1. Other versions may
also be affected.

SOLUTION:
Edit the source code to ensure that input is properly sanitised.

PROVIDED AND/OR DISCOVERED BY:
v3n0m
 

Joomla! ได้ประกาศเวอร์ชันใหม่ออกมาแล้ว คือ Joomla 1.6 เบต้า 5 (ดาวน์โหลดที่นี่) หมายเหตุ: รุ่นเบต้านี้ยังไม่สามารถทำงานได้กับส่วนเสริมอื่นๆ ไม่แนะนำให้ใช้ทำเว็บไซต์จริง ซึ่งออกมาเพื่อที่จะใช้สำหรับการทดลอง และประเมินผลเท่านั้น

ตั้งแต่ Joomla 1.6 beta 4 ถูกปล่อยออกมาเมื่อวันที่ 28 มิถุนายน ทางทีมได้ทำการแก้ไขไปแล้ว 65 ปัญหาจากที่ได้มีการรายงานเข้ามา ดังนั้นความก้าวหน้าในรุ่นนี้ จะเกี่ยวข้องกับการแก้ไขให้ทำงานได้ดียิ่งขึ้นจากความพยายามของทีม Joomla! Bug Squad ดังนั้นเราขอบคุณสำหรับการทำงานหนักของทีม ซึ่งทำให้การทำงานของระบบมั่นคงขึ้น!

คุณสามารถดูรายละเอียดของการเปลี่ยนแปลงในรุ่นนี้จากในไฟล์ CHANGELOG.php

ถัดจากนี้ไป จะมีอะไร?

SECUNIA ADVISORY ID:
SA40449

VERIFY ADVISORY:
Secunia.com
http://secunia.com/advisories/40449/
Customer Area (Credentials Required)
https://ca.secunia.com/?page=viewadvisory&vuln_id=40449

RELEASE DATE:
2010-07-07
DESCRIPTION:
A vulnerability has been discovered in the AutarTimonial component
for Joomla, which can be exploited by malicious people to conduct SQL
injection attacks.

Input passed via the "limit" parameter to index.php (when "option" is
set to "com_autartimonial") is not properly sanitised before being
used in a SQL query. This can be exploited to manipulate SQL queries
by injecting arbitrary SQL code.

The vulnerability is confirmed in version 1.0.8. Other versions may
also be affected.

SOLUTION:
Edit the source code to ensure that input is properly sanitised.

PROVIDED AND/OR DISCOVERED BY:
Sid3^effects