SECUNIA ADVISORY ID:
SA39392

VERIFY ADVISORY:
http://secunia.com/advisories/39392/

DESCRIPTION:
A vulnerability has been discovered in the World Rates component for
Joomla!, which can be exploited by malicious people to disclose
sensitive information.

Input passed via the "controller" parameter to index.php (when
"option" is set to "com_worldrates") is not properly verified before
being used to include files. This can be exploited to include
arbitrary files from local resources via directory traversal
sequences and URL-encoded NULL bytes.

SOLUTION:
Edit the source code to ensure that input is properly sanitised.

PROVIDED AND/OR DISCOVERED BY:
AntiSecurity

SECUNIA ADVISORY ID:
SA39417

VERIFY ADVISORY:
http://secunia.com/advisories/39417/

DESCRIPTION:
A vulnerability has been discovered in the JoomMail component for
Joomla, which can be exploited by malicious people to disclose
potentially sensitive information.

Input passed to the "controller" parameter in index.php (when
"option" is set to "com_joommail") is not properly verified before
being used to include files. This can be exploited to include
arbitrary files from local resources via directory traversal attacks
and URL-encoded NULL bytes.

The vulnerability is confirmed in version 1.0. Other versions may
also be affected.

SOLUTION:
Edit the source code to ensure that input is properly verified.

PROVIDED AND/OR DISCOVERED BY:
AntiSecurity

SECUNIA ADVISORY ID:
SA39416

VERIFY ADVISORY:
http://secunia.com/advisories/39416/

DESCRIPTION:
A vulnerability has been discovered in the Digital Diary component
for Joomla, which can be exploited by malicious people to disclose
potentially sensitive information.

Input passed to the "controller" parameter in index.php (when
"option" is set to "com_diary") is not properly verified before being
used to include files. This can be exploited to include arbitrary
files from local resources via directory traversal attacks and
URL-encoded NULL bytes.

The vulnerability is confirmed in version 1.5.0. Other versions may
also be affected.

SOLUTION:
Edit the source code to ensure that input is properly verified.

PROVIDED AND/OR DISCOVERED BY:
AntiSecurity

SECUNIA ADVISORY ID:
SA39415

VERIFY ADVISORY:
http://secunia.com/advisories/39415/

DESCRIPTION:
A vulnerability has been discovered in the My Files component for
Joomla, which can be exploited by malicious people to disclose
potentially sensitive information.

Input passed to the "controller" parameter in index.php (when
"option" is set to "com_myfiles") is not properly verified before
being used to include files. This can be exploited to include
arbitrary files from local resources via directory traversal attacks
and URL-encoded NULL bytes.

The vulnerability is confirmed in version 1.0. Other versions may
also be affected.

SOLUTION:
Edit the source code to ensure that input is properly verified.

PROVIDED AND/OR DISCOVERED BY:
AntiSecurity

SECUNIA ADVISORY ID:
SA39414

VERIFY ADVISORY:
http://secunia.com/advisories/39414/

DESCRIPTION:
A vulnerability has been discovered in the Online Exam component for
Joomla, which can be exploited by malicious people to disclose
potentially sensitive information.

Input passed to the "controller" parameter in index.php (when
"option" is set to "com_onlineexam") is not properly verified before
being used to include files. This can be exploited to include
arbitrary files from local resources via directory traversal attacks
and URL-encoded NULL bytes.

The vulnerability is confirmed in version 1.5.0. Other versions may
also be affected.

SOLUTION:
Edit the source code to ensure that input is properly verified.

PROVIDED AND/OR DISCOVERED BY:
AntiSecurity

SECUNIA ADVISORY ID:
SA39385

VERIFY ADVISORY:
http://secunia.com/advisories/39385/

DESCRIPTION:
Some vulnerabilities have been reported in the SermonSpeaker
component for Joomla!, which can be exploited by malicious people to
conduct SQL injection attacks.

Input passed via the "id" parameter to index.php (when "option" is
set to "com_sermonspeaker" and "task" is set to e.g. "latest_sermons"
or "speakerpopup") is not properly sanitised before being used in SQL
queries. This can be exploited to manipulate SQL queries by injecting
arbitrary SQL code.

NOTE: Other parameters may also be affected.

The vulnerabilities are reported in versions prior to 3.2.1.

SOLUTION:
Update to version 3.2.1.

PROVIDED AND/OR DISCOVERED BY:
The vendor credits Samara Hart.

ORIGINAL ADVISORY:
http://joomlacode.org/gf/project/sermon_speaker/news/?action=NewsThreadView&id=2549