SECUNIA ADVISORY ID:
SA32520

VERIFY ADVISORY:
http://secunia.com/advisories/32520/

CRITICAL:
Highly critical

IMPACT:
System access

WHERE:
>From remote

SOFTWARE:
Flash Tree Gallery 1.x (component for Joomla!)
http://secunia.com/advisories/product/20313/

DESCRIPTION:
NoGe has reported a vulnerability in the Flash Tree Gallery component
for Joomla!, which can be exploited by malicious people to compromise
a vulnerable system.

Input passed to the "mosConfig_live_site" parameter in
administrator/components/com_treeg/admin.treeg.php is not properly
verified before being used to include files. This can be exploited to
include arbitrary files from local or external resources.

Successful exploitation requires that "register_globals" is enabled.

The vulnerability is reported in version 1.0. Other versions may also
be affected.

SOLUTION:
Edit the source code to ensure that input is properly verified.

PROVIDED AND/OR DISCOVERED BY:
NoGe

ORIGINAL ADVISORY:
http://milw0rm.com/exploits/6928

SECUNIA ADVISORY ID:
SA32367

VERIFY ADVISORY:
http://secunia.com/advisories/32367/

CRITICAL:
Moderately critical

IMPACT:
Exposure of system information, Exposure of sensitive information

WHERE:
>From remote

SOFTWARE:
RWCards 3.x (component for Joomla)
http://secunia.com/advisories/product/20228/

DESCRIPTION:
Vrs-hCk has discovered a vulnerability in the RWCards component for
Joomla!, which can be exploited by malicious people to disclose
sensitive information.

Input passed to the "img" parameter in captcha/captcha_image.php is
not properly sanitised before being used. This can be exploited to
display arbitrary files via directory traversal attacks and
URL-encoded NULL bytes.

Successful exploitation requires that "magic_quotes_gpc" is
disabled.

The vulnerability is confirmed in version 3.0.11. Other versions may
also be affected.

SOLUTION:
Edit the source code to ensure that input is properly sanitised.

PROVIDED AND/OR DISCOVERED BY:
Vrs-hCk

ORIGINAL ADVISORY:
http://milw0rm.com/exploits/6817

SECUNIA ADVISORY ID:
SA32381

VERIFY ADVISORY:
http://secunia.com/advisories/32381/

CRITICAL:
Less critical

IMPACT:
Exposure of system information

WHERE:
>From remote

SOFTWARE:
Archaic Binary 1.x (component for Joomla)
http://secunia.com/advisories/product/20238/

DESCRIPTION:
H!tm@N has discovered a vulnerability in the Archaic Binary component
for Joomla, which can be exploited by malicious people to disclose
system information.

Input passed to the "gallery" parameter in index.php (when "option"
is set to "com_ab_gallery") is not properly sanitised before being
used. This can be exploited to display the contents of directories
via directory traversal attacks.

This vulnerability is confirmed in version 1.0. Other versions may
also be affected.

SOLUTION:
Edit the source code to ensure that input is properly sanitised.

PROVIDED AND/OR DISCOVERED BY:
H!tm@N

ORIGINAL ADVISORY:
http://milw0rm.com/exploits/6826

SECUNIA ADVISORY ID:
SA32365

VERIFY ADVISORY:
http://secunia.com/advisories/32365/

CRITICAL:
Moderately critical

IMPACT:
Manipulation of data

WHERE:
>From remote

SOFTWARE:
KBase 1.x (component for Joomla)
http://secunia.com/advisories/product/20234/

DESCRIPTION:
H!tm@N has discovered a vulnerability in the KBase component for
Joomla!, which can be exploited by malicious people to conduct SQL
injection attacks.

Input passed to the "id" parameter in the Joomla! installation's
index.php script (when "option" is set to "com_kbase" and "view" to
"article") is not properly sanitised before being used in SQL
queries. This can be exploited to manipulate SQL queries by injecting
arbitrary SQL code.

The vulnerability is confirmed in version 1.2. Other versions may
also be affected.

SOLUTION:
Edit the source code to ensure that input is properly sanitised.

PROVIDED AND/OR DISCOVERED BY:
H!tm@N

ORIGINAL ADVISORY:
http://milw0rm.com/exploits/6827

SECUNIA ADVISORY ID:
SA32377

VERIFY ADVISORY:
http://secunia.com/advisories/32377/

CRITICAL:
Moderately critical

IMPACT:
Exposure of system information, Exposure of sensitive information

WHERE:
>From remote

SOFTWARE:
ionFiles 4.x (component for Joomla)
http://secunia.com/advisories/product/20215/

DESCRIPTION:
Vrs-hCk has discovered a vulnerability in the ionFiles component for
Joomla!, which can be exploited by malicious people to disclose
sensitive information.

Input passed to the "file" parameter in download.php (when "download"
is set to "1") is not properly sanitised before being used. This can
be exploited to download arbitrary files via directory traversal
attacks.

The vulnerability is confirmed in version 4.4.2. Other versions may
also be affected.

SOLUTION:
Edit the source code to ensure that input is properly sanitised.

PROVIDED AND/OR DISCOVERED BY:
Vrs-hCk

ORIGINAL ADVISORY:
http://milw0rm.com/exploits/6809

SECUNIA ADVISORY ID:
SA32321

VERIFY ADVISORY:
http://secunia.com/advisories/32321/

CRITICAL:
Moderately critical

IMPACT:
Manipulation of data

WHERE:
>From remote

SOFTWARE:
DS-Syndicate 1.x (component for Joomla)
http://secunia.com/advisories/product/20188/

DESCRIPTION:
boom3rang has discovered a vulnerability in the DS-Syndicate
component for Joomla!, which can be exploited by malicious people to
conduct SQL injection attacks.

Input passed to the "feed_id" parameter in the Joomla! installation's
index.php script (when "option" is set to "ds-syndicate" and "version"
to "1") is not properly sanitised before being used in SQL queries.
This can be exploited to manipulate SQL queries by injecting
arbitrary SQL code.

The vulnerability is confirmed in version 1.1.1. Other versions may
also be affected.

SOLUTION:
Edit the source code to ensure that input is properly sanitised.

PROVIDED AND/OR DISCOVERED BY:
boom3rang

ORIGINAL ADVISORY:
http://milw0rm.com/exploits/6792