Joomla! News

Joomla! Section Manager Script Insertion

SECUNIA ADVISORY ID:
SA25804

VERIFY ADVISORY:
http://secunia.com/advisories/25804/

CRITICAL:
Less critical

IMPACT:
Cross Site Scripting

WHERE:
>From remote

SOFTWARE:
Joomla! 1.x
http://secunia.com/product/5788/

DESCRIPTION:
Cindy Chee has discovered a vulnerability in Joomla!, which can be
exploited by malicious people to conduct cross-site scripting
attacks.

Input passed to the "Title" and "Section Name" form fields when
creating new sections in Section Manager is not properly sanitised
before being stored. This can be exploited to insert arbitrary HTML
and script code, which is executed in a user's browser session in
context of an affected site when the data is viewed.

Successful exploitation requires that the target user has valid
administrator credentials.

The vulnerability is confirmed in version 1.0.12. Other versions may
also be affected.

SOLUTION:
Do not browse untrusted sites when logged in as administrator.

PROVIDED AND/OR DISCOVERED BY:
Cindy Chee

ORIGINAL ADVISORY:
http://joomlacode.org/gf/project/joomla/tracker/?action=TrackerItemEdit&tracker_item_id=5654

VirtueMart Unspecified SQL Injection Vulnerability

SECUNIA ADVISORY ID:
SA25698

VERIFY ADVISORY:
http://secunia.com/advisories/25698/

CRITICAL:
Moderately critical

IMPACT:
Manipulation of data

WHERE:
>From remote

SOFTWARE:
VirtueMart 1.x
http://secunia.com/product/11832/

DESCRIPTION:
A vulnerability has been reported in VirtueMart, which can be
exploited by malicious people to conduct SQL injection attacks.

Input passed to unspecified parameters is not properly sanitised
before being used in SQL queries. This can be exploited to manipulate
SQL queries by injecting arbitrary SQL code.

The vulnerability is reported in versions prior to 1.0.11.

SOLUTION:
Update to version 1.0.11.

PROVIDED AND/OR DISCOVERED BY:
Reported by the vendor.

ORIGINAL ADVISORY:
http://virtuemart.net/index.php?option=com_content&task=view&id=250&Itemid=57
http://sourceforge.net/project/shownotes.php?release_id=516206

Joomla Component D4J eZine "article" SQL Injection Vulnerability

SECUNIA ADVISORY ID:
SA24675

VERIFY ADVISORY:
http://secunia.com/advisories/24675/

CRITICAL:
Moderately critical

IMPACT:
Manipulation of data

WHERE:
>From remote

SOFTWARE:
D4J eZine (Component for Joomla) 2.x
http://secunia.com/product/13798/

DESCRIPTION:
ajann has reported a vulnerability in D4J eZine, which can be
exploited by malicious people to conduct SQL injection attacks.

Input passed to the "article" parameter to the com_ezine component is
not properly sanitised before being used in SQL queries. This can be
exploited by malicious people to manipulate SQL queries by injecting
arbitrary SQL code.

The vulnerability is reported in version 2.8. Other versions may also
be affected.

SOLUTION:
Filter malicious input (e.g. using mod_security).

PROVIDED AND/OR DISCOVERED BY:
ajann

ORIGINAL ADVISORY:
http://milw0rm.com/exploits/3590

VirtueMart Multiple Cross-Site Scripting Vulnerabilities

SECUNIA ADVISORY ID:
SA24399

VERIFY ADVISORY:
http://secunia.com/advisories/24399/

CRITICAL:
Less critical

IMPACT:
Cross Site Scripting

WHERE:
>From remote

SOFTWARE:
VirtueMart 1.x
http://secunia.com/product/11832/

DESCRIPTION:
Some vulnerabilities have been reported in VirtueMart, which can be
exploited by malicious people to conduct cross-site scripting
attacks.

Input passed to unspecified parameters within ps_cart.php and
virtuemart_parser.php is not properly sanitised before being returned
to the user. This can be exploited to execute arbitrary HTML and
script code in a user's browser session in context of an affected
site.

The vulnerabilities are reported in versions prior to 1.0.10.

SOLUTION:
Update to version 1.0.10.

PROVIDED AND/OR DISCOVERED BY:
Reported by the vendor.

ORIGINAL ADVISORY:
http://sourceforge.net/project/shownotes.php?release_id=490831

VirtueMart Unspecified SQL Injection and Cross-Site Scripting

SECUNIA ADVISORY ID:
SA24058

VERIFY ADVISORY:
http://secunia.com/advisories/24058/

CRITICAL:
Moderately critical

IMPACT:
Cross Site Scripting, Manipulation of data

WHERE:
>From remote

SOFTWARE:
VirtueMart 1.x
http://secunia.com/product/11832/

DESCRIPTION:
Omid has reported some vulnerabilities in VirtueMart, which can be
exploited by malicious people to conduct SQL injection attacks and
cross-site scripting attacks.

1) Input passed to unspecified parameters is not properly sanitised
before being used in SQL queries. This can be exploited to manipulate
SQL queries by injecting arbitrary SQL code.

2) Input passed to unspecified parameters is not properly sanitised
before being returned to the user. This can be exploited to execute
arbitrary HTML and script code in a user's browser session in context
of an affected site.

The vulnerabilities are reported in version 1.0.7. Prior versions may
also be affected.

SOLUTION:
Update to version 1.0.8.

PROVIDED AND/OR DISCOVERED BY:
Omid

ORIGINAL ADVISORY:
http://sourceforge.net/forum/forum.php?forum_id=647996

Joomla! Cross-Site Scripting and Unspecified Vulnerabilities

SECUNIA ADVISORY ID:
SA23563

VERIFY ADVISORY:
http://secunia.com/advisories/23563/

CRITICAL:
Less critical

IMPACT:
Unknown, Cross Site Scripting

WHERE:
>From remote

SOFTWARE:
Joomla! 1.x
http://secunia.com/product/5788/

DESCRIPTION:
Some vulnerabilities have been reported in Joomla!, where some have
unknown impacts and one can be exploited by malicious people to
conduct cross-site scripting attacks.

1) Input passed to an unspecified parameter is not properly sanitised
before being returned to the user. This can be exploited to execute
arbitrary HTML and script code in a user's browser session in context
of an affected site.

2) The vulnerabilities are caused due to unspecified errors in
Joomla!. The vendor describes them as "several low level security
issues". No further information is currently available.

The vulnerabilities are reported in version 1.0.11. Prior versions
may also be affected.

SOLUTION:
Update to version 1.0.12.

PROVIDED AND/OR DISCOVERED BY:
1) Fukumori
2) Reported by the vendor.

ORIGINAL ADVISORY:
1) http://jvn.jp/jp/JVN%2345006961/index.html
2) http://www.joomla.org/content/view/2446/1/