@RISK: The Consensus Security Vulnerability Alert Vol. 9 No. 3
Total number of alerts: 25
______________________________________________________________________
10.3.101 CVE: Not Available
Platform: Web Application - SQL Injection
Title: Joomla! Jobads "type" Parameter SQL Injection
Description: Jobads application is a PHP-based component for the Joomla! content manager. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "type" parameter of the "com_jobads" component before using it in an SQL query.
Ref: http://www.securityfocus.com/bid/37686
______________________________________________________________________
10.3.102 CVE: Not Available
Platform: Web Application - SQL Injection
Title: Joomla! "com_aprice" Component "analog" Parameter SQL Injection
Description: The "com_aprice" application is a PHP-based component for the Joomla! content manager. The component is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "analog" parameter before using it in an SQL query.
Ref: http://www.securityfocus.com/bid/37575
______________________________________________________________________
10.3.103 CVE: Not Available
Platform: Web Application - SQL Injection
Title: Joomla! "com_avosbillets" Component "id" Parameter SQL Injection
Description: The "com_avosbillets" application is a PHP-based component for the Joomla! content manager. The component is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "id" parameter before using it in an SQL query.
Ref: http://www.securityfocus.com/bid/37576
______________________________________________________________________
10.3.104 CVE: Not Available
Platform: Web Application - SQL Injection
Title: Joomla! Module for Alfresco "id_pan" Parameter SQL Injection
Description: Joomla! Module for Alfresco ("com_alfresco") is a PHP-based component for the Joomla! content manager. The component is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "id_pan" parameter before using it in an SQL query.
Ref: http://www.securityfocus.com/bid/37578
______________________________________________________________________
10.3.105 CVE: Not Available
Platform: Web Application - SQL Injection
Title: joomlabamboo JB Simpla Joomla! Template "id" Parameter SQL Injection
Description: JB Simpla is a PHP-based template for the Joomla! content manager. The component is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "id" parameter of "com_content" before using it in an SQL query.
Ref: http://www.securityfocus.com/bid/37579
______________________________________________________________________
10.3.106 CVE: Not Available
Platform: Web Application - SQL Injection
Title: Joomla! BF Survey Pro "catid" Parameter SQL Injection
Description: The BF Survey Pro application is a survey component for the Joomla! content manager. The component is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "catid" parameter before using it in an SQL query.
Ref: http://www.securityfocus.com/bid/37584
______________________________________________________________________
10.3.107 CVE: Not Available
Platform: Web Application - SQL Injection
Title: Joomla! "com_tpjobs" Component "id_c[]" Parameter SQL Injection
Description: The "com_tpjobs" application is a PHP-based component for the Joomla! content manager. The component is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "id_c[]" parameter before using it in an SQL query.
Ref: http://www.securityfocus.com/bid/37591
______________________________________________________________________
10.3.108 CVE: Not Available
Platform: Web Application - SQL Injection
Title: Joomla! "com_otzivi" Component "Itemid" Parameter SQL Injection
Description: The "com_otzivi" application is a PHP-based component for the Joomla! content manager. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "Itemid" parameter before using it in an SQL query.
Ref: http://www.securityfocus.com/bid/37595
______________________________________________________________________
10.3.110 CVE: Not Available
Platform: Web Application - SQL Injection
Title: Shape5 Bridge of Hope Template for Joomla! "id" Parameter SQL Injection
Description: Bridge of Hope is a PHP-based template for the Joomla! content manager. The template is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "id" parameter of the "bridgeofhope/index.php" script before using it in an SQL query.
Ref: http://www.securityfocus.com/bid/37602
______________________________________________________________________
10.3.111 CVE: Not Available
Platform: Web Application - SQL Injection
Title: "com_doqment" Joomla! Component "cid" Parameter SQL Injection
Description: The "com_doqment" application is a PHP-based component for the Joomla! content manager. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "cid" parameter of the "com_doqment" component before using it an SQL query.
Ref: http://www.securityfocus.com/bid/37606
______________________________________________________________________
10.3.113 CVE: Not Available
Platform: Web Application - SQL Injection
Title: Joomla! J-Projects Component "project" Parameter SQL Injection
Description: The J-Projects application is a PHP-based component for the Joomla! content manager. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "project" parameter of the "com_j-projects" component before using it in an SQL query.
Ref: http://www.securityfocus.com/bid/37608
______________________________________________________________________
10.3.118 CVE: Not Available
Platform: Web Application - SQL Injection
Title: Joomla! jEmbed Component "catid" Parameter SQL Injection
Description: jEmbed is a PHP-based component for the Joomla! content manager. The component is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "catid" parameter of the "com_jembed" component before using it an SQL query.
Ref: http://www.securityfocus.com/bid/37627
______________________________________________________________________
10.3.124 CVE: Not Available
Platform: Web Application - SQL Injection
Title: Joomla! "com_perchagallery" Component "id" Parameter SQL Injection
Description: The "com_perchagallery" application is a PHP-based component for the Joomla! content manager. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "id" parameter when the "view" parameter is set to "editunidad" before using the data in an SQL query.
Ref: http://www.securityfocus.com/bid/37642
______________________________________________________________________
10.3.125 CVE: Not Available
Platform: Web Application - SQL Injection
Title: "com_kk" Joomla! Component "kat" Parameter SQL Injection
Description: The "com_kk" application is a PHP-based component for the Joomla! content manager. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "kat" parameter of the "com_kk" component before using it an SQL query.
Ref: http://www.securityfocus.com/bid/37645
______________________________________________________________________
10.3.126 CVE: Not Available
Platform: Web Application - SQL Injection
Title: Joomla! DM Orders Component "id" Parameter SQL Injection
Description: The DM Orders application is a PHP-based component for the Joomla! content manager. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "id" parameter of the "com_dm_orders" component before using it an SQL query.
Ref: http://www.securityfocus.com/bid/37655
______________________________________________________________________
10.3.127 CVE: Not Available
Platform: Web Application - SQL Injection
Title: Joomla! Document Seller for Docman "id" Parameter SQL Injection
Description: Document Seller for Docman is a PHP-based component for the Joomla! content manager. The component is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "id" parameter when "task" parameter is set to "order_form" and the "payment_method" parameter is set to "Paypal". Document Seller for Docman version 2.1 is affected.
Ref: http://www.securityfocus.com/bid/37660
______________________________________________________________________
10.3.129 CVE: Not Available
Platform: Web Application - SQL Injection
Title: Live Chat Joomla! Component "last" Parameter SQL Injection
Description: Live Chat is a PHP-based component for the Joomla! content manager. Live Chat is expsoed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "last" parameter of the "com_livechat" component before using it an SQL query.
Ref: http://www.securityfocus.com/bid/37681
______________________________________________________________________
10.3.136 CVE: Not Available
Platform: Web Application
Title: CARTwebERP Joomla! Component "controller" Parameter Local File Include
Description: The CARTwebERP application is a component for the Joomla! content manager. The application is exposed to a local file include issue because it fails to properly sanitize user-supplied input to the "controller" parameter.
Ref: http://www.securityfocus.com/bid/37581
______________________________________________________________________
10.3.137 CVE: Not Available
Platform: Web Application
Title: Bible Study Joomla! Component "controller" Parameter Local File Include
Description: The Bible Study ("com_biblestudy") application is a component for the Joomla! content manager. The application is exposed to a local file include issue because it fails to properly sanitize user-supplied input to the "controller" parameter of "com_biblestudy".
Bible Study version 6.1 is affected.
Ref: http://www.securityfocus.com/bid/37583
______________________________________________________________________
10.3.138 CVE: Not Available
Platform: Web Application
Title: BF Survey Pro Joomla! Component "controller" Parameter Local File Include
Description: The BF Survey Pro application is a survey component for the Joomla! content manager. The application is exposed to a local file include issue because it fails to properly sanitize user-supplied input to the "controller" parameter.
Ref: http://www.securityfocus.com/bid/37584
______________________________________________________________________
10.3.140 CVE: Not Available
Platform: Web Application
Title: Dailymeals Joomla! Component "controller" Parameter Local File Include
Description: The Dailymeals application is a component for the Joomla! content manager. The application is exposed to a local file include issue because it fails to properly sanitize user-supplied input to the "controller" parameter of the "com_dailymeals" component.
Ref: http://www.securityfocus.com/bid/37596
______________________________________________________________________
10.3.142 CVE: Not Available
Platform: Web Application
Title: Joomla! "com_cartikads" Component Arbitrary File Upload
Description: The "com_cartikads" application is a PHP-based component for the Joomla! content manager. The application is exposed to an issue that lets attackers upload arbitrary files because it fails to adequately sanitize file extensions before uploading the file to the web server through the "uploadimage.php" script.
Ref: http://www.securityfocus.com/bid/37604
______________________________________________________________________
10.3.158 CVE: Not Available
Platform: Web Application
Title: Joomla! "com_dashboard" Component Directory Traversal
Description: The "com_dashboard" component is a PHP-based application for the Joomla! content manager. The application is exposed to a directory traversal issue because it fails to sufficiently sanitize user-supplied input to the "controller" parameter of the "com_dashboard" component.
Ref: http://www.securityfocus.com/bid/37689
______________________________________________________________________
10.3.159 CVE: Not Available
Platform: Web Application
Title: Joomla! "com_jcollection" Component Directory Traversal
Description: The "com_jcollection" component is a PHP-based application for the Joomla! content manager. The application is exposed to a directory traversal issue because it fails to sufficiently sanitize user-supplied input to the "controller" parameter of the "com_jcollection" component.
Ref: http://www.securityfocus.com/bid/37691
______________________________________________________________________
10.3.160 CVE: Not Available
Platform: Web Application
Title: Joomla! "com_jashowcase" Component Directory Traversal
Description: The "com_jashowcase" component is a PHP-based application for the Joomla! content manager. The application is exposed to a directory traversal issue because it fails to sufficiently sanitize user-supplied input to the "controller" parameter of the "com_jashowcase" component.
Ref: http://www.securityfocus.com/bid/37692
______________________________________________________________________
10.3.162 CVE: Not Available
Platform: Web Application
Title: Joomla! "com_jvideodirect" Component Directory Traversal
Description: The "com_jvideodirect" component is a PHP-based application for the Joomla! content manager. The application is exposed to a directory
traversal issue because it fails to sufficiently sanitize user-supplied input to the "controller" parameter of the "com_jvideodirect" component.
Ref: http://www.securityfocus.com/bid/37694
______________________________________________________________________
To subscribe to the @Risk Newsletter go to SANS Computer Security Newsletters and Digests.
|
