SECUNIA ADVISORY ID: SA31789

VERIFY ADVISORY: http://secunia.com/advisories/31789/

CRITICAL: Moderately critical

IMPACT: Unknown, Brute force

SOFTWARE: Joomla! 1.x - http://secunia.com/advisories/product/5788/

DESCRIPTION: Some vulnerabilities and a security issue have been reported in Joomla!, where some have an unknown impact and others can potentially be exploited by malicious people to conduct brute force attacks. The vulnerabilities and security issue are reported in versions prior to version 1.5.7.

1) A security issue is caused due to an error when generating random numbers and can potentially be exploited to guess a generated token or password.
2) An input validation error exists within JRequest, which can be exploited to inject certain characters into returned data.
3) An input validation error exists within the "mailto" component before sending mails.

SOLUTION: Update to version 1.5.7.

PROVIDED AND/OR DISCOVERED BY:
1) The vendor credits Stefan Esser.
2) The vendor credits Andrew Eddie.
3) The vendor credits Phil Taylor.
ORIGINAL ADVISORY: http://www.joomla.org/announcements/release-news/5212-joomla-157-security-release-now-available.html