Exabytes Security Portal

Joomla! Projectfork Component “search” and “order” SQL Injection

November 29th, 2013

Application: Joomla!
Affected Version: versions prior to 3.0.11.
Vendor’s URL: Projectfork Component
Bug Type: SQL Injection
Risk Level: Critical

Solution:
Update to version 3.0.11.

Content Management, SQL Injection

WordPress FunCaptcha Plugin Two Cross-Site Scripting

November 29th, 2013

Application: WordPress
Affected Version: version 0.4.3 and prior version
Vendor’s URL: FunCaptcha Plugin
Bug Type: Cross-Site Scripting
Risk Level: Medium

Solution:
Update to version 0.4.4.

Content Management, Cross Site Scripting

Drupal EU Cookie Compliance Module Unspecified Script Insertion

November 29th, 2013

Application: Drupal
Affected Version: versions prior to 7.x-1.12.
Vendor’s URL: EU Cookie Compliance Module
Bug Type: Cross Site Scripting
Risk Level: Medium

Solution:
Update to version 7.x-1.12.

Content Management, Cross Site Scripting

WHMCS “unserialize()” PHP Code Execution and Multiple Unspecified Vulnerabilities

November 29th, 2013

Application: WHMCS
Affected Version: versions prior to 5.1.14 and 5.2.13.
Vendor’s URL: WHMCS
Bug Type: Code Execution
Risk Level: Critical

Solution:
Update to version 5.1.14 and 5.2.13.

Access Bypass

WordPress Tweet Blender Plugin “tb_tab_index” Cross-Site Scripting

November 29th, 2013

Application: WordPress
Affected Version: versions prior to 4.0.2.
Vendor’s URL: Tweet Blender Plugin
Bug Type: Cross-Site Scripting
Risk Level: Critical

Solution:
Update to version 4.0.2.

Content Management, Cross Site Scripting

WordPress This Way Theme Arbitrary File Upload

November 29th, 2013

Application: WordPress
Affected Version: -
Vendor’s URL: This Way Theme
Bug Type: File Upload
Risk Level: Critical

Solution:
No official solution is currently available.

Content Management, File Inclusion

Joomla! Multiple Cross-Site Scripting Vulnerabilities

November 29th, 2013

Application: Joomla!
Affected Version: versions prior to 2.5.15, 3.1.6, and 3.2.
Vendor’s URL: Joomla!
Bug Type: Cross Site Scripting
Risk Level: Medium

Solution:
Update to version 2.5.15, 3.1.6, or 3.2.

Content Management, Cross Site Scripting

WordPress Gallery Bank Plugin Unspecified Vulnerabilities

October 31st, 2013

Application: WordPress
Affected Version: versions prior to 2.20.
Vendor’s URL: Gallery Bank Plugin
Bug Type:
Risk Level: Critical

Solution:
Update to version 2.20.

Content Management

Simple Machines Forum Multiple Vulnerabilities

October 31st, 2013

Application: Simple Machines Forum
Affected Version: versions prior to 2.0.6 and 1.1.19.
Vendor’s URL: Simple Machines Forum
Bug Type: System access
Risk Level: Critical

Solution:
Update to version 2.0.6 or 1.1.19.

Access Bypass, Discussion Boards

WordPress Quick Paypal Payments Plugin Two Script Insertion

October 31st, 2013

Application: WordPress
Affected Version: version 3.0 and other versions.
Vendor’s URL: Quick Paypal Payments Plugin
Bug Type: Cross Site Scripting
Risk Level: Critical

Solution:
No official solution is currently available.

Uncategorized

Drupal Simplenews Module Email Subscription API Script Insertion

October 31st, 2013

Application: Drupal
Affected Version: versions prior to 6.x-1.5 and prior to 7.x-1.1.
Vendor’s URL: Simplenews Module
Bug Type: Cross Site Scripting
Risk Level: Critical

Solution:
Update to version 6.x-1.5 or 7.x-1.1.

Content Management, Cross Site Scripting

Bilboplanet Cross-Site Scripting and SQL Injection

October 31st, 2013

Application: Bilboplanet
Affected Version: version 2.0 and other versions.
Vendor’s URL: Bilboplanet
Bug Type: Cross-Site Scripting and SQL Injection
Risk Level: Critical

Solution:
No official solution is currently available.

Content Management, Cross Site Scripting, SQL Injection

osCommerce “products_id” Script Insertion

October 31st, 2013

Application: osCommerce
Affected Version: version 2.3.3 and prior versions.
Vendor’s URL: osCommerce
Bug Type: Cross Site Scripting
Risk Level: Critical

Solution:
Update to version 2.3.3.1.

Cross Site Scripting, E-Commerce

WordPress Landing Pages Plugin “post” SQL Injection

October 31st, 2013

Application: WordPress
Affected Version: version 1.2.3 and prior versions.
Vendor’s URL: Landing Pages Plugin
Bug Type: SQL Injection
Risk Level: Critical

Solution:
Update to version 1.2.3 (10/09/13).

Content Management, SQL Injection

WordPress Quick Contact Form Plugin Two Script Insertion

October 31st, 2013

Application: WordPress
Affected Version: version 6.0 and prior versions.
Vendor’s URL: Quick Contact Form Plugin
Bug Type: Cross Site Scripting
Risk Level: Critical

Solution:
Update to version 6.1.

Uncategorized

WordPress SEO Watcher Plugin Open Flash Chart Arbitrary File Creation

October 31st, 2013

Application: WordPress
Affected Version: version 1.4 and other versions.
Vendor’s URL: SEO Watcher Plugin
Bug Type: File Creation
Risk Level: Critical

Solution:
No official solution is currently available.

Access Bypass, Content Management

WordPress WP-SlimStat-Ex Plugin Open Flash Chart Arbitrary File Creation

October 31st, 2013

Application: WordPress
Affected Version: version 2.1.2
Vendor’s URL: WP-SlimStat-Ex Plugin
Bug Type: System Access
Risk Level: Critical

Solution:
No official solution is currently available.

Access Bypass, Content Management

glFusion “cat_id” SQL Injection

September 30th, 2013

Application: glFusion
Affected Version: version 1.3.0 and prior versions.
Vendor’s URL: glFusion
Bug Type: SQL Injection
Risk Level: Critical

Solution:
Update to version 1.3.1.

Content Management, SQL Injection

WordPress Design Approval System Plugin “step” Cross-Site Scripting

September 30th, 2013

Application: WordPress
Affected Version: versions prior to 3.7
Vendor’s URL: Design Approval System Plugin
Bug Type: Cross-Site Scripting
Risk Level: Critical

Solution:
Update to version 3.7.

Content Management, Cross Site Scripting

MediaWiki CentralAuth Extension Authentication Bypass

September 30th, 2013

Application: MediaWiki
Affected Version: versions prior to 11.38.2.6 and 11.39.0.15.
Vendor’s URL: CentralAuth Extension
Bug Type: Security Bypass
Risk Level: Critical

Solution:
Update to a fixed version.

Access Bypass, Content Management

Joomla! Projectfork Component “search” and “order” SQL Injection

WordPress FunCaptcha Plugin Two Cross-Site Scripting

Drupal EU Cookie Compliance Module Unspecified Script Insertion

WHMCS “unserialize()” PHP Code Execution and Multiple Unspecified Vulnerabilities

WordPress Tweet Blender Plugin “tb_tab_index” Cross-Site Scripting

WordPress This Way Theme Arbitrary File Upload

Joomla! Multiple Cross-Site Scripting Vulnerabilities

WordPress Gallery Bank Plugin Unspecified Vulnerabilities

Simple Machines Forum Multiple Vulnerabilities

WordPress Quick Paypal Payments Plugin Two Script Insertion

Drupal Simplenews Module Email Subscription API Script Insertion

Bilboplanet Cross-Site Scripting and SQL Injection

osCommerce “products_id” Script Insertion

WordPress Landing Pages Plugin “post” SQL Injection

WordPress Quick Contact Form Plugin Two Script Insertion

WordPress SEO Watcher Plugin Open Flash Chart Arbitrary File Creation

WordPress WP-SlimStat-Ex Plugin Open Flash Chart Arbitrary File Creation

glFusion “cat_id” SQL Injection

WordPress Design Approval System Plugin “step” Cross-Site Scripting

MediaWiki CentralAuth Extension Authentication Bypass

Categories

Archives