Exabytes Security Portal

WordPress Nmedia Users File Uploader Plugin Multiple Vulnerabilities

April 30th, 2012

Application: WordPress
Affected Version: versions prior to 1.8.
Vendor’s URL: Nmedia Users File Uploader Plugin
Bug Type: arbitrary file upload
Risk Level: Critical

Solution:
Update to version 1.8.

Content Management, File Inclusion

WordPress WP Marketplace Plugin File Enumeration Weakness and File Upload Vulnerability

April 30th, 2012

Application: WordPress
Affected Version: version 1.2.1 and prior versions.
Vendor’s URL: WP Marketplace Plugin
Bug Type: File Upload
Risk Level: Critical

Solution:
Update to version 1.2.2.

Content Management, File Inclusion

Gajim SQL and Command Injection Vulnerabilities

April 30th, 2012

Application: Gajim
Affected Version: versions prior to 0.15.
Vendor’s URL: Gajim
Bug Type: SQL and Command Injection
Risk Level: Critical

Solution:
Update to version 0.15.

Remote Command Execution, SQL Injection

OpenCart Two Vulnerabilities

April 30th, 2012

Application: OpenCart
Affected Version: version 1.5.2.1 and other versions.
Vendor’s URL: OpenCart
Bug Type: arbitrary code execution
Risk Level: Critical

Solution:
Edit the source code to ensure that input is properly verified. Restrict access to the download folder (e.g. via .htaccess)

E-Commerce, Remote Command Execution

vBulletin Two Script Insertion

April 30th, 2012

Application: vBulletin
Affected Version: versions 4.1.4 through 4.1.11.
Vendor’s URL: vBulletin
Bug Type: Cross Site Scripting
Risk Level: Critical

Solution:
Install patch, please consult with developers.

Cross Site Scripting, Discussion Boards

e-ticketing “user_name” and “password” SQL Injection

April 30th, 2012

Application: e-ticketing
Affected Version: version downloaded on 2012-04-05, other versions are not affected.
Vendor’s URL: e-ticketing
Bug Type: SQL Injection
Risk Level: Critical

Solution:
Edit the source code to ensure that input is properly sanitised.

Customer Relationship, SQL Injection

WordPress Another WordPress Classifieds Plugin Unspecified Image Upload Vulnerability

April 30th, 2012

Application: WordPress
Affected Version: versions prior to 2.0.
Vendor’s URL: Another WordPress Classifieds Plugin
Bug Type:
Risk Level: Critical

Solution:
Upgrade to version 2.0.

Content Management

Drupal Ubercart Module Script Insertion and Code Injection Vulnerabilities

April 30th, 2012

Application: Drupal
Affected Version: Ubercart 6.x-2.x. Drupal versions 6.x-2.x prior to 6.x-2.8 and versions 7.x-3.x prior to 7.x-3.1.
Vendor’s URL: Ubercart Module
Bug Type: Cross Site Scripting and code injection
Risk Level: Critical

Solution:
Update to version 6.x-2.8 or 7.x-3.1.

Content Management, Cross Site Scripting, Remote Command Execution

Drupal Linkit Module Information Disclosure Security Issue

April 30th, 2012

Application: Drupal
Affected Version: versions prior to 7.x-2.2.
Vendor’s URL: Linkit Module
Bug Type: Information Disclosure
Risk Level: Critical

Solution:
Update to version 7.x-2.3.

Content Management, Information Disclosure

Joomla! NinjaXplorer Component Unspecified Vulnerability

April 30th, 2012

Application: Joomla!
Affected Version: versions prior to 1.0.7.
Vendor’s URL: NinjaXplorer Component
Bug Type:
Risk Level: Critical

Solution:
Update to version 1.0.7.

Content Management

Joomla! ccNewsletter Component “id” SQL Injection

April 30th, 2012

Application: Joomla!
Affected Version: version 1.0.9 and prior versions
Vendor’s URL: ccNewsletter Component
Bug Type: SQL Injection
Risk Level: Critical

Solution:
Update to version 1.0.10 or later.

Content Management, SQL Injection

WordPress Zingiri Web Shop Plugin Multiple Unspecified Vulnerabilities

April 30th, 2012

Application: WordPress
Affected Version: versions prior to 2.4.0.
Vendor’s URL: Zingiri Web Shop Plugin
Bug Type: -
Risk Level: Critical

Solution:
Update to version 2.4.0.

Content Management

OneFileCMS User Redirection Security Bypass Security Issue

March 30th, 2012

Application: OneFileCMS
Affected Version: version 1.1.4 and prior versions.
Vendor’s URL: OneFileCMS
Bug Type: Security Bypass
Risk Level: Critical

Solution:
Update to version 1.1.5.

Access Bypass, Content Management

OSClass combine.php File Manipulation Vulnerability

March 30th, 2012

Application: OSClass
Affected Version: version 2.3.5 and prior versions.
Vendor’s URL: OSClass
Bug Type: Manipulation of data
Risk Level: Critical

Solution:
Update to version 2.3.6.

Uncategorized

Joomla! Cross-Site Scripting and SQL Injection Vulnerabilities

March 30th, 2012

Application: Joomla!
Affected Version: versions 2.5.0 and 2.5.1 and prior versions
Vendor’s URL: Joomla!
Bug Type: Cross-Site Scripting and SQL Injection
Risk Level: Critical

Solution:
Update to version 2.5.2.

Content Management, Cross Site Scripting, SQL Injection

WordPress Formidable Pro Plugin Unspecified Vulnerabilities

March 30th, 2012

Application: WordPress
Affected Version: versions prior to 1.6.3.
Vendor’s URL: Formidable Pro Plugin
Bug Type: -
Risk Level: Critical

Solution:
Update to version 1.6.3.

Content Management

WordPress Video Embed & Thumbnail Generator Plugin Code Execution Vulnerabilities

March 30th, 2012

Application: WordPress
Affected Version: version 1.1 and other versions.
Vendor’s URL: Video Embed & Thumbnail Generator Plugin
Bug Type: Code Execution
Risk Level: Critical

Solution:
Upgrade to version 2.0.

Content Management, Remote Command Execution

Joomla! Two Security Bypass Vulnerabilities

March 30th, 2012

Application: Joomla!
Affected Version: versions 2.5.0 through 2.5.2.
Vendor’s URL: Joomla!
Bug Type: Security Bypass
Risk Level: Critical

Solution:
Update to version 2.5.3.

Access Bypass, Content Management

Drupal CKEditor / FCKeditor Modules Cross Site Scripting and Code Execution Vulnerabilities

March 30th, 2012

Application: Drupal
Affected Version:
* FCKeditor module versions 6.x-2.x prior to 6.x-2.3.
* CKEditor module versions 6.x-1.x prior to 6.x-1.9.
* CKEditor module versions 7.x-1.x prior to 7.x-1.7.
Vendor’s URL: CKEditor / FCKeditor Modules
Bug Type: Cross Site Scripting and Code Execution
Risk Level: Critical

Solution:
Update to a fixed version.

Content Management, Cross Site Scripting, Remote Command Execution

Drupal Slidebox Module Security Bypass Vulnerability

March 30th, 2012

Application: Drupal
Affected Version: versions 7.x-1.0 through 7.x-1.3.
Vendor’s URL: Slidebox Module
Bug Type: Security Bypass
Risk Level: Critical

Solution:
Update to version 7.x-1.4.

Access Bypass, Content Management

WordPress Nmedia Users File Uploader Plugin Multiple Vulnerabilities

WordPress WP Marketplace Plugin File Enumeration Weakness and File Upload Vulnerability

Gajim SQL and Command Injection Vulnerabilities

OpenCart Two Vulnerabilities

vBulletin Two Script Insertion

e-ticketing “user_name” and “password” SQL Injection

WordPress Another WordPress Classifieds Plugin Unspecified Image Upload Vulnerability

Drupal Ubercart Module Script Insertion and Code Injection Vulnerabilities

Drupal Linkit Module Information Disclosure Security Issue

Joomla! NinjaXplorer Component Unspecified Vulnerability

Joomla! ccNewsletter Component “id” SQL Injection

WordPress Zingiri Web Shop Plugin Multiple Unspecified Vulnerabilities

OneFileCMS User Redirection Security Bypass Security Issue

OSClass combine.php File Manipulation Vulnerability

Joomla! Cross-Site Scripting and SQL Injection Vulnerabilities

WordPress Formidable Pro Plugin Unspecified Vulnerabilities

WordPress Video Embed & Thumbnail Generator Plugin Code Execution Vulnerabilities

Joomla! Two Security Bypass Vulnerabilities

Drupal CKEditor / FCKeditor Modules Cross Site Scripting and Code Execution Vulnerabilities

Drupal Slidebox Module Security Bypass Vulnerability

Categories

Archives