Exabytes Security Portal

Drupal Revisioning Information Disclosure Security Issue

April 29th, 2014

Application: Drupal
Affected Version: version 7.x-1.7.
Vendor’s URL: Drupal Revisioning
Bug Type: Information Disclosure
Risk Level:

Solution:
Update to version 7.x-1.8.

Content Management, Information Disclosure

WordPress Jetpack Plugin Security Bypass

April 29th, 2014

Application: WordPress
Affected Version: versions prior to 2.9.3.
Vendor’s URL: Jetpack Plugin
Bug Type: Security Bypass
Risk Level: Critical

Solution:
Update to version 2.9.3.

Access Bypass, Content Management

WordPress Multiple Vulnerabilities

April 29th, 2014

Application: WordPress
Affected Version: versions prior to 3.8.2.
Vendor’s URL: WordPress
Bug Type: Security Bypass, Cross Site Scripting
Risk Level: Critical

Solution:
Update to version 3.8.3.

Access Bypass, Content Management, Cross Site Scripting

WordPress File Gallery Plugin Settings Arbitrary Command Execution

April 29th, 2014

Application: WordPress
Affected Version: version 1.7.9 and other versions
Vendor’s URL: File Gallery Plugin
Bug Type: System Access
Risk Level: Critical

Solution:
Update to version 1.7.9.2.

Access Bypass, Content Management

WordPress Work The Flow File Upload Plugin Arbitrary File Upload

April 29th, 2014

Application: WordPress
Affected Version: version 1.2.2 and other versions.
Vendor’s URL: Work The Flow File Upload Plugin
Bug Type: File Upload
Risk Level: Critical

Solution:
No official solution is currently available.

Content Management, File Inclusion

WordPress Quick Page Post Redirect Plugin Cross-Site Request Forgery

April 29th, 2014

Application: WordPress
Affected Version: version 5.0.5 and prior versions.
Vendor’s URL: Quick Page Post Redirect Plugin
Bug Type: Cross-Site Scripting
Risk Level: Critical

Solution:
Update to version 5.0.6.

Content Management, Cross Site Scripting

WordPress Linenity Theme “imgurl” Arbitrary File Disclosure

April 29th, 2014

Application: WordPress
Affected Version: version 1.2.0 and other versions.
Vendor’s URL: Linenity Theme
Bug Type: File Disclosure
Risk Level: Critical

Solution:
No official solution is currently available.

Content Management, Information Disclosure

Ektron CMS Two SQL Injection

March 30th, 2014

Application: Ektron CMS
Affected Version: versions prior to 9.00.
Vendor’s URL: Ektron CMS
Bug Type: SQL Injection
Risk Level: Critical

Solution:
Upgrade to version 9.00 or later.

Content Management, SQL Injection

WordPress Business Intelligence Lite Plugin Arbitrary File Upload

March 30th, 2014

Application: WordPress
Affected Version: version 1.0.6 and other versions.
Vendor’s URL: Business Intelligence Lite Plugin
Bug Type: File Upload
Risk Level: Critical

Solution:
Update to version 1.1.

Content Management, File Inclusion

Netvolution CMS SQL Injection

March 30th, 2014

Application: Netvolution CMS
Affected Version: version 3 and other versions.
Vendor’s URL: Netvolution CMS
Bug Type: SQL Injection
Risk Level: Critical

Solution:
No official solution is currently available.

Content Management, SQL Injection

Jorjweb “id” SQL Injection

March 30th, 2014

Application: Jorjweb
Affected Version: -
Vendor’s URL: Jorjweb
Bug Type: SQL Injection
Risk Level: Critical

Solution:
No official solution is currently available.

Content Management, SQL Injection

WordPress The Cotton Theme Arbitrary File Upload

March 30th, 2014

Application: WordPress
Affected Version: version 1.1.4 and other versions.
Vendor’s URL: The Cotton Theme
Bug Type: File Upload
Risk Level: Critical

Solution:
No official solution is currently available.

Content Management, File Inclusion

Joomla! AJAX Shoutbox Component “jal_lastID” SQL Injection

March 30th, 2014

Application: Joomla!
Affected Version: version 1.6 and prior versions.
Vendor’s URL: AJAX Shoutbox Component
Bug Type: SQL Injection
Risk Level: Critical

Solution:
Update to version 1.7.

Content Management, SQL Injection

LuxCal Web Calendar Cross-Site Request Forgery and SQL Injection

March 30th, 2014

Application: LuxCal Web Calendar
Affected Version: version 3.2.2 and other versions.
Vendor’s URL: LuxCal Web Calendar
Bug Type: Cross-Site Request Forgery and SQL Injection
Risk Level: Critical

Solution:
No official solution is currently available.

Content Management, Cross Site Scripting, SQL Injection

WordPress WP SlimStat Plugin URL Script Insertion

March 30th, 2014

Application: WordPress
Affected Version: version 3.5.5 and prior versions.
Vendor’s URL: WP SlimStat Plugin
Bug Type: Script Insertion
Risk Level: Critical

Solution:
Update to version 3.5.6.

Content Management, Cross Site Scripting

WordPress Relevanssi Plugin “category_name” SQL Injection

March 30th, 2014

Application: WordPress
Affected Version: versions prior to 3.3.
Vendor’s URL: Relevanssi Plugin
Bug Type: SQL Injection
Risk Level: Critical

Solution:
Update to version 3.3 or later.

Content Management, SQL Injection

Ganesha Digital Library Cross-Site Scripting and SQL Injection

March 30th, 2014

Application: Ganesha Digital Library
Affected Version: version 4.2 and other versions.
Vendor’s URL: Ganesha Digital Library
Bug Type: Cross-Site Scripting and SQL Injection
Risk Level: Critical

Solution:
No official solution is currently available.

Cross Site Scripting, SQL Injection

Cory Support “q” SQL Injection

March 30th, 2014

Application: Cory Support
Affected Version: version 1.0 and other versions.
Vendor’s URL: Cory Support
Bug Type: SQL Injection
Risk Level: Critical

Solution:
No official solution is currently available.

Customer Relationship, SQL Injection

Joomla! ODude Dir Component Unspecified Vulnerabilities

March 30th, 2014

Application: Joomla!
Affected Version: versions prior to 1.1.
Vendor’s URL: ODude Dir Component
Bug Type: unknown
Risk Level: Critical

Solution:
Update to version 1.1.

Content Management

CosmoShop ePRO Security Bypass

March 30th, 2014

Application: CosmoShop
Affected Version: version 10.17.00 and other versions.
Vendor’s URL: CosmoShop ePRO
Bug Type: Security Bypass
Risk Level: Critical

Solution:
No official solution is currently available.

Access Bypass, E-Commerce

Older Entries

Drupal Revisioning Information Disclosure Security Issue

WordPress Jetpack Plugin Security Bypass

WordPress Multiple Vulnerabilities

WordPress File Gallery Plugin Settings Arbitrary Command Execution

WordPress Work The Flow File Upload Plugin Arbitrary File Upload

WordPress Quick Page Post Redirect Plugin Cross-Site Request Forgery

WordPress Linenity Theme “imgurl” Arbitrary File Disclosure

Ektron CMS Two SQL Injection

WordPress Business Intelligence Lite Plugin Arbitrary File Upload

Netvolution CMS SQL Injection

Jorjweb “id” SQL Injection

WordPress The Cotton Theme Arbitrary File Upload

Joomla! AJAX Shoutbox Component “jal_lastID” SQL Injection

LuxCal Web Calendar Cross-Site Request Forgery and SQL Injection

WordPress WP SlimStat Plugin URL Script Insertion

WordPress Relevanssi Plugin “category_name” SQL Injection

Ganesha Digital Library Cross-Site Scripting and SQL Injection

Cory Support “q” SQL Injection

Joomla! ODude Dir Component Unspecified Vulnerabilities

CosmoShop ePRO Security Bypass

Categories

Archives