Exabytes Security Portal

Ektron CMS Two SQL Injection

March 30th, 2014

Application: Ektron CMS
Affected Version: versions prior to 9.00.
Vendor’s URL: Ektron CMS
Bug Type: SQL Injection
Risk Level: Critical

Solution:
Upgrade to version 9.00 or later.

Content Management, SQL Injection

WordPress Business Intelligence Lite Plugin Arbitrary File Upload

March 30th, 2014

Application: WordPress
Affected Version: version 1.0.6 and other versions.
Vendor’s URL: Business Intelligence Lite Plugin
Bug Type: File Upload
Risk Level: Critical

Solution:
Update to version 1.1.

Content Management, File Inclusion

Netvolution CMS SQL Injection

March 30th, 2014

Application: Netvolution CMS
Affected Version: version 3 and other versions.
Vendor’s URL: Netvolution CMS
Bug Type: SQL Injection
Risk Level: Critical

Solution:
No official solution is currently available.

Content Management, SQL Injection

Jorjweb “id” SQL Injection

March 30th, 2014

Application: Jorjweb
Affected Version: -
Vendor’s URL: Jorjweb
Bug Type: SQL Injection
Risk Level: Critical

Solution:
No official solution is currently available.

Content Management, SQL Injection

WordPress The Cotton Theme Arbitrary File Upload

March 30th, 2014

Application: WordPress
Affected Version: version 1.1.4 and other versions.
Vendor’s URL: The Cotton Theme
Bug Type: File Upload
Risk Level: Critical

Solution:
No official solution is currently available.

Content Management, File Inclusion

Joomla! AJAX Shoutbox Component “jal_lastID” SQL Injection

March 30th, 2014

Application: Joomla!
Affected Version: version 1.6 and prior versions.
Vendor’s URL: AJAX Shoutbox Component
Bug Type: SQL Injection
Risk Level: Critical

Solution:
Update to version 1.7.

Content Management, SQL Injection

LuxCal Web Calendar Cross-Site Request Forgery and SQL Injection

March 30th, 2014

Application: LuxCal Web Calendar
Affected Version: version 3.2.2 and other versions.
Vendor’s URL: LuxCal Web Calendar
Bug Type: Cross-Site Request Forgery and SQL Injection
Risk Level: Critical

Solution:
No official solution is currently available.

Content Management, Cross Site Scripting, SQL Injection

WordPress WP SlimStat Plugin URL Script Insertion

March 30th, 2014

Application: WordPress
Affected Version: version 3.5.5 and prior versions.
Vendor’s URL: WP SlimStat Plugin
Bug Type: Script Insertion
Risk Level: Critical

Solution:
Update to version 3.5.6.

Content Management, Cross Site Scripting

WordPress Relevanssi Plugin “category_name” SQL Injection

March 30th, 2014

Application: WordPress
Affected Version: versions prior to 3.3.
Vendor’s URL: Relevanssi Plugin
Bug Type: SQL Injection
Risk Level: Critical

Solution:
Update to version 3.3 or later.

Content Management, SQL Injection

Ganesha Digital Library Cross-Site Scripting and SQL Injection

March 30th, 2014

Application: Ganesha Digital Library
Affected Version: version 4.2 and other versions.
Vendor’s URL: Ganesha Digital Library
Bug Type: Cross-Site Scripting and SQL Injection
Risk Level: Critical

Solution:
No official solution is currently available.

Cross Site Scripting, SQL Injection

Cory Support “q” SQL Injection

March 30th, 2014

Application: Cory Support
Affected Version: version 1.0 and other versions.
Vendor’s URL: Cory Support
Bug Type: SQL Injection
Risk Level: Critical

Solution:
No official solution is currently available.

Customer Relationship, SQL Injection

Joomla! ODude Dir Component Unspecified Vulnerabilities

March 30th, 2014

Application: Joomla!
Affected Version: versions prior to 1.1.
Vendor’s URL: ODude Dir Component
Bug Type: unknown
Risk Level: Critical

Solution:
Update to version 1.1.

Content Management

CosmoShop ePRO Security Bypass

March 30th, 2014

Application: CosmoShop
Affected Version: version 10.17.00 and other versions.
Vendor’s URL: CosmoShop ePRO
Bug Type: Security Bypass
Risk Level: Critical

Solution:
No official solution is currently available.

Access Bypass, E-Commerce

Joomla! Multiple Vulnerabilities

February 28th, 2014

Application: Joomla!
Affected Version: versions 2.5.18, 3.2.1 and 3.2.2
Vendor’s URL: Joomla!
Bug Type: Security Bypass, Cross Site Scripting, SQL Injection
Risk Level: Critical

Solution:
Update to version 2.5.19 or 3.2.3.

Access Bypass, Content Management, Cross Site Scripting, SQL Injection

WordPress Search Everything Plugin SQL Injection

February 28th, 2014

Application: WordPress
Affected Version: version 7.0.2 and prior versions.
Vendor’s URL: Search Everything Plugin
Bug Type: SQL Injection
Risk Level: Critical

Solution:
Update to version 7.0.3 or later.

Content Management, SQL Injection

Drupal Slickgrid Module Security Bypass Security Issue

February 28th, 2014

Application: Drupal
Affected Version: 7.x-1.x versions prior to 7.x-2.0.
Vendor’s URL: Slickgrid Module
Bug Type: Security Bypass
Risk Level: Critical

Solution:
Update to version 7.x-2.0.

Access Bypass, Content Management

WordPress AdRotate Plugin “track” SQL Injection

February 28th, 2014

Application: WordPress
Affected Version: AdRotate Free version 3.9.4 and reported in AdRotate Pro versions prior to 3.9.6.
Vendor’s URL: AdRotate Plugin
Bug Type: SQL Injection
Risk Level: Critical

Solution:
Update to a fixed version.

Content Management, SQL Injection

WordPress BuddyPress Plugin Script Insertion and Security Bypass

February 28th, 2014

Application: WordPress
Affected Version: version 1.9.1 and prior versions.
Vendor’s URL: BuddyPress Plugin
Bug Type: Script Insertion and Security Bypass
Risk Level: Critical

Solution:
Update to version 1.9.2.

Access Bypass, Content Management, Cross Site Scripting

WordPress Kiddo Theme “uploadify.php” Arbitrary File Upload

February 28th, 2014

Application: WordPress
Affected Version:
Vendor’s URL: Kiddo Theme
Bug Type: File Upload
Risk Level: Critical

Solution:
No official solution is currently available.

Content Management, File Inclusion

Zabbix API User Spoofing and Security Bypass

February 28th, 2014

Application: Zabbix
Affected Version: versions prior to 2.0.11 and 2.2.2.
Vendor’s URL: Zabbix
Bug Type: User Spoofing and Security Bypass
Risk Level: Critical

Solution:
Update to version 2.0.11 or 2.2.2.

Access Bypass

Ektron CMS Two SQL Injection

WordPress Business Intelligence Lite Plugin Arbitrary File Upload

Netvolution CMS SQL Injection

Jorjweb “id” SQL Injection

WordPress The Cotton Theme Arbitrary File Upload

Joomla! AJAX Shoutbox Component “jal_lastID” SQL Injection

LuxCal Web Calendar Cross-Site Request Forgery and SQL Injection

WordPress WP SlimStat Plugin URL Script Insertion

WordPress Relevanssi Plugin “category_name” SQL Injection

Ganesha Digital Library Cross-Site Scripting and SQL Injection

Cory Support “q” SQL Injection

Joomla! ODude Dir Component Unspecified Vulnerabilities

CosmoShop ePRO Security Bypass

Joomla! Multiple Vulnerabilities

WordPress Search Everything Plugin SQL Injection

Drupal Slickgrid Module Security Bypass Security Issue

WordPress AdRotate Plugin “track” SQL Injection

WordPress BuddyPress Plugin Script Insertion and Security Bypass

WordPress Kiddo Theme “uploadify.php” Arbitrary File Upload

Zabbix API User Spoofing and Security Bypass

Categories

Archives