Archive

Archive for April, 2007

MyBB SQL Injection Vulnerability

April 26th, 2007

Application: MyBB
Version: 1.2.5 or earlier
Vendor’s URL: http://www.mybboard.net/
Bug Type: Sql Injection
Risk Level: High

Solution:
- Upgrade to version 1.2.6
- http://community.mybboard.net/showthread.php?tid=18632

Applications, Discussion Boards, SQL Injection

Exponent CMS Information Disclosure

April 23rd, 2007

Application: Exponent CMS
Version: 0.96.6 alpha or earlier
Vendor’s URL: http://www.exponentcms.org/index.php?section=1
Bug Type: Access Bypass
Risk Level: Low

Solution:
- Update to latest version when it is available

Access Bypass, Content Management

Phorum Multiple Vulnerabilities

April 23rd, 2007

Application: Phorum
Version: Prior 5.1.22
Vendor’s URL: http://www.phorum.org/
Bug Type: Cross site attacks and Sql injections
Risk Level: High

Solution:
- Update to version 5.1.22
- Turn off registered_globals

Access Bypass, Cross Site Scripting, SQL Injection

PHP-Nuke Multiple Vulnerabilities

April 23rd, 2007

Application: PHP-Nuke
Version: 7.9 or earlier
Vendor’s URL: http://phpnuke.org/
Bug Type: Sql injections and Access bypassing
Risk Level: Medium

Solution:
- Waiting for updates or patches from vendor
- Set “magic_quotes_gpc” in php.ini to On

Access Bypass, SQL Injection

PhpWiki “UpLoad” Vulnerability

April 17th, 2007

Application: Phpwiki
Version: 1.3.12p3 or earlier
Vendor’s URL: http://phpwiki.sourceforge.net/
Bug Type: Access Bypass
Risk: Medium

Solution:
- Disable the UpLoad functionality by changing the permission of the file “lib/plugin/UpLoad.php” under phpwiki install directory.
- Delete the Upload.php file or move it to protected location.

Access Bypass

UseBB Full Path Disclosure

April 13th, 2007

Application: UseBB
Version: 1.0.5 or earlier
Vendor’s URL: http://www.usebb.net/
Bug Type: Information Leaking
Risk: Low

Criteria:
- “register_globals” is turned on

Solution:
- Upgrade to version 1.0.6
- http://www.usebb.net/community/topic.php?id=1541

Access Bypass

Openads “adclick.php” HTTP Header Injection

April 13th, 2007

Application: OpenAds
Version: 2.0.11-pr1 or earlier
Vendor’s URL: http://www.openads.org/
Bug Type: Cross Site Scripting
Risk: Medium

Solution:
- Update to version 2.0.11-pr1
- http://www.openads.org/downloads.html

Cross Site Scripting

Drupal DB Admin Module Multiple Vulnerabilities

April 13th, 2007

Application: Drupal Database Administration Module
Version: 4.7.x-1.1 or earlier
Vendor’s URL: http://drupal.org/
Bug Type: Cross Site Scripting
Risk: Medium

Solution:
- Update to 4.7.x.-1.2
- http://drupal.org/node/135552

Cross Site Scripting

PunBB Multiple XSS

April 13th, 2007

Application: PunBB
Version: 1.2.14 or early
Vendor’s URL: http://www.punbb.org
Bug Type: Cross Site Scripting
Risk: Low

Criteria: Some exploitations requires administrator privileges.

Solution:
- Update to version 1.2.15
- http://www.punbb.org/downloads.php

Cross Site Scripting

Xoops Module SQL Injection

April 9th, 2007

Application: Xoops Jobs Module
Version: 2.4 or earlier
Vendor’s URL: http://www.xoops.org/
Bug Type: Sql Injection
Risk: Medium

Solution:
- Edit the source code to ensure that input is properly sanitized
- Waiting for official patch or update

SQL Injection

WebSPELL “picture.php” Information Leaking

April 9th, 2007

Application: WebSpell CMS
Version: 4.01.02 or earlier
Vendor’s URL: http://cms.webspell.org/
Bug Type: Information Leaking
Risk: Low

Criteria:
- register_globals must be enabled.
- PHP version prior to 4.3.0 must be used

Solution:
- Waiting for official patch or update
- Edit the source code to ensure the input is properly sanitized

Access Bypass

Xoops Module SQL Injection

April 9th, 2007
Comments Off

Application: Xoops WF-Links Module
Version: 1.03 or earlier
Vendor’s URL: http://www.xoops.org/
Bug Type: Sql Injection
Risk: Medium

Solution:
- Waiting for official patch or update
- Edit the source code to ensure that input is properly sanitized

SQL Injection

Xoops Module SQL Injection

April 9th, 2007

Application: Xoops Rha7 Downloads Module
Version: 1.x
Vendor’s URL: http://www.xoops.org/
Bug Type: Sql Injection
Risk: Medium

Solution:
- Edit the source code to ensure that input is properly sanitized
- Waiting for official patch or update

SQL Injection

Xoops Module SQL Injection

April 9th, 2007

Application: Xoops WF-Snippets Module
Version: WF-Snippets 1.03 or earlier
Vendor’s URL: http://www.xoops.org/
Bug Type: Sql Injections
Risk: Medium

Solution:
- Edit the source code to ensure that input is properly sanitized
- Waiting for official patch or update

SQL Injection