Categories

Applications (151)
Blogs (3)
Content Management (101)
Customer Relationship (2)
Discussion Boards (19)
E-Commerce (8)
General Purpose Directories (1)
Image Galleries (15)
Mailing Lists (1)
Tips (3)
Vulnerabilities (249)
Access Bypass (42)
Cross Site Scripting (94)
Denial Of Service (2)
File Inclusion (40)
Information Disclosure (13)
Privilege Escalation (2)
Remote Command Execution (12)
Session Hijacking (1)
SQL Injection (84)

Archive for June, 2007

Joomla JEvents Component Remote File Include

Published by TL Guan June 21st, 2007 in Content Management and File Inclusion.

Application: Joomla
Affected Version: Joomla JEvents Component 1.4.1
Vendor’s URL: http://www.joomla.org/
Bug Type: File Inclusion
Risk Level: Critical

Solution:
Edit the source code to make sure input is properly verified
Disable the component, remove it from directory and wait for updates or patches from vendor

PHPMailer Remote Command Execution

Published by TL Guan June 21st, 2007 in Mailing Lists and Remote Command Execution.

Application: PHPMailer
Affected Version: 1.73 or other versions may be affected
Vendor’s URL: http://phpmailer.sourceforge.net/
Bug Type: Remote Command Execution
Risk Level: Critical

Solution:
Edit the source code to make sure input is properly verified
Stop using this application until patch is released.
Waiting for updates or patches from vendor

PHP Live! Request.PHP Cross-Site Scripting

Published by TL Guan June 21st, 2007 in Cross Site Scripting and Customer Relationship.

Application: PHP Live!
Affected Version: 3.2.2 or other versions may be affected
Vendor’s URL: http://www.phplivesupport.com/
Bug Type: Cross-Site Scripting
Risk Level: Medium

Solution:
Waiting for updates or patches from vendor

WordPress XML-RPC SQL Injection

Published by TL Guan June 21st, 2007 in Content Management and SQL Injection.

Application: Wordpress
Affected Version: 2.2 or earlier
Vendor’s URL: http://www.wordpress.org/
Bug Type: SQL Injection
Risk Level: Medium

Solution:
Waiting for updates or patches from vendor

YaBB CRLF Injection Privilege Escalation

Published by TL Guan June 15th, 2007 in Discussion Boards and Privilege Escalation.

Application: YABB Forum
Affected Version: 2.1 or other versions may be affected
Vendor’s URL: http://www.yabbforum.com/
Bug Type: Privilege Escalation
Risk Level: Critical

Solution:
Apply patch.
http://www.yabbforum.com/community/?board=general;action=display;num=1181678785

Xoops XT-Conteudo Module “spaw_root” Vulnerability

Published by TL Guan June 15th, 2007 in Content Management and File Inclusion.

Application: XT-Conteudo 1.x (module for Xoops)
Affected Version: 3 or other version may be affected
Vendor’s URL: http://www.xoops.org/
Bug Type: File Inclusion
Risk Level: Critical

Solution:
Edit the source code to make sure input is properly verified
Disable the module, remove it from directory and wait for updates or patches from vendor

Xoops Cjay Content WYSIWYG IE Module Vulnerability

Published by TL Guan June 15th, 2007 in Content Management and File Inclusion.

Application: Cjay Content WYSIWYG IE 3.x (module for Xoops)
Affected Version: 3 or other versions may be affected
Vendor’s URL: http://www.xoops.org/
Bug Type: File Inclusion
Risk Level: Critical

Solution:
Edit the source code to make sure input is properly verified
Disable the module, remove it from directory and wait for updates or patches from vendor

About

You are currently browsing the Exabytes Security Portal weblog archives for the month June, 2007.

Longer entries are truncated. Click the headline of an entry to read it in its entirety.

Subscribe

Latest

Archives



Valid XHTML 1.0 Transitional