Archive

Archive for July, 2007

Joomla Component Pony Gallery SQL Injection

July 30th, 2007

Application: Joomla
Affected Version: 1.5 or other versions may be affected
Vendor’s URL: http://joomlander.net/
Bug Type: SQL Injection
Risk Level: Medium

Solution:
Disable the component, remove it from directory and wait for updates or patches from vendor

Content Management, SQL Injection

phpBB SupaNav Module File Inclusion

July 20th, 2007

Application: PHPBB
Affected Version: 1.0.0 or other versions may be affected
Vendor’s URL: SupaNav
Bug Type: File Inclusion
Risk Level: Critical

Solution:
- Edit the source code to make sure input is properly verified
- Update to version 1.1.1

Discussion Boards, File Inclusion

Drupal Access Restriction Bypass

July 20th, 2007

Application: Drupal
Affected Version: 4.7.0 and 5.x-1.1 or other versions may be affected
Vendor’s URL: http://drupal.org/
Bug Type: Access Bypass
Risk Level: Medium

Solution:
- Update Print to version 4.7.x-1.0.

Access Bypass, Content Management

Zen Cart Vulnerability

July 20th, 2007

Application: Zen Cart
Affected Version: 1.3.7 or other versions may be affected
Vendor’s URL: http://www.zencart.com/
Bug Type: Session Hijacking
Risk Level: Medium

Solution:
- Update to zen-cart-v1.3.7-full-patched-07012007

E-Commerce, Session Hijacking

WordPress Custom Field PHP Script Upload

July 12th, 2007

Application: WordPress
Affected Version: WordPress version <= 2.2 or WordPress MU <= 1.2.2.
Vendor’s URL: http://www.wordpress.org/
Bug Type: Access Bypass
Risk Level: Critical

Solution:
- Update to WordPress 2.2.1 or WordPress MU 1.2.3.

Access Bypass, Content Management

Joomla Mod_Forum Component Remote File Inclusion

July 7th, 2007

Application: Joomla/Mambo component, com_forum com_forum 0
Vendor’s URL: Joomla & Mambo
Bug Type: File Inclusion
Risk Level: High

Solution:
Best practice for user is disable the component until the update of the component with latest version is available and deployed.

Content Management, File Inclusion

Wrapper.PHP for OsCommerce Local File Include Vulnerability

July 7th, 2007
Comments Off

Application: OsCommerce 0
Vendor’s URL: http://www.oscommerce.com/
Bug Type: File Inclusion
Risk Level: High

Solution:
User must upgrade or migrate to latest version of OsCommerce.

Applications, E-Commerce, File Inclusion, Vulnerabilities