Application: Joomla
Affected Version: 1.5 or other versions may be affected
Vendor’s URL: http://joomlander.net/
Bug Type: SQL Injection
Risk Level: Medium

Solution:
Disable the component, remove it from directory and wait for updates or patches from vendor

Content Management, SQL Injection

Application: PHPBB
Affected Version: 1.0.0 or other versions may be affected
Vendor’s URL: SupaNav
Bug Type: File Inclusion
Risk Level: Critical

Solution:
- Edit the source code to make sure input is properly verified
- Update to version 1.1.1

Discussion Boards, File Inclusion

Application: Drupal
Affected Version: 4.7.0 and 5.x-1.1 or other versions may be affected
Vendor’s URL: http://drupal.org/
Bug Type: Access Bypass
Risk Level: Medium

Solution:
- Update Print to version 4.7.x-1.0.

Access Bypass, Content Management

Application: Zen Cart
Affected Version: 1.3.7 or other versions may be affected
Vendor’s URL: http://www.zencart.com/
Bug Type: Session Hijacking
Risk Level: Medium

Solution:
- Update to zen-cart-v1.3.7-full-patched-07012007

E-Commerce, Session Hijacking

Application: Wordpress
Affected Version: Wordpress version <= 2.2 or WordPress MU <= 1.2.2.
Vendor’s URL: http://www.wordpress.org/
Bug Type: Access Bypass
Risk Level: Critical

Solution:
- Update to WordPress 2.2.1 or WordPress MU 1.2.3.

Access Bypass, Content Management

Application: Joomla/Mambo component, com_forum com_forum 0
Vendor’s URL: Joomla & Mambo
Bug Type: File Inclusion
Risk Level: High

Solution:
Best practice for user is disable the component until the update of the component with latest version is available and deployed.

Content Management, File Inclusion

Application: OsCommerce 0
Vendor’s URL: http://www.oscommerce.com/
Bug Type: File Inclusion
Risk Level: High

Solution:
User must upgrade or migrate to latest version of OsCommerce.

Applications, E-Commerce, File Inclusion, Vulnerabilities