Categories

Applications (151)
Blogs (3)
Content Management (101)
Customer Relationship (2)
Discussion Boards (19)
E-Commerce (8)
General Purpose Directories (1)
Image Galleries (15)
Mailing Lists (1)
Tips (3)
Vulnerabilities (249)
Access Bypass (42)
Cross Site Scripting (94)
Denial Of Service (2)
File Inclusion (40)
Information Disclosure (13)
Privilege Escalation (2)
Remote Command Execution (12)
Session Hijacking (1)
SQL Injection (84)

Archive for July, 2007

Joomla Component Pony Gallery SQL Injection

Published by TL Guan July 30th, 2007 in Content Management and SQL Injection.

Application: Joomla
Affected Version: 1.5 or other versions may be affected
Vendor’s URL: http://joomlander.net/
Bug Type: SQL Injection
Risk Level: Medium

Solution:
Disable the component, remove it from directory and wait for updates or patches from vendor

phpBB SupaNav Module File Inclusion

Published by TL Guan July 20th, 2007 in Discussion Boards and File Inclusion.

Application: PHPBB
Affected Version: 1.0.0 or other versions may be affected
Vendor’s URL: SupaNav
Bug Type: File Inclusion
Risk Level: Critical

Solution:
- Edit the source code to make sure input is properly verified
- Update to version 1.1.1

Drupal Access Restriction Bypass

Published by TL Guan July 20th, 2007 in Access Bypass and Content Management.

Application: Drupal
Affected Version: 4.7.0 and 5.x-1.1 or other versions may be affected
Vendor’s URL: http://drupal.org/
Bug Type: Access Bypass
Risk Level: Medium

Solution:
- Update Print to version 4.7.x-1.0.

Zen Cart Vulnerability

Published by TL Guan July 20th, 2007 in E-Commerce and Session Hijacking.

Application: Zen Cart
Affected Version: 1.3.7 or other versions may be affected
Vendor’s URL: http://www.zencart.com/
Bug Type: Session Hijacking
Risk Level: Medium

Solution:
- Update to zen-cart-v1.3.7-full-patched-07012007

WordPress Custom Field PHP Script Upload

Published by TL Guan July 12th, 2007 in Access Bypass and Content Management.

Application: Wordpress
Affected Version: Wordpress version <= 2.2 or WordPress MU <= 1.2.2.
Vendor’s URL: http://www.wordpress.org/
Bug Type: Access Bypass
Risk Level: Critical

Solution:
- Update to WordPress 2.2.1 or WordPress MU 1.2.3.

Joomla Mod_Forum Component Remote File Inclusion

Published by KM Chow July 7th, 2007 in Content Management and File Inclusion.

Application: Joomla/Mambo component, com_forum com_forum 0
Vendor’s URL: Joomla & Mambo
Bug Type: File Inclusion
Risk Level: High

Solution:
Best practice for user is disable the component until the update of the component with latest version is available and deployed.

Wrapper.PHP for OsCommerce Local File Include Vulnerability

Published by KM Chow July 7th, 2007 in Applications, E-Commerce, File Inclusion and Vulnerabilities.

Application: OsCommerce 0
Vendor’s URL: http://www.oscommerce.com/
Bug Type: File Inclusion
Risk Level: High

Solution:
User must upgrade or migrate to latest version of OsCommerce.

About

You are currently browsing the Exabytes Security Portal weblog archives for the month July, 2007.

Longer entries are truncated. Click the headline of an entry to read it in its entirety.

Subscribe

Latest

Archives



Valid XHTML 1.0 Transitional