Categories

Applications (151)
Blogs (3)
Content Management (101)
Customer Relationship (2)
Discussion Boards (19)
E-Commerce (8)
General Purpose Directories (1)
Image Galleries (15)
Mailing Lists (1)
Tips (3)
Vulnerabilities (249)
Access Bypass (42)
Cross Site Scripting (94)
Denial Of Service (2)
File Inclusion (40)
Information Disclosure (13)
Privilege Escalation (2)
Remote Command Execution (12)
Session Hijacking (1)
SQL Injection (84)

Archive for August, 2007

Coppermine Photo Gallery YABBSE.INC.PHP Remote File Include Vulnerability

Published by KM Chow August 30th, 2007 in Applications, File Inclusion, Image Galleries and Vulnerabilities.

Application Affected :
Coppermine Photo Gallery 1.4
Coppermine Photo Gallery 1.3.4
Coppermine Photo Gallery 1.3.3
Coppermine Photo Gallery 1.3.2
Coppermine Photo Gallery 1.3.1

Vendor’s URL: CopperMine HomePage
Bug Type: Input Validation
Risk Level: Medium

Solution: The fix will be included in newer version of Coppermine Photo Gallery 1.4.2 .

WordPress PHP_Self Cross-Site Scripting Vulnerability

Published by KM Chow August 27th, 2007 in Applications, Blogs and Cross Site Scripting.

Application Affected:
WordPress WordPress 2.1.2
WordPress WordPress 2.1.1
WordPress WordPress 2.0.10
WordPress WordPress 2.0.7
WordPress WordPress 2.0.6
WordPress WordPress 2.0.5
WordPress WordPress 2.0.4
WordPress WordPress 2.0.3
WordPress WordPress 2.0.2
WordPress WordPress 2.0.1
WordPress WordPress 2.0
WordPress WordPress 2.2 Revision 5003
WordPress WordPress 2.2 Revision 5002
WordPress WordPress 2.1.3-RC1
WordPress WordPress 2.1
WordPress WordPress 2.0.10-RC1

Vendor’s URL: WordPress HomePage
Bug Type: Input Validation
Risk Level: Medium

Solution: The fix will be included in newer version of WordPress 2.2.2 .

Joomla SimpleFAQ components SQL Injection

Published by David August 24th, 2007 in SQL Injection.

Application: Joomla
Affected Version: Joomla component [SimpleFAQ 2.40]
Vendor’s URL: http://forum.joomla.org/
Bug Type: SQL Injection
Risk Level: Medium

Solution: Edit the source code of components or contact to developer for latest update.

WordPress Pool Theme Url XSS

Published by David August 24th, 2007 in Cross Site Scripting.

Application: WordPress
Affected Version: WordPress Pool Theme 1.0.7
Vendor’s URL: http://www.lamateporunyogur.net/pool
Bug Type: Url Cross Site Scripting
Risk Level: Low

Solution: Edit the source code of theme, change to another theme or contact to theme developer for latest fix version.

Drupal Modules Access Bypass

Published by David August 24th, 2007 in Access Bypass.

Application: Drupal
Affected Version:
* Project module 5.x-1.0, 4.7.x-2.3, and 4.7.x-1.3
* Project issue tracking module 5.x-1.0, 4.7.x-2.4, and 4.7.x-1.4
Vendor’s URL: http://drupal.org/
Bug Type: Access bypass
Risk Level: Medium

Solution:
- Update the version of Project module and Project issue tracking module accordingly.
http://drupal.org/node/168760

Drupal Content Construction Kit Nodereference Module XSS

Published by David August 17th, 2007 in Cross Site Scripting.

Application: Drupal
Affected Version: Content Construction Kit (CCK) (third-party module) 4.7.x, 5.x
Vendor’s URL: http://drupal.org/
Bug Type: Cross site Scripts Injection
Risk Level: Critical

Solution:
- Install the latest CCK release corresponding to your Drupal version :
* CCK 4.7.x-1.6.
* CCK 5.x-1.6.

Remote command execution in Joomla! CMS

Published by David August 17th, 2007 in Remote Command Execution.

Application: Joomla
Affected Version: 1.5 beta 2
Vendor’s URL: http://www.joomla.org/
Bug Type: Command Execution
Risk Level: Medium

Solution:
Upgrade to latest stable version 1.5 RC immediately which fixed the issue!

About

You are currently browsing the Exabytes Security Portal weblog archives for the month August, 2007.

Longer entries are truncated. Click the headline of an entry to read it in its entirety.

Subscribe

Latest

Archives



Valid XHTML 1.0 Transitional