Joomla Joomla!12Pictures Component File Inclusion
Application: Joomla
Affected Version: Joomla!12Pictures 1.x
Vendor’s URL: -
Bug Type: Malicious Access
Risk Level: High
Solution:
Edit the source code or look for patch file.
Application: Joomla
Affected Version: Joomla!12Pictures 1.x
Vendor’s URL: -
Bug Type: Malicious Access
Risk Level: High
Solution:
Edit the source code or look for patch file.
Application: Joomla
Affected Version: Joomla!FlashFun 1.x
Vendor’s URL: Jooma!FlashFun Homepage
Bug Type: File Inclusion
Risk Level: High
Solution:
Edit the source code & contact to component developer.
Application: PhpBB
Affected Version: Styles Demo Module 1.x
Vendor’s URL: PhpBB Homepage
Bug Type: SQL Injection & Cross Site Scripting
Risk Level: Critical
Solution:
Edit the source code & contact to developer.
Application: Joomla
Affected Version: Nice Talk 0.x.
Vendor’s URL: Nice Talk Homepage
Bug Type: SQL Injection Attacks
Risk Level: Critical
Solution:
- Edit the source code and ensure the input is sanitised.
Application: Joomla
Affected Version: NeoRecruit 1.x
Vendor’s URL: NeoRecruit DownloadPage
Bug Type: SQL Injection Attack
Risk Level: Critical
Solution:
Update to version 1.4.1.
Application: MediaWiki
Affected Version:
MediaWiki 1.11 < = 1.11.0rc1
MediaWiki 1.10 <= 1.10.1
MediaWiki 1.9 <= 1.9.3
MediaWiki 1.8 <= 1.8.4 (if $wgEnableAPI has been switched on)
Vendor’s URL: MediaWiki HomePage
Bug Type: Cross Site Scripting
Risk Level: Medium
Solution:
Update to version 1.11.0, 1.10.2, 1.9.4, or 1.8.5.
Application: Joomla
Affected Version: Restaurante 1.x
Vendor’s URL: Restaurante DownloadPage
Bug Type: Malicious file upload cause script exploit
Risk Level: High
Solution:
Update to latest version.
Application: WordPress
Affected Version: WordPress 2.x & WordPress MU 1.x
Vendor’s URL: WordPress HomePage
Bug Type: Script Insertion and SQL Injection
Risk Level: Critical
Solution:
Update to WordPress version 2.2.3 & WordPress MU version 1.2.5a.
Application: Invision Power Board
Affected Version: 2.x
Vendor’s URL: Invision Power Board HomePage
Bug Type: Security bypass & Cross site scripting
Risk Level: Medium
Solution:
Download the latest version.
Apply the patch from vendor by refer instruction given.
Application: Joomla
Affected Version: Joomlaradio 5.x & other version might affected
Vendor’s URL: -
Bug Type: File Inclusion
Risk Level: Critical
Solution:
Edit the source code or consult vendor.
Application: TinyWebGallery
Affected Version: 1.6.3.4 & other version
Vendor’s URL: TinyWebGallery HomePage
Bug Type: Remotely Cross Site Scripting
Risk Level: Medium
Solution:
Edit the source code or consult to application developer.
Application: Coppermine
Affected Version: 1.4.12 and prior version
Vendor’s URL: http://coppermine-gallery.net/
Bug Type: Cross Site Scripting & Exposure of system information
Risk Level: Medium
Solution:
Update to version 1.4.13.
Application: Mambo
Affected Version: 3.42
Vendor’s URL: http://www.mamboportal.com/
Bug Type: Scripts Insertion Attacks
Risk Level: Medium
Solution:
Edit the source code of components or contact to developer for latest update.