2007 October archive - Exabytes Security Portal

Archive for October, 2007

Drupal Token Module Script Insertion Vulnerability

Published by David October 23rd, 2007 in Cross Site Scripting.

Application: Drupal
Affected Version: Drupal Token 4.x / 5.x
Vendor’s URL: Module download site
Bug Type: Cross Site Scripting.
Risk Level: Low

Solution:
Update to version 4.7.x-1.5 or 5.x-1.9 or latest version.

Artmedic CMS ‘page’ Local File Inclusion

Published by David October 23rd, 2007 in File Inclusion.

Application: Artmedic CMS
Affected Version: Artmedic CMS 3.x
Vendor’s URL: Application download site
Bug Type: Exposure of system and sensitive information.
Risk Level: Critical

Solution:
Edit the source code or contact the developer.

RunCms newbb_plus Vulnerability

Published by David October 23rd, 2007 in Vulnerabilities.

Application: RunCms
Affected Version: RunCms 1.5.2
Vendor’s URL: Application download site
Bug Type: Unknown error been detected.
Risk Level: Critical

Solution:
Update to version 1.5.3 or higher.

LiveAlbum ‘livealbum_dir’ File Inclusion Vulnerability

Published by David October 23rd, 2007 in File Inclusion.

Application: LiveAlbum
Affected Version: LiveAlbum 0.9.1
Vendor’s URL: Application download site
Bug Type: Exposure of system and sensitive information.
Risk Level: Critical

Solution:
Edit the source code or contact to developer.

Stuffed Tracker ‘GLink’ Cross-Site Scripting Vulnerability

Published by David October 23rd, 2007 in Cross Site Scripting.

Application: Stuffed Tracker
Affected Version: Stuffed Tracker 2.x
Vendor’s URL: Application download site
Bug Type: Cross Site Scripting.
Risk Level: Low

Solution:
Edit the source code or contact to developer.

Minki Cross-Site Scripting Vulnerability

Published by David October 23rd, 2007 in Cross Site Scripting.

Application: Minki
Affected Version: Minki 1.x
Vendor’s URL: Application download site
Bug Type: Cross Site Scripting.
Risk Level: Low

Solution:
Edit the source code or contact to developer.

DbList ‘dblisttest.asp’ Multiple Cross-Site Scripting

Published by David October 23rd, 2007 in Cross Site Scripting.

Application: DbList
Affected Version: DbList 8.x
Vendor’s URL: Application download site
Bug Type: Cross Site Scripting.
Risk Level: Critical

Solution:
Edit the source code or contact to developer.

DRBGuestbook ‘action’ Cross-Site Scripting Vulnerability

Published by David October 23rd, 2007 in Cross Site Scripting.

Application: DRBGuestbook
Affected Version: DRBGuestbook 1.x
Vendor’s URL: Application download site
Bug Type: Cross Site Scripting.
Risk Level: Low

Solution:
Update to version 1.1.14 or higher version.

Drupal Project Issue Tracking Module Subscription Form Script Insertion

Published by David October 23rd, 2007 in Cross Site Scripting.

Application: Drupal
Affected Version: Drupal Project Issue Tracking Module 4.x / 5.x
Vendor’s URL: Module download site
Bug Type: Cross Site Scripting.
Risk Level: Low

Solution:
Update to version 4.7.x-1.5, 4.7.x-2.5, or 5.x-1.1.

Original Photo Gallery ‘exif_prog’ Arbitrary Command Execution

Published by David October 23rd, 2007 in Access Bypass and Remote Command Execution.

Application: Original Photo Gallery
Affected Version: Original Photo Gallery 0.11.2 and prior version
Vendor’s URL: Application download site
Bug Type: System access bypass remotely.
Risk Level: Critical

Solution:
Update to version 0.11.3.

PHP-Nuke Dance Music Module Local File Inclusion

Published by David October 23rd, 2007 in File Inclusion.

Application: PHP-Nuke
Affected Version: PHP-Nuke Dance Music Module
Vendor’s URL: Module download site
Bug Type: Exposure of system and sensitive information.
Risk Level: Critical

Solution:
Edit the source code or contact module developer.

SimpGB Multiple Vulberabilities

Published by David October 22nd, 2007 in Access Bypass and Cross Site Scripting.

Application: SimpGB
Affected Version: SimpGB 1.x
Vendor’s URL: Application download site
Bug Type: Cross Site Scripting, Security Bypass and Exposure of sensitive information.
Risk Level: High

Solution:
Update to latest version.

Simple PHP Blog XSS and File Upload Vulnerabilities

Published by David October 21st, 2007 in Cross Site Scripting.

Application: Simple PHP Blog
Affected Version: Simple PHP Blog 0.x
Vendor’s URL: Application download site
Bug Type: Cross Site Scripting.
Risk Level: Critical

Solution:
Update to version 0.5.1.

phpBB2 Plus ‘phpbb_root_path’ Multiple File Inclusion

Published by David October 21st, 2007 in File Inclusion.

Application: phpBB2
Affected Version: phpBB2 Plus 1.x
Vendor’s URL: Application download site
Bug Type: Exposure of system and sensitive information.
Risk Level: High

Solution:
Update to version 1.53a released.

Wordsmith File Inclusion

Published by David October 21st, 2007 in File Inclusion.

Application: Wordsmith
Affected Version: Wordsmith 1.x
Vendor’s URL: Application download site
Bug Type: Exposure of system and sensitive information.
Risk Level: High

Solution:
Edit the source code or contact to developer.

CMS Made Simple Multiple Vulnerabilities

Published by David October 21st, 2007 in Access Bypass and Cross Site Scripting.

Application: CMS Made Simple
Affected Version: CMS Made Simple 1.x
Vendor’s URL: Application download site
Bug Type: Exposure of system information and Cross Site Scripting
Risk Level: High

Solution:
Update to version 1.1.4.1 .

PHP-Nuke Nuke Mobile Entertainment Module Local File Inclusion

Published by David October 21st, 2007 in File Inclusion.

Application: Php-Nuke
Affected Version: PHP-Nuke Nuke Mobile Entertainment Module
Vendor’s URL: Module download site
Bug Type: Exposure system and sensitive information
Risk Level: Low

Solution:
Edit the source code or contact to developer.

PhpGedView Multiple XSS Vulnerabilities

Published by David October 21st, 2007 in Cross Site Scripting.

Application: PhpGedView
Affected Version: PhpGedView 4.x
Vendor’s URL: Application download site
Bug Type: Cross Site Scripting
Risk Level: Low

Solution:
Edit the source code or contact to developer.

Phormer Mulitple Cross Site Scripting

Published by David October 21st, 2007 in Cross Site Scripting.

Application: Phormer
Affected Version: Phormer 3.x
Vendor’s URL: Application download site
Bug Type: Cross Site Scripting
Risk Level: Low

Solution:
Edit the source code or contact to developer.

OneCMS ‘abc’ SQL Injection

Published by David October 21st, 2007 in SQL Injection.

Application: OneCMS
Affected Version: OneCMS 2.x
Vendor’s URL: Application download site
Bug Type: SQL Injection
Risk Level: Critical

Solution:
Edit the source code or contact to developer.

Exabytes Security Portal

Categories

Archive for October, 2007

Drupal Token Module Script Insertion Vulnerability

Artmedic CMS ‘page’ Local File Inclusion

RunCms newbb_plus Vulnerability

LiveAlbum ‘livealbum_dir’ File Inclusion Vulnerability

Stuffed Tracker ‘GLink’ Cross-Site Scripting Vulnerability

Minki Cross-Site Scripting Vulnerability

DbList ‘dblisttest.asp’ Multiple Cross-Site Scripting

DRBGuestbook ‘action’ Cross-Site Scripting Vulnerability

Drupal Project Issue Tracking Module Subscription Form Script Insertion

Original Photo Gallery ‘exif_prog’ Arbitrary Command Execution

PHP-Nuke Dance Music Module Local File Inclusion

SimpGB Multiple Vulberabilities

Simple PHP Blog XSS and File Upload Vulnerabilities

phpBB2 Plus ‘phpbb_root_path’ Multiple File Inclusion

Wordsmith File Inclusion

CMS Made Simple Multiple Vulnerabilities

PHP-Nuke Nuke Mobile Entertainment Module Local File Inclusion

PhpGedView Multiple XSS Vulnerabilities

Phormer Mulitple Cross Site Scripting

OneCMS ‘abc’ SQL Injection

Search

About

Subscribe

Latest

Archives