Application: IceBB
Affected Version: IceBB 1.x
Vendor’s URL: Application site
Bug Type: SQL Injection
Risk Level: Critical
Solution:
Edit the source code or consult with provider for proper action.
Archive for November, 2007
AutoIndex PHP Script “index.php” URL Cross-Site Scripting
Published by November 21st, 2007 in Cross Site Scripting.Application: AutoIndex PHP Script
Affected Version: AutoIndex PHP Script 2.x
Vendor’s URL: Application download site
Bug Type: Cross Site Scripting
Risk Level: Low
Solution:
Update to version 2.2.3.
Eggblog “rss.php” URL Cross-Site Scripting
Published by November 21st, 2007 in Cross Site Scripting.Application: Eggblog
Affected Version: Eggblog 3.x
Vendor’s URL: Application site
Bug Type: Cross-Site Scripting
Risk Level: Critical
Solution:
Update to version 3.1.1.
Coppermine Photo Gallery “data” Cross-Site Scripting
Published by November 21st, 2007 in Cross Site Scripting.Application: Coppermine Photo Gallery
Affected Version: Coppermine Photo Gallery 1.x
Vendor’s URL: Application site
Bug Type: Cross Site Scripting
Risk Level: Low
Solution:
Update to version 1.4.14.
Application: SugarCRM - Module Builder
Affected Version: Module Builder 4.x
Vendor’s URL: Application site
Bug Type: Exposure of sensitive / system information
Risk Level: Critical
Solution:
Update to version 4.5.1.d.
SyndeoCMS “cmsdir” File Inclusion Vulnerability
Published by November 21st, 2007 in Access Bypass and Remote Command Execution.Application: SyndeoCMS
Affected Version: SyndeoCMS 2.x
Vendor’s URL: Application site
Bug Type: Access Bypass
Risk Level: Low
Solution:
Update to version 2.5.01.
Helios Calendar “username” Cross-Site Scripting Vulnerability
Published by November 21st, 2007 in Cross Site Scripting.Application: Helios Calendar
Affected Version: Helios Calendar 1.x
Vendor’s URL: Application site
Bug Type: Cross Site Scripting
Risk Level: Low
Solution:
Apply latest patch provide officially.
NetCommons Cross-Site Scripting Vulnerability
Published by November 21st, 2007 in Cross Site Scripting.Application: NetCommons
Affected Version: NetCommons 1.x
Vendor’s URL: Application site
Bug Type: Cross Site Scripting
Risk Level: Low
Solution:
Update to version 1.0.11 or 1.1.2.
sBlog Cross-Site Request Forgery Vulnerability
Published by November 21st, 2007 in Cross Site Scripting.Application: sBlog
Affected Version: sBlog 0.x
Vendor’s URL: Application download site
Bug Type: Cross Site Scripting
Risk Level: High
Solution:
Contact to provider for proper action.
CONTENTCustomizer “dialog.php” Information Disclosure
Published by November 21st, 2007 in Remote Command Execution.Application: CONTENTCustomizer
Affected Version: CONTENTCustomizer 3.x
Vendor’s URL: Application site
Bug Type: Exposure of sensitive information
Risk Level: Critical
Solution:
Contact to provider for proper action.
PHP-AGTC membership system adduser.php Security Bypass
Published by November 21st, 2007 in Access Bypass.Application: PHP-AGTC
Affected Version: PHP-AGTC 1.x
Vendor’s URL: Application download site
Bug Type: Security Bypass
Risk Level: High
Solution:
Restrict access to adduser.php by .htaccess or contact to provider for proper action.
WordPress “posts_columns” Cross-Site Scripting
Published by November 21st, 2007 in Cross Site Scripting.Application: WordPress
Affected Version: WordPress 2.3
Vendor’s URL: Application download site
Bug Type: Cross Site Scripting
Risk Level: High
Solution:
Update to version 2.3.1.
Application: phpBB
Affected Version: phpBB Multi-Forums 1.x
Vendor’s URL: Software site
Bug Type: SQL injection
Risk Level: Critical
Solution:
Edit the source code or consult software provider for proper action.
Simple PHP Blog Multiple Vulnerabilities
Published by November 21st, 2007 in Access Bypass and Cross Site Scripting.Application: Simple PHP Blog
Affected Version: Simple PHP Blog 0.x
Vendor’s URL: Application download site
Bug Type: Security Bypass, Cross Site Scripting, Exposure of system information.
Risk Level: Critical
Solution:
Consult to application provider for proper action.
CandyPress “msg” Cross-Site Scripting Vulnerability
Published by November 21st, 2007 in Cross Site Scripting.Application: CandyPress
Affected Version: CandyPress 4.x
Vendor’s URL: Software site
Bug Type: Cross Site Scripting
Risk Level: Low
Solution:
Edit the source code or consult software provider.
