Application: Tikiwiki
Affected Version: Tikiwiki 1.x
Vendor’s URL: Application download page
Bug Type: Cross Site Scripting
Risk Level: Critical
Solution:
Update to version 1.9.9.
Archive for December, 2007
SineCms SQL Injection and Script Insertion
Published by December 28th, 2007 in Cross Site Scripting and SQL Injection.Application: SineCms
Affected Version: SineCms 2.x
Vendor’s URL: Module download page
Bug Type: Cross Site Scripting
Risk Level: Critical
Solution:
Update to version 2.2.6 of the Guestbook module and version 2.2.4 of the Calendar module.
Drupal Shoutbox Module Script Insertion Vulnerabilities
Published by December 28th, 2007 in Cross Site Scripting.Application: Drupal Shoutbox Module
Affected Version: Drupal Shoutbox Module 5.x
Vendor’s URL: Module download page
Bug Type: Cross Site Scripting
Risk Level: Low
Solution:
Update to version 5.x-1.1.
Application: vbDrupal
Affected Version: vbDrupal 4.x / 5.x
Vendor’s URL: Application download page
Bug Type: SQL Injection
Risk Level: High
Solution:
Update to version 4.7.9.0 or 5.4.0.
Application: wpQuiz
Affected Version: wpQuiz 2.x
Vendor’s URL: Application download page
Bug Type: SQL Injection
Risk Level: High
Solution:
Consult the developer for proper action.
Application: vBTube (module for vBulletin)
Affected Version: vBTube 1.x
Vendor’s URL: Application page
Bug Type: Cross Site Scripting
Risk Level: Low
Solution:
Consult the developer for proper action.
Application: PHP_CON
Affected Version: PHP_CON 1.x
Vendor’s URL: Application download page
Bug Type: Exposure of system /sensitive information
Risk Level: High
Solution:
Consult the developer for proper action.
Application: Charray’s CMS
Affected Version: Charray’s CMS 0.x
Vendor’s URL: Application download page
Bug Type: SQL Injection
Risk Level: Low
Solution:
Consult the developer for proper action.
Application: VU Case Manager
Affected Version: VU Case Manager 3.x
Vendor’s URL: Application download page
Bug Type: SQL Injection
Risk Level: High
Solution:
Consult the developer for proper action.
Application: DevMass Shopping Cart
Affected Version: DevMass Shopping Cart 1.x
Vendor’s URL: Application download page
Bug Type: Exposure of system / sensitive information
Risk Level: High
Solution:
Edit the source code or consult to developer.
Application: Content Injector
Affected Version: Content Injector 1.x
Vendor’s URL: Application download page
Bug Type: SQL Injection
Risk Level: Low
Solution:
Update to version 1.53 or latest.
Application: PHPKIT
Affected Version: PHPKIT 1.x
Vendor’s URL: Application site
Bug Type: Manipulation of data
Risk Level: High
Solution:
Edit the source code to ensure that input is sanitised or consult with provider for proper action.
SimpleForum “searchkey” Cross-Site Scripting Vulnerability
Published by December 28th, 2007 in Cross Site Scripting.Application: SimpleForum
Affected Version: SimpleForum 4.x
Vendor’s URL: Application site
Bug Type: Cross Site Scripting
Risk Level: Low
Solution:
Edit the source code or consult to developer.
Application: mBlog
Affected Version: mBlog 1.x
Vendor’s URL: Application download site
Bug Type: Exposure of sensitive and system information
Risk Level: Critical
Solution:
Edit the source code to ensure that input is sanitised or consult with provider for proper action.
NmnNewsletter “output” File Inclusion Vulnerability
Published by December 28th, 2007 in File Inclusion.Application: NmnNewsletter
Affected Version: NmnNewsletter 1.x
Vendor’s URL: Application site
Bug Type: File Inclusion
Risk Level: High
Solution:
Edit the source code or consult to developer.
Application: Limbo
Affected Version: Limbo 1.x
Vendor’s URL: Application site
Bug Type: Cross Site Scripting
Risk Level: Critical
Solution:
Edit the source code to ensure that input is sanitised or consult with provider for proper action.
Gallery Multiple Vulnerabilities
Published by December 28th, 2007 in Access Bypass and Cross Site Scripting.Application: Gallery
Affected Version: Gallery 2.x
Vendor’s URL: Application site
Bug Type: Exposure of sensitive information, Cross Site Scripting, Security Bypass
Risk Level: Critical
Solution:
Update to version 2.2.4.
Application: MailMachinePRO
Affected Version: MailMachinePRO 2.x
Vendor’s URL: MailMachinePRO site
Bug Type: Exposure of sensitive information, manipulation of data
Risk Level: Critical
Solution:
Edit the source code to ensure that input is sanitised or consult with provider for proper action.
*Update - User are advise to update the version of MailMachinePRO to Version 2.2.6 .
PMOS Help Desk PHP Code Execution and Security Bypass
Published by December 28th, 2007 in Access Bypass and Cross Site Scripting.Application: PMOS Help Desk
Affected Version: PMOS Help Desk 2.x
Vendor’s URL: Application site
Bug Type: Cross Site Scripting, System bypass
Risk Level: Critical
Solution:
Consult with provider for proper action.
Dokeos “My productions” File Upload and Cross-Site Scripting Vulnerabilities
Published by December 28th, 2007 in Access Bypass and Cross Site Scripting.Application: Dokeos
Affected Version: Dokeos 1.x
Vendor’s URL: Application site
Bug Type: Cross Site Scripting, System bypass
Risk Level: Critical
Solution:
Edit the source code to ensure that input is sanitised or consult with provider for proper action.
