Archive

Archive for December, 2007

TikiWiki Multiple Vulnerabilities

December 28th, 2007
No comments

Application: Tikiwiki
Affected Version: Tikiwiki 1.x
Vendor’s URL: Application download page
Bug Type: Cross Site Scripting
Risk Level: Critical

Solution:
Update to version 1.9.9.

Cross Site Scripting

SineCms SQL Injection and Script Insertion

December 28th, 2007
No comments

Application: SineCms
Affected Version: SineCms 2.x
Vendor’s URL: Module download page
Bug Type: Cross Site Scripting
Risk Level: Critical

Solution:
Update to version 2.2.6 of the Guestbook module and version 2.2.4 of the Calendar module.

Cross Site Scripting, SQL Injection

Drupal Shoutbox Module Script Insertion Vulnerabilities

December 28th, 2007
No comments

Application: Drupal Shoutbox Module
Affected Version: Drupal Shoutbox Module 5.x
Vendor’s URL: Module download page
Bug Type: Cross Site Scripting
Risk Level: Low

Solution:
Update to version 5.x-1.1.

Cross Site Scripting

vbDrupal SQL Injection

December 28th, 2007
No comments

Application: vbDrupal
Affected Version: vbDrupal 4.x / 5.x
Vendor’s URL: Application download page
Bug Type: SQL Injection
Risk Level: High

Solution:
Update to version 4.7.9.0 or 5.4.0.

SQL Injection

wpQuiz Two SQL Injection Vulnerabilities

December 28th, 2007
No comments

Application: wpQuiz
Affected Version: wpQuiz 2.x
Vendor’s URL: Application download page
Bug Type: SQL Injection
Risk Level: High

Solution:
Consult the developer for proper action.

SQL Injection

vBTube Cross-Site Scripting Vulnerability

December 28th, 2007
No comments

Application: vBTube (module for vBulletin)
Affected Version: vBTube 1.x
Vendor’s URL: Application page
Bug Type: Cross Site Scripting
Risk Level: Low

Solution:
Consult the developer for proper action.

Cross Site Scripting

PHP_CON File Inclusion

December 28th, 2007
No comments

Application: PHP_CON
Affected Version: PHP_CON 1.x
Vendor’s URL: Application download page
Bug Type: Exposure of system /sensitive information
Risk Level: High

Solution:
Consult the developer for proper action.

File Inclusion

Charray’s CMS File Inclusion

December 28th, 2007
No comments

Application: Charray’s CMS
Affected Version: Charray’s CMS 0.x
Vendor’s URL: Application download page
Bug Type: SQL Injection
Risk Level: Low

Solution:
Consult the developer for proper action.

File Inclusion

VU Case Manager SQL Injection Vulnerabilities

December 28th, 2007
No comments

Application: VU Case Manager
Affected Version: VU Case Manager 3.x
Vendor’s URL: Application download page
Bug Type: SQL Injection
Risk Level: High

Solution:
Consult the developer for proper action.

SQL Injection

DevMass Shopping Cart File Inclusion

December 28th, 2007
No comments

Application: DevMass Shopping Cart
Affected Version: DevMass Shopping Cart 1.x
Vendor’s URL: Application download page
Bug Type: Exposure of system / sensitive information
Risk Level: High

Solution:
Edit the source code or consult to developer.

File Inclusion

Content Injector SQL Injection Vulnerability

December 28th, 2007
No comments

Application: Content Injector
Affected Version: Content Injector 1.x
Vendor’s URL: Application download page
Bug Type: SQL Injection
Risk Level: Low

Solution:
Update to version 1.53 or latest.

SQL Injection

PHPKIT SQL Injection Vulnerability

December 28th, 2007
No comments

Application: PHPKIT
Affected Version: PHPKIT 1.x
Vendor’s URL: Application site
Bug Type: Manipulation of data
Risk Level: High

Solution:
Edit the source code to ensure that input is sanitised or consult with provider for proper action.

SQL Injection

SimpleForum “searchkey” Cross-Site Scripting Vulnerability

December 28th, 2007
No comments

Application: SimpleForum
Affected Version: SimpleForum 4.x
Vendor’s URL: Application site
Bug Type: Cross Site Scripting
Risk Level: Low

Solution:
Edit the source code or consult to developer.

Cross Site Scripting

mBlog File Inclusion Vulnerability

December 28th, 2007
No comments

Application: mBlog
Affected Version: mBlog 1.x
Vendor’s URL: Application download site
Bug Type: Exposure of sensitive and system information
Risk Level: Critical

Solution:
Edit the source code to ensure that input is sanitised or consult with provider for proper action.

File Inclusion

NmnNewsletter “output” File Inclusion Vulnerability

December 28th, 2007
No comments

Application: NmnNewsletter
Affected Version: NmnNewsletter 1.x
Vendor’s URL: Application site
Bug Type: File Inclusion
Risk Level: High

Solution:
Edit the source code or consult to developer.

File Inclusion

Limbo “com_option” Cross-Site Scripting

December 28th, 2007
No comments

Application: Limbo
Affected Version: Limbo 1.x
Vendor’s URL: Application site
Bug Type: Cross Site Scripting
Risk Level: Critical

Solution:
Edit the source code to ensure that input is sanitised or consult with provider for proper action.

Cross Site Scripting

Gallery Multiple Vulnerabilities

December 28th, 2007
No comments

Application: Gallery
Affected Version: Gallery 2.x
Vendor’s URL: Application site
Bug Type: Exposure of sensitive information, Cross Site Scripting, Security Bypass
Risk Level: Critical

Solution:
Update to version 2.2.4.

Access Bypass, Cross Site Scripting

MailMachinePRO “id” SQL Injection Vulnerability

December 28th, 2007
No comments

Application: MailMachinePRO
Affected Version: MailMachinePRO 2.x
Vendor’s URL: MailMachinePRO site
Bug Type: Exposure of sensitive information, manipulation of data
Risk Level: Critical

Solution:
Edit the source code to ensure that input is sanitised or consult with provider for proper action.
*Update – User are advise to update the version of MailMachinePRO to Version 2.2.6 .

File Inclusion

PMOS Help Desk PHP Code Execution and Security Bypass

December 28th, 2007
No comments

Application: PMOS Help Desk
Affected Version: PMOS Help Desk 2.x
Vendor’s URL: Application site
Bug Type: Cross Site Scripting, System bypass
Risk Level: Critical

Solution:
Consult with provider for proper action.

Access Bypass, Cross Site Scripting

Dokeos “My productions” File Upload and Cross-Site Scripting Vulnerabilities

December 28th, 2007
No comments

Application: Dokeos
Affected Version: Dokeos 1.x
Vendor’s URL: Application site
Bug Type: Cross Site Scripting, System bypass
Risk Level: Critical

Solution:
Edit the source code to ensure that input is sanitised or consult with provider for proper action.

Access Bypass, Cross Site Scripting