TikiWiki Multiple Vulnerabilities
December 28th, 2007
Application: Tikiwiki
Affected Version: Tikiwiki 1.x
Vendor’s URL: Application download page
Bug Type: Cross Site Scripting
Risk Level: Critical
Solution:
Update to version 1.9.9.
Archive
Archive for December, 2007
SineCms SQL Injection and Script Insertion
December 28th, 2007
Application: SineCms
Affected Version: SineCms 2.x
Vendor’s URL: Module download page
Bug Type: Cross Site Scripting
Risk Level: Critical
Solution:
Update to version 2.2.6 of the Guestbook module and version 2.2.4 of the Calendar module.
Drupal Shoutbox Module Script Insertion Vulnerabilities
December 28th, 2007
Application: Drupal Shoutbox Module
Affected Version: Drupal Shoutbox Module 5.x
Vendor’s URL: Module download page
Bug Type: Cross Site Scripting
Risk Level: Low
Solution:
Update to version 5.x-1.1.
vbDrupal SQL Injection
December 28th, 2007
Application: vbDrupal
Affected Version: vbDrupal 4.x / 5.x
Vendor’s URL: Application download page
Bug Type: SQL Injection
Risk Level: High
Solution:
Update to version 4.7.9.0 or 5.4.0.
wpQuiz Two SQL Injection Vulnerabilities
December 28th, 2007
Application: wpQuiz
Affected Version: wpQuiz 2.x
Vendor’s URL: Application download page
Bug Type: SQL Injection
Risk Level: High
Solution:
Consult the developer for proper action.
vBTube Cross-Site Scripting Vulnerability
December 28th, 2007
Application: vBTube (module for vBulletin)
Affected Version: vBTube 1.x
Vendor’s URL: Application page
Bug Type: Cross Site Scripting
Risk Level: Low
Solution:
Consult the developer for proper action.
PHP_CON File Inclusion
December 28th, 2007
Application: PHP_CON
Affected Version: PHP_CON 1.x
Vendor’s URL: Application download page
Bug Type: Exposure of system /sensitive information
Risk Level: High
Solution:
Consult the developer for proper action.
Charray’s CMS File Inclusion
December 28th, 2007
Application: Charray’s CMS
Affected Version: Charray’s CMS 0.x
Vendor’s URL: Application download page
Bug Type: SQL Injection
Risk Level: Low
Solution:
Consult the developer for proper action.
VU Case Manager SQL Injection Vulnerabilities
December 28th, 2007
Application: VU Case Manager
Affected Version: VU Case Manager 3.x
Vendor’s URL: Application download page
Bug Type: SQL Injection
Risk Level: High
Solution:
Consult the developer for proper action.
DevMass Shopping Cart File Inclusion
December 28th, 2007
Application: DevMass Shopping Cart
Affected Version: DevMass Shopping Cart 1.x
Vendor’s URL: Application download page
Bug Type: Exposure of system / sensitive information
Risk Level: High
Solution:
Edit the source code or consult to developer.
Content Injector SQL Injection Vulnerability
December 28th, 2007
Application: Content Injector
Affected Version: Content Injector 1.x
Vendor’s URL: Application download page
Bug Type: SQL Injection
Risk Level: Low
Solution:
Update to version 1.53 or latest.
PHPKIT SQL Injection Vulnerability
December 28th, 2007
Application: PHPKIT
Affected Version: PHPKIT 1.x
Vendor’s URL: Application site
Bug Type: Manipulation of data
Risk Level: High
Solution:
Edit the source code to ensure that input is sanitised or consult with provider for proper action.
SimpleForum “searchkey” Cross-Site Scripting Vulnerability
December 28th, 2007
Application: SimpleForum
Affected Version: SimpleForum 4.x
Vendor’s URL: Application site
Bug Type: Cross Site Scripting
Risk Level: Low
Solution:
Edit the source code or consult to developer.
mBlog File Inclusion Vulnerability
December 28th, 2007
Application: mBlog
Affected Version: mBlog 1.x
Vendor’s URL: Application download site
Bug Type: Exposure of sensitive and system information
Risk Level: Critical
Solution:
Edit the source code to ensure that input is sanitised or consult with provider for proper action.
NmnNewsletter “output” File Inclusion Vulnerability
December 28th, 2007
Application: NmnNewsletter
Affected Version: NmnNewsletter 1.x
Vendor’s URL: Application site
Bug Type: File Inclusion
Risk Level: High
Solution:
Edit the source code or consult to developer.
Limbo “com_option” Cross-Site Scripting
December 28th, 2007
Application: Limbo
Affected Version: Limbo 1.x
Vendor’s URL: Application site
Bug Type: Cross Site Scripting
Risk Level: Critical
Solution:
Edit the source code to ensure that input is sanitised or consult with provider for proper action.
Gallery Multiple Vulnerabilities
December 28th, 2007
Application: Gallery
Affected Version: Gallery 2.x
Vendor’s URL: Application site
Bug Type: Exposure of sensitive information, Cross Site Scripting, Security Bypass
Risk Level: Critical
Solution:
Update to version 2.2.4.
MailMachinePRO “id” SQL Injection Vulnerability
December 28th, 2007
Application: MailMachinePRO
Affected Version: MailMachinePRO 2.x
Vendor’s URL: MailMachinePRO site
Bug Type: Exposure of sensitive information, manipulation of data
Risk Level: Critical
Solution:
Edit the source code to ensure that input is sanitised or consult with provider for proper action.
*Update – User are advise to update the version of MailMachinePRO to Version 2.2.6 .
PMOS Help Desk PHP Code Execution and Security Bypass
December 28th, 2007
Application: PMOS Help Desk
Affected Version: PMOS Help Desk 2.x
Vendor’s URL: Application site
Bug Type: Cross Site Scripting, System bypass
Risk Level: Critical
Solution:
Consult with provider for proper action.
Dokeos “My productions” File Upload and Cross-Site Scripting Vulnerabilities
December 28th, 2007
Application: Dokeos
Affected Version: Dokeos 1.x
Vendor’s URL: Application site
Bug Type: Cross Site Scripting, System bypass
Risk Level: Critical
Solution:
Edit the source code to ensure that input is sanitised or consult with provider for proper action.