TikiWiki Multiple Vulnerabilities
Application: Tikiwiki
Affected Version: Tikiwiki 1.x
Vendor’s URL: Application download page
Bug Type: Cross Site Scripting
Risk Level: Critical
Solution:
Update to version 1.9.9.
Application: Tikiwiki
Affected Version: Tikiwiki 1.x
Vendor’s URL: Application download page
Bug Type: Cross Site Scripting
Risk Level: Critical
Solution:
Update to version 1.9.9.
Application: SineCms
Affected Version: SineCms 2.x
Vendor’s URL: Module download page
Bug Type: Cross Site Scripting
Risk Level: Critical
Solution:
Update to version 2.2.6 of the Guestbook module and version 2.2.4 of the Calendar module.
Application: Drupal Shoutbox Module
Affected Version: Drupal Shoutbox Module 5.x
Vendor’s URL: Module download page
Bug Type: Cross Site Scripting
Risk Level: Low
Solution:
Update to version 5.x-1.1.
Application: vbDrupal
Affected Version: vbDrupal 4.x / 5.x
Vendor’s URL: Application download page
Bug Type: SQL Injection
Risk Level: High
Solution:
Update to version 4.7.9.0 or 5.4.0.
Application: wpQuiz
Affected Version: wpQuiz 2.x
Vendor’s URL: Application download page
Bug Type: SQL Injection
Risk Level: High
Solution:
Consult the developer for proper action.
Application: vBTube (module for vBulletin)
Affected Version: vBTube 1.x
Vendor’s URL: Application page
Bug Type: Cross Site Scripting
Risk Level: Low
Solution:
Consult the developer for proper action.
Application: PHP_CON
Affected Version: PHP_CON 1.x
Vendor’s URL: Application download page
Bug Type: Exposure of system /sensitive information
Risk Level: High
Solution:
Consult the developer for proper action.
Application: Charray’s CMS
Affected Version: Charray’s CMS 0.x
Vendor’s URL: Application download page
Bug Type: SQL Injection
Risk Level: Low
Solution:
Consult the developer for proper action.
Application: VU Case Manager
Affected Version: VU Case Manager 3.x
Vendor’s URL: Application download page
Bug Type: SQL Injection
Risk Level: High
Solution:
Consult the developer for proper action.
Application: DevMass Shopping Cart
Affected Version: DevMass Shopping Cart 1.x
Vendor’s URL: Application download page
Bug Type: Exposure of system / sensitive information
Risk Level: High
Solution:
Edit the source code or consult to developer.
Application: Content Injector
Affected Version: Content Injector 1.x
Vendor’s URL: Application download page
Bug Type: SQL Injection
Risk Level: Low
Solution:
Update to version 1.53 or latest.
Application: PHPKIT
Affected Version: PHPKIT 1.x
Vendor’s URL: Application site
Bug Type: Manipulation of data
Risk Level: High
Solution:
Edit the source code to ensure that input is sanitised or consult with provider for proper action.
Application: SimpleForum
Affected Version: SimpleForum 4.x
Vendor’s URL: Application site
Bug Type: Cross Site Scripting
Risk Level: Low
Solution:
Edit the source code or consult to developer.
Application: mBlog
Affected Version: mBlog 1.x
Vendor’s URL: Application download site
Bug Type: Exposure of sensitive and system information
Risk Level: Critical
Solution:
Edit the source code to ensure that input is sanitised or consult with provider for proper action.
Application: NmnNewsletter
Affected Version: NmnNewsletter 1.x
Vendor’s URL: Application site
Bug Type: File Inclusion
Risk Level: High
Solution:
Edit the source code or consult to developer.
Application: Limbo
Affected Version: Limbo 1.x
Vendor’s URL: Application site
Bug Type: Cross Site Scripting
Risk Level: Critical
Solution:
Edit the source code to ensure that input is sanitised or consult with provider for proper action.
Application: Gallery
Affected Version: Gallery 2.x
Vendor’s URL: Application site
Bug Type: Exposure of sensitive information, Cross Site Scripting, Security Bypass
Risk Level: Critical
Solution:
Update to version 2.2.4.
Application: MailMachinePRO
Affected Version: MailMachinePRO 2.x
Vendor’s URL: MailMachinePRO site
Bug Type: Exposure of sensitive information, manipulation of data
Risk Level: Critical
Solution:
Edit the source code to ensure that input is sanitised or consult with provider for proper action.
*Update – User are advise to update the version of MailMachinePRO to Version 2.2.6 .
Application: PMOS Help Desk
Affected Version: PMOS Help Desk 2.x
Vendor’s URL: Application site
Bug Type: Cross Site Scripting, System bypass
Risk Level: Critical
Solution:
Consult with provider for proper action.
Application: Dokeos
Affected Version: Dokeos 1.x
Vendor’s URL: Application site
Bug Type: Cross Site Scripting, System bypass
Risk Level: Critical
Solution:
Edit the source code to ensure that input is sanitised or consult with provider for proper action.