Application: Joomla astatsPRO Component
Affected Version: 1.0.1 and other versions.
Vendor’s URL: Joomla astatsPRO Component
Bug Type: SQL Injection
Risk Level: Medium

Solution:
Edit the source code to ensure that input is properly sanitized.

Content Management, SQL Injection

Application: PunBB
Affected Version: 1.2.16 and other versions.
Vendor’s URL: http://www.punbb.org/
Bug Type: Cross Site Scripting
Risk Level: Medium

Solution:
Update to version 1.2.17.

Cross Site Scripting, Discussion Boards

Application: Joomla hwdVideoShare Component
Affected Version: version 1.1.3 and other versions.
Vendor’s URL: Joomla hwdVideoShare Component
Bug Type: SQL Injection
Risk Level: Critical

Solution:
Edit the source code to ensure that input is properly sanitized.

Content Management, SQL Injection

Application: WordPress WP Photo Album Plugin
Affected Version: 1.0 and prior versions.
Vendor’s URL: http://me.mywebsight.ws/web/wppa/
Bug Type: SQL Injection
Risk Level: Critical

Solution:
Update to version 1.1.

Content Management, SQL Injection

Application: AuraCMS
Affected Version: 2.2.1 and other versions.
Vendor’s URL: http://www.auracms.org/
Bug Type: SQL Injection
Risk Level: Critical

Solution:
Apply the “Update Gallery” patch.

Content Management, SQL Injection

Application: Drupal Header Image Module
Affected Version: Prior to 5.x-1.1.
Vendor’s URL: http://drupal.org/project/headerimage
Bug Type: Access Bypass
Risk Level: Medium

Solution:
Update to version 5.x-1.1.

Access Bypass, Content Management

Application: freePHPgallery
Affected Version: 0.6 and other versions.
Vendor’s URL: http://freephpgallery.mbod.net/
Bug Type: File inclusion
Risk Level: Critical

Solution:
Update to version 0.6.1.

File Inclusion, Image Galleries

Application: WordPress Search Unleashed Plugin
Affected Version: version 0.2.10.
Vendor’s URL: http://urbangiraffe.com/plugins/search-unleashed/
Bug Type: Cross Site Scripting
Risk Level: Medium

Solution:
Will be fixed in version 0.2.11.

Content Management, Cross Site Scripting

Application: Joomla! mediaslide Component
Affected Version: 0.5 and other versions.
Vendor’s URL: http://www.kimwoodward.com/downloads.php
Bug Type: SQL Injection
Risk Level: Critical

Solution:
Edit the source code to ensure that input is properly sanitized.

Content Management, SQL Injection

Application: Joomla! McQuiz Component
Affected Version: 0.9 Final and other versions.
Vendor’s URL: http://www.mcquizcomponent.com/
Bug Type: SQL Injection
Risk Level: Critical

Solution:
Edit the source code to ensure that input is properly sanitized.

Content Management, SQL Injection

Application: Joomla! Quiz Component
Affected Version: 0.81 and other versions.
Vendor’s URL: Joomla! Quiz Component
Bug Type: SQL Injection
Risk Level: Critical

Solution:
Edit the source code to ensure that input is properly sanitized.

Content Management, SQL Injection

Application: WordPress DMSGuestbook Plugin
Affected Version: 1.8.0 and other versions.
Vendor’s URL: WordPress DMSGuestbook Plugin
Bug Type: Cross Site Scripting
Risk Level: Critical

Solution:
Edit the source code to ensure that input is properly sanitized.

Content Management, Cross Site Scripting

Application: WordPress MU
Affected Version: 1.3.1 and other versions.
Vendor’s URL: http://mu.wordpress.org/
Bug Type: Access Bypass
Risk Level: Critical

Solution:
Update to version 1.3.2 or later.

Access Bypass, Content Management

Application: WordPress
Affected Version: 2.3.2 and other versions.
Vendor’s URL: http://wordpress.org/
Bug Type: Access Bypass
Risk Level: Medium

Solution:
Update to version 2.3.3.

Access Bypass, Content Management

Application: Webmin / Usermin
Affected Version: Webmin version 1.390, Usermin version 1.320 and other versions.
Vendor’s URL: http://www.webmin.com/
Bug Type: Cross Site Scripting
Risk Level: Medium

Solution:
Update to Webmin 1.400 or Usermin 1.330.

Cross Site Scripting

Application: PacerCMS
Affected Version: 0.6.2 and other versions.
Vendor’s URL: http://pacercms.sourceforge.net/
Bug Type: Remote Code Execution
Risk Level: Critical

Solution:
Edit the source code to ensure that input is properly sanitized.

Content Management, Remote Command Execution

Application: Joomla! XML-RPC / Blogger API
Affected Version: 1.5 and other versions.
Vendor’s URL: http://www.joomla.org/
Bug Type: Manipulation of data
Risk Level: Medium

Solution:
Update to version 1.5.1.

Content Management

Application: Simple Machines Forum SMF
Affected Version: 1.16b and other versions.
Vendor’s URL: Simple Machines Forum SMF
Bug Type: Cross Site Scripting
Risk Level: Medium

Solution:
Edit the source code to ensure that input is properly sanitized.

Cross Site Scripting, Discussion Boards

Application: Joomla! Rapid Recipe Component
Affected Version: 1.6.5 and other versions.
Vendor’s URL: Joomla! Rapid Recipe Component
Bug Type: SQL Injection
Risk Level: Critical

Solution:
Update to version 1.6.7.

Content Management, SQL Injection

Application: WordPress
Affected Version: 2.2 and other versions.
Vendor’s URL: WordPress WP-Footnotes Plugin
Bug Type: Cross Site Scripting
Risk Level: Medium

Solution:
Edit the source code to ensure that input is properly sanitized.

Content Management, Cross Site Scripting