Categories

Applications (151)
Blogs (3)
Content Management (101)
Customer Relationship (2)
Discussion Boards (19)
E-Commerce (8)
General Purpose Directories (1)
Image Galleries (15)
Mailing Lists (1)
Tips (3)
Vulnerabilities (249)
Access Bypass (42)
Cross Site Scripting (94)
Denial Of Service (2)
File Inclusion (40)
Information Disclosure (13)
Privilege Escalation (2)
Remote Command Execution (12)
Session Hijacking (1)
SQL Injection (84)

Archive for March, 2008

Joomla Alberghi Component “id” SQL Injection

Published by TL Guan March 21st, 2008 in Content Management and SQL Injection.

Application: Joomla Alberghi Component
Affected Version: 2.1.3 SR and other version.
Vendor’s URL: Joomla Alberghi Component
Bug Type: SQL Injection
Risk Level: Critical

Solution:
Edit the source code to ensure that input is properly sanitized.

Joomla Joovideo Component “id” SQL Injection

Published by TL Guan March 21st, 2008 in Content Management and SQL Injection.

Application: Joomla Joovideo Component
Affected Version: 1.2.2 PRO and other versions.
Vendor’s URL: Joomla Joovideo Component
Bug Type: SQL Injection
Risk Level: Critical

Solution:
Edit the source code to ensure that input is properly sanitized.

Gallarific Multiple Vulnerabilities

Published by TL Guan March 21st, 2008 in Access Bypass, Cross Site Scripting and Image Galleries.

Application: Gallarific
Affected Version: Gallarific Free Edition 1.1 and other versions.
Vendor’s URL: http://www.gallarific.com/
Bug Type: Cross Site Scripting and Security Bypass
Risk Level: Critical

Solution:
Use another product, or disable it until the patch is released.

Joomla Restaurante Component “id” SQL Injection

Published by TL Guan March 21st, 2008 in Content Management and SQL Injection.

Application: Joomla Restaurante Component
Affected Version: 1.0 and other versions.
Vendor’s URL: Joomla Restaurante Component
Bug Type: SQL Injection
Risk Level: Critical

Solution:
Edit the source code to ensure that input is properly sanitized.

PHPauction GPL File Inclusion

Published by TL Guan March 20th, 2008 in Applications and File Inclusion.

Application: PHPauction GPL
Affected Version: 2.51 and other versions.
Vendor’s URL: PHPauction GPL
Bug Type: File Inclusion
Risk Level: Critical

Solution:
Edit the source code to ensure that input is properly verified.

Joomla Acajoom PRO Component SQL Injection

Published by TL Guan March 20th, 2008 in Content Management and SQL Injection.

Application: Joomla Acajoom PRO Component
Affected Version: 1.2.5 and 1.1.5 and other versions.
Vendor’s URL: Joomla Acajoom PRO Component
Bug Type: SQL injection
Risk Level: Critical

Solution:
Edit the source code to ensure that input is properly sanitized.

phpBP “id” SQL Injection

Published by TL Guan March 20th, 2008 in Discussion Boards and SQL Injection.

Application: phpBP
Affected Version: 2 RC3 (2.204) FIX4 and other versions.
Vendor’s URL: phpBP
Bug Type: SQL Injection
Risk Level: Critical

Solution:
Apply fix: phpBP 2 RC3 2.204 FIX5.

fuzzylime File Inclusion

Published by TL Guan March 20th, 2008 in Content Management and File Inclusion.

Application: fuzzylime
Affected Version: 3.01 and other versions.
Vendor’s URL: fuzzylime
Bug Type: File inclusion
Risk Level: Critical

Solution:
Edit the source code to ensure that input is properly verified.

XOOPS Tutorials Module “tid” SQL Injection

Published by TL Guan March 20th, 2008 in Content Management and SQL Injection.

Application: XOOPS Tutorials Module
Affected Version: 2.1b and other versions.
Vendor’s URL: XOOPS Tutorials Module
Bug Type: SQL Injection
Risk Level: Critical

Solution:
Edit the source code to ensure that input is properly sanitized.

Fully Modded phpBB “k” SQL Injection

Published by TL Guan March 20th, 2008 in Discussion Boards and SQL Injection.

Application: Fully Modded phpBB
Affected Version: 80220 and other versions.
Vendor’s URL: Fully Modded phpBB
Bug Type: SQL Injection
Risk Level: Critical

Solution:
Edit the source code to ensure that input is properly sanitized.

EasyCalendar SQL Injection and XSS

Published by TL Guan March 20th, 2008 in Applications, Cross Site Scripting and SQL Injection.

Application: EasyCalendar
Affected Version: 4.0tr and other versions.
Vendor’s URL: EasyCalendar
Bug Type: SQL Injection and Cross Site Scripting
Risk Level: Critical

Solution:
Edit the source code to ensure that input is properly sanitized.

PHP-Nuke Hadith Module “cat” SQL Injection

Published by TL Guan March 20th, 2008 in Content Management and SQL Injection.

Application: PHP-Nuke Hadith Module
Affected Version:
Vendor’s URL: PHP-Nuke Hadith Module
Bug Type: SQL Injection
Risk Level: Critical

Solution:
Edit the source code to ensure that input is properly sanitized.

Joomla! eWriting Component “cat” SQL Injection

Published by TL Guan March 20th, 2008 in Content Management and SQL Injection.

Application: Joomla! eWriting Component
Affected Version: 1.2.1 and other versions.
Vendor’s URL: Joomla! eWriting Component
Bug Type: SQL Injection
Risk Level: Critical

Solution:
Edit the source code to ensure that input is properly sanitized.

PHP-Nuke Kütüb-i Sitte Module “kid” SQL Injection

Published by TL Guan March 20th, 2008 in Content Management and SQL Injection.

Application: PHP-Nuke Kütüb-i Sitte Module
Affected Version: 1.1 and other versions.
Vendor’s URL: PHP-Nuke Kütüb-i Sitte Module
Bug Type: SQL Injection
Risk Level: Critical

Solution:
Edit the source code to ensure that input is properly sanitized.

XOOPS Prayer List Module “cid” SQL Injection

Published by TL Guan March 20th, 2008 in Content Management and SQL Injection.

Application: XOOPS Prayer List Module
Affected Version: 1.04 and other versions.
Vendor’s URL: XOOPS Prayer List Module
Bug Type: SQL Injection
Risk Level: Critical

Solution:
Edit the source code to ensure that input is properly sanitized.

XOOPS Tiny Event Module “id” SQL Injection

Published by TL Guan March 20th, 2008 in Content Management and SQL Injection.

Application: XOOPS Tiny Event Module
Affected Version: 1.01.
Vendor’s URL: XOOPS Tiny Event Module
Bug Type: SQL Injection
Risk Level: Critical

Solution:
Edit the source code to ensure that input is properly sanitized.

TikiWiki Script Insertion Vulnerability

Published by TL Guan March 20th, 2008 in Content Management and Cross Site Scripting.

Application: Tikiwiki
Affected Version: prior to 1.9.10.1.
Vendor’s URL: http://tikiwiki.org/
Bug Type: Cross Site Scripting
Risk Level: Medium

Solution:
Update to version 1.9.10.1.

Joomla! Gary’s Cookbook Component SQL Injection

Published by TL Guan March 20th, 2008 in Content Management and SQL Injection.

Application: Joomla! Gary’s Cookbook Component
Affected Version: 2.4.0 and other versions.
Vendor’s URL: Joomla! Gary’s Cookbook Component
Bug Type: SQL injection
Risk Level: Critical

Solution:
Edit the source code to ensure that input is properly sanitized.

Joomla! File Inclusion

Published by TL Guan March 20th, 2008 in Content Management and File Inclusion.

Application: Joomla!
Affected Version: Joomla! 1.0.x in versions 1.0.14 and 1.0.13 and prior versions.
Vendor’s URL: http://www.joomla.org/
Bug Type: File inclusion
Risk Level: Critical

Solution:
Update to version 1.0.15.

Xoops XM-Memberstats Module SQL Injection

Published by TL Guan March 20th, 2008 in Content Management and SQL Injection.

Application: Xoops XM-Memberstats Module
Affected Version: 2.0e and other versions.
Vendor’s URL: http://www.xoopsmalaysia.org
Bug Type: SQL Injection
Risk Level: Critical

Solution:
Edit the source code to ensure that input is properly sanitized.

About

You are currently browsing the Exabytes Security Portal weblog archives for the month March, 2008.

Longer entries are truncated. Click the headline of an entry to read it in its entirety.

Subscribe

Latest

Archives



Valid XHTML 1.0 Transitional