Application: eGroupWare
Affected Version: prior to 1.4.004.
Vendor’s URL: eGroupWare
Bug Type: File Inclusion
Risk Level: Critical
Solution:
Update to version 1.4.004.
Archive for April, 2008
Joomla Jom Comment Component Unspecified SQL Injection
Published by April 18th, 2008 in Content Management and SQL Injection.Application: Joomla Jom Comment Component
Affected Version: version 2.0 and other versions.
Vendor’s URL: Joomla Jom Comment Component
Bug Type: SQL Injection
Risk Level: Critical
Solution:
Update to version 2.2.
WordPress WP-Download Plugin SQL Injection
Published by April 18th, 2008 in Content Management and SQL Injection.Application: WordPress WP-Download Plugin
Affected Version: 1.2 and other versions.
Vendor’s URL: WordPress WP-Download Plugin
Bug Type: SQL Injection
Risk Level: Critical
Solution:
Update to version 1.2.1.
Application: AuraCMS
Affected Version: 2.2.1 and other versions.
Vendor’s URL: AuraCMS
Bug Type: SQL Injection
Risk Level: Critical
Solution:
Edit the source code to ensure that input is properly sanitized.
Application: Simple Gallery
Affected Version: 2.2 and other versions.
Vendor’s URL: Simple Gallery
Bug Type: Cross Site Scripting
Risk Level: Medium
Solution:
Edit the source code to ensure that input is properly sanitized.
Drupal Webform Module Unspecified Script Insertion
Published by April 18th, 2008 in Content Management.Application: Drupal Webform Module
Affected Version: prior to version 5.x-1.10.
Vendor’s URL: Drupal Webform Module
Bug Type: Script Insertion
Risk Level: Critical
Solution:
Update to version 5.x-1.10.
Application: PHP Photo Gallery
Affected Version:
Vendor’s URL: PHP Photo Gallery
Bug Type: SQL Injection
Risk Level: Critical
Solution:
Edit the source code to ensure that input is properly sanitized.
Wikepage Information Disclosure
Published by April 18th, 2008 in Content Management and Information Disclosure.Application: Wikepage
Affected Version: version Opus 13 2007.2 and other versions.
Vendor’s URL: Wikepage
Bug Type: Information Disclosure
Risk Level: Medium
Solution:
Edit the source code to ensure that input is properly sanitized.
Drupal Menu System Security Bypass
Published by April 18th, 2008 in Access Bypass and Content Management.Application: Drupal Menu System
Affected Version: 6.2 and prior versions.
Vendor’s URL: Drupal Menu System
Bug Type: Security Bypass
Risk Level: Critical
Solution:
Update to Drupal 6.2 or apply patch.
Gallery Script Lite Information Disclosure
Published by April 18th, 2008 in Image Galleries and Information Disclosure.Application: Gallery Script Lite
Affected Version:
Vendor’s URL: Gallery Script Lite
Bug Type: Information Disclosure
Risk Level: Critical
Solution:
Edit the source code to ensure that input is properly sanitized.
KnowledgeQuest SQL Injection and Security Bypass
Published by April 18th, 2008 in Access Bypass and SQL Injection.Application: KnowledgeQuest
Affected Version: 2.6 and other versions.
Vendor’s URL: KnowledgeQuest
Bug Type: Security Bypass
Risk Level: Critical
Solution:
Edit the source code to ensure that input is properly sanitized. Restrict access to the admincheck.php
Drupal Simple Access Module Security Bypass
Published by April 18th, 2008 in Access Bypass and Content Management.Application: Drupal Simple Access Module
Affected Version: 5.x-1.2-2 and prior versions.
Vendor’s URL: Drupal Simple Access Module
Bug Type: Access bypass
Risk Level: Critical
Solution:
Update to version 5.x-1.3.
Application: LiveCart
Affected Version: 1.1.1 trial version and other versions.
Vendor’s URL: LiveCart
Bug Type: SQL Injection
Risk Level: Critical
Solution:
Edit the source code to ensure that input is properly sanitized.
KwsPHP ConcoursPhoto Module SQL Injection
Published by April 18th, 2008 in Image Galleries and SQL Injection.Application: KwsPHP ConcoursPhoto Module
Affected Version: 2.0 and prior version.
Vendor’s URL: KwsPHP ConcoursPhoto Module
Bug Type: SQL Injection
Risk Level: Critical
Solution:
Update to version 2.1.
Coppermine Photo Gallery SQL Injection
Published by April 18th, 2008 in Image Galleries and SQL Injection.Application: Coppermine Photo Gallery
Affected Version: 1.4.16 and other versions.
Vendor’s URL: Coppermine Photo Gallery
Bug Type: SQL Injection
Risk Level: Critical
Solution:
Update to version 1.4.17.
Application: NewsOffice
Affected Version: 1.1 and prior versions.
Vendor’s URL: NewsOffice
Bug Type: File Inclusion
Risk Level: Critical
Solution:
Update to version 1.1.1.
Application: phpkb Knowledge Base
Affected Version: 1.5 and 2.0 and other versions.
Vendor’s URL: phpkb Knowledge Base
Bug Type: SQL Injection
Risk Level: Critical
Solution:
Edit the source code to ensure that input is properly sanitized.
1024 CMS SQL Injection and File Inclusion
Published by April 18th, 2008 in Content Management, File Inclusion and SQL Injection.Application: 1024 CMS
Affected Version: 1.4.1 and other versions.
Vendor’s URL: 1024 CMS
Bug Type: SQL Injection, File Inclusion
Risk Level: Critical
Solution:
Edit the source code to ensure that input is properly sanitized and verified.
cpCommerce Multiple Vulnerabilities
Published by April 18th, 2008 in Cross Site Scripting, E-Commerce and SQL Injection.Application: cpCommerce
Affected Version: 1.1.0 and other versions.
Vendor’s URL: cpCommerce
Bug Type: Cross Site Scripting and SQL injection
Risk Level: Critical
Solution:
Edit the source code to ensure that input is properly sanitized and verified.
Coppermine Photo Gallery SQL Injection
Published by April 18th, 2008 in Image Galleries and SQL Injection.Application: Coppermine Photo Gallery
Affected Version: 1.4.17 and other versions.
Vendor’s URL: Coppermine Photo Gallery
Bug Type: SQL Injection
Risk Level: Critical
Solution:
Update to version 1.4.18.
