Archive

Archive for April, 2008

eGroupWare File Upload

April 18th, 2008
Comments Off

Application: eGroupWare
Affected Version: prior to 1.4.004.
Vendor’s URL: eGroupWare
Bug Type: File Inclusion
Risk Level: Critical

Solution:
Update to version 1.4.004.

File Inclusion

Joomla Jom Comment Component Unspecified SQL Injection

April 18th, 2008
Comments Off

Application: Joomla Jom Comment Component
Affected Version: version 2.0 and other versions.
Vendor’s URL: Joomla Jom Comment Component
Bug Type: SQL Injection
Risk Level: Critical

Solution:
Update to version 2.2.

Content Management, SQL Injection

WordPress WP-Download Plugin SQL Injection

April 18th, 2008
Comments Off

Application: WordPress WP-Download Plugin
Affected Version: 1.2 and other versions.
Vendor’s URL: WordPress WP-Download Plugin
Bug Type: SQL Injection
Risk Level: Critical

Solution:
Update to version 1.2.1.

Content Management, SQL Injection

AuraCMS SQL Injection

April 18th, 2008
Comments Off

Application: AuraCMS
Affected Version: 2.2.1 and other versions.
Vendor’s URL: AuraCMS
Bug Type: SQL Injection
Risk Level: Critical

Solution:
Edit the source code to ensure that input is properly sanitized.

Content Management, SQL Injection

Simple Gallery XSS

April 18th, 2008
Comments Off

Application: Simple Gallery
Affected Version: 2.2 and other versions.
Vendor’s URL: Simple Gallery
Bug Type: Cross Site Scripting
Risk Level: Medium

Solution:
Edit the source code to ensure that input is properly sanitized.

Cross Site Scripting, Image Galleries

Drupal Webform Module Unspecified Script Insertion

April 18th, 2008
Comments Off

Application: Drupal Webform Module
Affected Version: prior to version 5.x-1.10.
Vendor’s URL: Drupal Webform Module
Bug Type: Script Insertion
Risk Level: Critical

Solution:
Update to version 5.x-1.10.

Content Management

PHP Photo Gallery SQL Injection

April 18th, 2008
Comments Off

Application: PHP Photo Gallery
Affected Version:
Vendor’s URL: PHP Photo Gallery
Bug Type: SQL Injection
Risk Level: Critical

Solution:
Edit the source code to ensure that input is properly sanitized.

Image Galleries, SQL Injection

Wikepage Information Disclosure

April 18th, 2008
Comments Off

Application: Wikepage
Affected Version: version Opus 13 2007.2 and other versions.
Vendor’s URL: Wikepage
Bug Type: Information Disclosure
Risk Level: Medium

Solution:
Edit the source code to ensure that input is properly sanitized.

Content Management, Information Disclosure

Drupal Menu System Security Bypass

April 18th, 2008
Comments Off

Application: Drupal Menu System
Affected Version: 6.2 and prior versions.
Vendor’s URL: Drupal Menu System
Bug Type: Security Bypass
Risk Level: Critical

Solution:
Update to Drupal 6.2 or apply patch.

Access Bypass, Content Management

Gallery Script Lite Information Disclosure

April 18th, 2008
Comments Off

Application: Gallery Script Lite
Affected Version:
Vendor’s URL: Gallery Script Lite
Bug Type: Information Disclosure
Risk Level: Critical

Solution:
Edit the source code to ensure that input is properly sanitized.

Image Galleries, Information Disclosure

KnowledgeQuest SQL Injection and Security Bypass

April 18th, 2008
Comments Off

Application: KnowledgeQuest
Affected Version: 2.6 and other versions.
Vendor’s URL: KnowledgeQuest
Bug Type: Security Bypass
Risk Level: Critical

Solution:
Edit the source code to ensure that input is properly sanitized. Restrict access to the admincheck.php

Access Bypass, SQL Injection

Drupal Simple Access Module Security Bypass

April 18th, 2008
Comments Off

Application: Drupal Simple Access Module
Affected Version: 5.x-1.2-2 and prior versions.
Vendor’s URL: Drupal Simple Access Module
Bug Type: Access bypass
Risk Level: Critical

Solution:
Update to version 5.x-1.3.

Access Bypass, Content Management

LiveCart SQL Injection Vulnerability

April 18th, 2008
Comments Off

Application: LiveCart
Affected Version: 1.1.1 trial version and other versions.
Vendor’s URL: LiveCart
Bug Type: SQL Injection
Risk Level: Critical

Solution:
Edit the source code to ensure that input is properly sanitized.

SQL Injection

KwsPHP ConcoursPhoto Module SQL Injection

April 18th, 2008
Comments Off

Application: KwsPHP ConcoursPhoto Module
Affected Version: 2.0 and prior version.
Vendor’s URL: KwsPHP ConcoursPhoto Module
Bug Type: SQL Injection
Risk Level: Critical

Solution:
Update to version 2.1.

Image Galleries, SQL Injection

Coppermine Photo Gallery SQL Injection

April 18th, 2008
Comments Off

Application: Coppermine Photo Gallery
Affected Version: 1.4.16 and other versions.
Vendor’s URL: Coppermine Photo Gallery
Bug Type: SQL Injection
Risk Level: Critical

Solution:
Update to version 1.4.17.

Image Galleries, SQL Injection

NewsOffice File Inclusion Vulnerability

April 18th, 2008
Comments Off

Application: NewsOffice
Affected Version: 1.1 and prior versions.
Vendor’s URL: NewsOffice
Bug Type: File Inclusion
Risk Level: Critical

Solution:
Update to version 1.1.1.

File Inclusion

phpkb Knowledge Base SQL Injection

April 18th, 2008
Comments Off

Application: phpkb Knowledge Base
Affected Version: 1.5 and 2.0 and other versions.
Vendor’s URL: phpkb Knowledge Base
Bug Type: SQL Injection
Risk Level: Critical

Solution:
Edit the source code to ensure that input is properly sanitized.

SQL Injection

1024 CMS SQL Injection and File Inclusion

April 18th, 2008
Comments Off

Application: 1024 CMS
Affected Version: 1.4.1 and other versions.
Vendor’s URL: 1024 CMS
Bug Type: SQL Injection, File Inclusion
Risk Level: Critical

Solution:
Edit the source code to ensure that input is properly sanitized and verified.

Content Management, File Inclusion, SQL Injection

cpCommerce Multiple Vulnerabilities

April 18th, 2008
Comments Off

Application: cpCommerce
Affected Version: 1.1.0 and other versions.
Vendor’s URL: cpCommerce
Bug Type: Cross Site Scripting and SQL injection
Risk Level: Critical

Solution:
Edit the source code to ensure that input is properly sanitized and verified.

Cross Site Scripting, E-Commerce, SQL Injection

Coppermine Photo Gallery SQL Injection

April 18th, 2008
Comments Off

Application: Coppermine Photo Gallery
Affected Version: 1.4.17 and other versions.
Vendor’s URL: Coppermine Photo Gallery
Bug Type: SQL Injection
Risk Level: Critical

Solution:
Update to version 1.4.18.

Image Galleries, SQL Injection