Archive

Archive for May, 2008

CMS Made Simple Multiple File Extensions

May 21st, 2008
Comments Off

Application: CMS Made Simple
Affected Version: version 1.2.4 and prior versions.
Vendor’s URL: CMS Made Simple
Bug Type: System access
Risk Level: Critical

Solution:
Update to version 1.2.5.

Access Bypass, Content Management

AJ E-Commerce “cid” SQL Injection

May 21st, 2008
Comments Off

Application: AJ E-Commerce
Affected Version: version 2.0 and other versions.
Vendor’s URL: AJ E-Commerce
Bug Type: SQL Injection
Risk Level: Critical

Solution:
Edit the source code to ensure that input is properly sanitized.

E-Commerce, SQL Injection

CMS Faethon “what” Cross-Site Scripting

May 21st, 2008
Comments Off

Application: CMS Faethon
Affected Version: version 2.2 and other versions.
Vendor’s URL: CMS Faethon
Bug Type: Cross Site Scripting
Risk Level: Medium

Solution:
Edit the source code to ensure that input is properly sanitized.

Content Management, Cross Site Scripting

fipsCMS “lg” SQL Injection

May 21st, 2008
Comments Off

Application: fipsCMS
Affected Version:
Vendor’s URL: fipsCMS
Bug Type: SQL Injecton
Risk Level: Critical

Solution:
Edit the source code to ensure that input is properly sanitized.

Content Management, SQL Injection

Galleristic “cat” SQL Injection

May 21st, 2008
Comments Off

Application: Galleristic
Affected Version: version 1.0 and other versions.
Vendor’s URL: Galleristic
Bug Type: SQL Injection
Risk Level: Critical

Solution:
Edit the source code to ensure that input is properly sanitized.

Image Galleries, SQL Injection

Maian Guestbook footer.php XSS

May 21st, 2008
Comments Off

Application: Maian Guestbook
Affected Version: version 3.2 and other versions.
Vendor’s URL: Maian Guestbook
Bug Type: Cross Site Scripting
Risk Level: Medium

Solution:
Edit the source code to ensure that input is properly sanitized.

Cross Site Scripting

SazCart Multiple Vulnerabilities

May 21st, 2008
Comments Off

Application: SazCart
Affected Version: version 1.5.1 and other versions.
Vendor’s URL: SazCart
Bug Type: SQL injection
Risk Level: Critical

Solution:
Edit the source code to ensure that input is properly verified and sanitized.
Set “register_globals” to “Off” and “magic_quotes_gpc” to “On”.

E-Commerce, SQL Injection

Joomla DatsoGallery Component SQLi

May 21st, 2008
Comments Off

Application: Joomla
Affected Version: version 1.6 and other versions.
Vendor’s URL: Joomla DatsoGallery Component
Bug Type: SQL Injection
Risk Level: Critical

Solution:
Edit the source code to ensure that input is properly sanitized

Content Management, SQL Injection

phpDirectorySource SQL Injection

May 21st, 2008
Comments Off

Application: phpDirectorySource
Affected Version: version 1.1.06 and other versions.
Vendor’s URL: phpDirectorySource
Bug Type: SQL Injection
Risk Level: Critical

Solution:
Edit the source code to ensure that input is properly sanitized.

General Purpose Directories, SQL Injection

Auction XL “viewfaqs.php” SQL Injection

May 21st, 2008
Comments Off

Application: Auction XL
Affected Version:
Vendor’s URL: Auction XL
Bug Type: SQL Injection
Risk Level: Critical

Solution:
Edit the source code to ensure that input is properly sanitized.

SQL Injection

Miniweb “historymonth” SQL Injection

May 21st, 2008
Comments Off

Application: Miniweb
Affected Version: version 2.0 and other versions.
Vendor’s URL: Miniweb
Bug Type: SQL Injection
Risk Level: Critical

Solution:
Filter malicious characters and character sequences using a proxy.

SQL Injection

Online Rental Property Script “pid” SQL Injection

May 21st, 2008
Comments Off

Application: Online Rental Property Script
Affected Version: version 4.5 and other versions.
Vendor’s URL: Online Rental Property Script
Bug Type: SQL Injection
Risk Level: Critical

Solution:
Filter malicious characters and character sequences using a proxy.

SQL Injection

ITCms Arbitrary PHP Code Execution

May 21st, 2008
Comments Off

Application: ITCms
Affected Version: version 1.9 and other versions.
Vendor’s URL: ITCms
Bug Type: Code execution
Risk Level: Critical

Solution:
Restrict access to trusted users only.

Content Management, Remote Command Execution

DeluxeBB SQL Injection and PHP Code Execution

May 21st, 2008
Comments Off

Application: DeluxeBB
Affected Version: version 1.2 and other versions.
Vendor’s URL: DeluxeBB
Bug Type: SQL Injection and code execution
Risk Level: Critical

Solution:
Apply the Patch.

Discussion Boards, File Inclusion, SQL Injection

Maian Weblog Multiple Cross-Site Scripting

May 21st, 2008
Comments Off

Application: Maian Weblog
Affected Version: version 4.0 and other versions.
Vendor’s URL: Maian Weblog
Bug Type: Cross Site Scripting
Risk Level: Medium

Solution:
Edit the source code to ensure that input is properly sanitized.

Blogs, Cross Site Scripting

Harris WapChat Multiple File Inclusion

May 21st, 2008
Comments Off

Application: Harris WapChat
Affected Version: version 1.0 and other versions.
Vendor’s URL: Harris WapChat
Bug Type: File Inclusion
Risk Level: Critical

Solution:
Edit the source code to ensure that input is properly verified.
Use another product.

File Inclusion

BlogMe PHP “id” SQL Injection

May 21st, 2008
Comments Off

Application: BlogMe
Affected Version: version 1.1 and other versions.
Vendor’s URL: BlogMe
Bug Type: SQL Injection
Risk Level: Critical

Solution:
Edit the source code to ensure that input is properly sanitized.

Blogs, SQL Injection

Jokes Site Script “catagorie” SQL Injection

May 21st, 2008
Comments Off

Application: Jokes Site Script
Affected Version:
Vendor’s URL: Jokes Site Script
Bug Type: SQL Injection
Risk Level: Critical

Solution:
dit the source code to ensure that input is properly sanitized.

SQL Injection

FluentCMS “sid” SQL Injection

May 21st, 2008
Comments Off

Application: FluentCMS
Affected Version: version 4.x
Vendor’s URL: FluentCMS
Bug Type: SQL Injection
Risk Level: Critical

Solution:
Edit the source code to ensure that input is properly sanitized.

Content Management, SQL Injection

XOOPS Various Bluemoon inc. Modules XSS

May 21st, 2008
Comments Off

Application: XOOPS
Affected Version: BackPack version 0.91 and earlier
BmSurvey version 0.84 and earlier
bb_fileup version 1.83 and earlier
News_embed (news_fileup) version 1.44 and earlier
PopnupBlog version 3.19 and earlier
Vendor’s URL: XOOPS Various Bluemoon inc. Modules
Bug Type: Cross Site Scripting
Risk Level: Medium

Solution:
Update to BackPack version 0.93, BmSurvey version 0.85, newbb_fileup version 1.84, News_embed version 1.45, and PopnupBlog version 3.20.

Content Management, Cross Site Scripting