Application: miniBB
Affected Version: version 2.2a and other versions.
Vendor’s URL: miniBB
Bug Type: Cross Site Scripting
Risk Level: Medium
Solution:
Edit the source code to ensure that input is properly sanitized.
Cross Site Scripting, Discussion Boards
Application: Drupal
Affected Version: versions for Drupal 5.x prior to 5.x-1.4
Vendor’s URL: TrailScout Module
Bug Type: Cross-Site Scripting and SQL Injection
Risk Level: Critical
Solution:
Update to version 5.x-1.4.
Content Management, Cross Site Scripting, SQL Injection
Application: MyBizz-Classifieds
Affected Version:
Vendor’s URL: MyBizz-Classifieds
Bug Type: SQL Injection
Risk Level: Critical
Solution:
Filter malicious characters and character sequences in a web proxy.
SQL Injection
Application: Easy Webstore
Affected Version: version 1.2 and other versions.
Vendor’s URL: http://www.webstorexpert.com/
Bug Type: SQL Injection
Risk Level: Critical
Solution:
Edit the source code to ensure that input is properly sanitized.
E-Commerce, SQL Injection
Application: BASIC-CMS
Affected Version:
Vendor’s URL: BASIC-CMS
Bug Type: SQL Injection
Risk Level: Critical
Solution:
Edit the source code to ensure that input is properly sanitized.
Content Management, SQL Injection
Application: eroCMS
Affected Version: 1.4 and other versions.
Vendor’s URL: eroCMS
Bug Type: SQL Injection
Risk Level: Critical
Solution:
Edit the source code to ensure that input is properly sanitized.
Content Management, SQL Injection
Application: vBulletin
Affected Version: version 3.7.1 and 3.6.10 and other version.
Vendor’s URL: vBulletin
Bug Type: Cross Site Scripting
Risk Level: Critical
Solution:
Update to version 3.7.1 PL1 or 3.6.10 PL1.
Cross Site Scripting, Discussion Boards
Application: Mambo
Affected Version: version 4.6.4 and other versions.
Vendor’s URL: http://www.mambo-foundation.org/
Bug Type: File Inclusion
Risk Level: Critical
Solution:
Edit the source code to ensure that input is properly verified.
Content Management, File Inclusion
Application: PHPMyCart
Affected Version:
Vendor’s URL: PHPMyCart
Bug Type: SQL Injection
Risk Level: Critical
Solution:
Edit the source code to ensure that input is properly sanitized.
E-Commerce, SQL Injection
Application: FOG Forum
Affected Version: version 0.8.1 and other versions.
Vendor’s URL: FOG Forum
Bug Type: File Inclusion
Risk Level: Critical
Solution:
Edit the source code to ensure that input is properly verified.
Discussion Boards, File Inclusion
Application: Drupal
Affected Version: prior to 5.x-4.4
Vendor’s URL: Aggregation Module
Bug Type: Security Bypass and Cross Site Scripting
Risk Level: Critical
Solution:
Update to version 5.x-4.4.
Access Bypass, Content Management, Cross Site Scripting
Application: Drupal
Affected Version: prior to 5.x-1.3 and 6.x-1.3.
Vendor’s URL: Taxonomy Image Module
Bug Type: Cross Site Scripting
Risk Level: Medium
Solution:
Update to version 5.x-1.3 or 6.x-1.3.
http://drupal.org/project/taxonomy_image
Content Management, Cross Site Scripting
Application: Drupal
Affected Version: prior to 5.x-1.1
Vendor’s URL: Magic Tabs Module
Bug Type: Code Execution
Risk Level: Critical
Solution:
Update to 5.x-1.1.
http://drupal.org/project/magic_tabs
Content Management, Remote Command Execution
Application: DotNetNuke
Affected Version: prior to 4.8.4
Vendor’s URL: DotNetNuke
Bug Type: Cross Site Scripting
Risk Level: Medium
Solution:
Update to version 4.8.4.
Content Management, Cross Site Scripting
Application: Gallery
Affected Version: all 2.x versions before 2.2.5
Vendor’s URL: http://gallery.menalto.com/
Bug Type: Cross Site Scripting and Security Bypass
Risk Level: Medium
Solution:
Update to version 2.2.5. Remove password protection from any non-album items.
Access Bypass, Cross Site Scripting, Image Galleries
Application: Joomla
Affected Version: version 1.0.05 and other versions.
Vendor’s URL: JoomlaDate Component
Bug Type: SQL Injection
Risk Level: Critical
Solution:
Contact the vendor for patch.
Content Management, SQL Injection
Application: Joomla
Affected Version: version 4.0.0 and other versions.
Vendor’s URL: GameQ Component
Bug Type: SQL Injection
Risk Level:
Solution:
Edit the source code to ensure that input is properly sanitized.
Content Management, SQL Injection
Application: PHP Image Gallery
Affected Version:
Vendor’s URL: PHP Image Gallery
Bug Type: Cross Site Scripting
Risk Level: Medium
Solution:
Edit the source code to ensure that input is properly sanitized.
Cross Site Scripting, Image Galleries
Application: 1Book
Affected Version: version 1.0.1 and other versions.
Vendor’s URL: http://1scripts.net/php-scripts/index.php?p=16
Bug Type: Code Execution
Risk Level: Critical
Solution:
Update to version 1.0.2.
Remote Command Execution
Application: Joomla
Affected Version: version 1.1 and other versions.
Vendor’s URL: EasyBook Component
Bug Type: SQL Injection
Risk Level: Critical
Solution:
Edit the source code to ensure that input is properly sanitized.
Content Management, SQL Injection