Application: miniBB
Affected Version: version 2.2a and other versions.
Vendor’s URL: miniBB
Bug Type: Cross Site Scripting
Risk Level: Medium

Solution:
Edit the source code to ensure that input is properly sanitized.

Cross Site Scripting, Discussion Boards

Application: Drupal
Affected Version: versions for Drupal 5.x prior to 5.x-1.4
Vendor’s URL: TrailScout Module
Bug Type: Cross-Site Scripting and SQL Injection
Risk Level: Critical

Solution:
Update to version 5.x-1.4.

Content Management, Cross Site Scripting, SQL Injection

Application: MyBizz-Classifieds
Affected Version:
Vendor’s URL: MyBizz-Classifieds
Bug Type: SQL Injection
Risk Level: Critical

Solution:
Filter malicious characters and character sequences in a web proxy.

SQL Injection

Application: Easy Webstore
Affected Version: version 1.2 and other versions.
Vendor’s URL: http://www.webstorexpert.com/
Bug Type: SQL Injection
Risk Level: Critical

Solution:
Edit the source code to ensure that input is properly sanitized.

E-Commerce, SQL Injection

Application: BASIC-CMS
Affected Version:
Vendor’s URL: BASIC-CMS
Bug Type: SQL Injection
Risk Level: Critical

Solution:
Edit the source code to ensure that input is properly sanitized.

Content Management, SQL Injection

Application: eroCMS
Affected Version: 1.4 and other versions.
Vendor’s URL: eroCMS
Bug Type: SQL Injection
Risk Level: Critical

Solution:
Edit the source code to ensure that input is properly sanitized.

Content Management, SQL Injection

Application: vBulletin
Affected Version: version 3.7.1 and 3.6.10 and other version.
Vendor’s URL: vBulletin
Bug Type: Cross Site Scripting
Risk Level: Critical

Solution:
Update to version 3.7.1 PL1 or 3.6.10 PL1.

Cross Site Scripting, Discussion Boards

Application: Mambo
Affected Version: version 4.6.4 and other versions.
Vendor’s URL: http://www.mambo-foundation.org/
Bug Type: File Inclusion
Risk Level: Critical

Solution:
Edit the source code to ensure that input is properly verified.

Content Management, File Inclusion

Application: PHPMyCart
Affected Version:
Vendor’s URL: PHPMyCart
Bug Type: SQL Injection
Risk Level: Critical

Solution:
Edit the source code to ensure that input is properly sanitized.

E-Commerce, SQL Injection

Application: FOG Forum
Affected Version: version 0.8.1 and other versions.
Vendor’s URL: FOG Forum
Bug Type: File Inclusion
Risk Level: Critical

Solution:
Edit the source code to ensure that input is properly verified.

Discussion Boards, File Inclusion

Application: Drupal
Affected Version: prior to 5.x-4.4
Vendor’s URL: Aggregation Module
Bug Type: Security Bypass and Cross Site Scripting
Risk Level: Critical

Solution:
Update to version 5.x-4.4.

Access Bypass, Content Management, Cross Site Scripting

Application: Drupal
Affected Version: prior to 5.x-1.3 and 6.x-1.3.
Vendor’s URL: Taxonomy Image Module
Bug Type: Cross Site Scripting
Risk Level: Medium

Solution:
Update to version 5.x-1.3 or 6.x-1.3.
http://drupal.org/project/taxonomy_image

Content Management, Cross Site Scripting

Application: Drupal
Affected Version: prior to 5.x-1.1
Vendor’s URL: Magic Tabs Module
Bug Type: Code Execution
Risk Level: Critical

Solution:
Update to 5.x-1.1.
http://drupal.org/project/magic_tabs

Content Management, Remote Command Execution

Application: DotNetNuke
Affected Version: prior to 4.8.4
Vendor’s URL: DotNetNuke
Bug Type: Cross Site Scripting
Risk Level: Medium

Solution:
Update to version 4.8.4.

Content Management, Cross Site Scripting

Application: Gallery
Affected Version: all 2.x versions before 2.2.5
Vendor’s URL: http://gallery.menalto.com/
Bug Type: Cross Site Scripting and Security Bypass
Risk Level: Medium

Solution:
Update to version 2.2.5. Remove password protection from any non-album items.

Access Bypass, Cross Site Scripting, Image Galleries

Application: Joomla
Affected Version: version 1.0.05 and other versions.
Vendor’s URL: JoomlaDate Component
Bug Type: SQL Injection
Risk Level: Critical

Solution:
Contact the vendor for patch.

Content Management, SQL Injection

Application: Joomla
Affected Version: version 4.0.0 and other versions.
Vendor’s URL: GameQ Component
Bug Type: SQL Injection
Risk Level:

Solution:
Edit the source code to ensure that input is properly sanitized.

Content Management, SQL Injection

Application: PHP Image Gallery
Affected Version:
Vendor’s URL: PHP Image Gallery
Bug Type: Cross Site Scripting
Risk Level: Medium

Solution:
Edit the source code to ensure that input is properly sanitized.

Cross Site Scripting, Image Galleries

Application: 1Book
Affected Version: version 1.0.1 and other versions.
Vendor’s URL: http://1scripts.net/php-scripts/index.php?p=16
Bug Type: Code Execution
Risk Level: Critical

Solution:
Update to version 1.0.2.

Remote Command Execution

Application: Joomla
Affected Version: version 1.1 and other versions.
Vendor’s URL: EasyBook Component
Bug Type: SQL Injection
Risk Level: Critical

Solution:
Edit the source code to ensure that input is properly sanitized.

Content Management, SQL Injection