Application: miniBB
Affected Version: version 2.2a and other versions.
Vendor’s URL: miniBB
Bug Type: Cross Site Scripting
Risk Level: Medium
Solution:
Edit the source code to ensure that input is properly sanitized.
Archive for June, 2008
miniBB “whatus” Cross-Site Scripting
Published by June 23rd, 2008 in Cross Site Scripting and Discussion Boards.Drupal TrailScout Module XSS and SQL Injection
Published by June 23rd, 2008 in Content Management, Cross Site Scripting and SQL Injection.Application: Drupal
Affected Version: versions for Drupal 5.x prior to 5.x-1.4
Vendor’s URL: TrailScout Module
Bug Type: Cross-Site Scripting and SQL Injection
Risk Level: Critical
Solution:
Update to version 5.x-1.4.
Application: MyBizz-Classifieds
Affected Version:
Vendor’s URL: MyBizz-Classifieds
Bug Type: SQL Injection
Risk Level: Critical
Solution:
Filter malicious characters and character sequences in a web proxy.
Application: Easy Webstore
Affected Version: version 1.2 and other versions.
Vendor’s URL: http://www.webstorexpert.com/
Bug Type: SQL Injection
Risk Level: Critical
Solution:
Edit the source code to ensure that input is properly sanitized.
Application: BASIC-CMS
Affected Version:
Vendor’s URL: BASIC-CMS
Bug Type: SQL Injection
Risk Level: Critical
Solution:
Edit the source code to ensure that input is properly sanitized.
Application: eroCMS
Affected Version: 1.4 and other versions.
Vendor’s URL: eroCMS
Bug Type: SQL Injection
Risk Level: Critical
Solution:
Edit the source code to ensure that input is properly sanitized.
Application: vBulletin
Affected Version: version 3.7.1 and 3.6.10 and other version.
Vendor’s URL: vBulletin
Bug Type: Cross Site Scripting
Risk Level: Critical
Solution:
Update to version 3.7.1 PL1 or 3.6.10 PL1.
Application: Mambo
Affected Version: version 4.6.4 and other versions.
Vendor’s URL: http://www.mambo-foundation.org/
Bug Type: File Inclusion
Risk Level: Critical
Solution:
Edit the source code to ensure that input is properly verified.
Application: PHPMyCart
Affected Version:
Vendor’s URL: PHPMyCart
Bug Type: SQL Injection
Risk Level: Critical
Solution:
Edit the source code to ensure that input is properly sanitized.
FOG Forum Local File Inclusion
Published by June 23rd, 2008 in Discussion Boards and File Inclusion.Application: FOG Forum
Affected Version: version 0.8.1 and other versions.
Vendor’s URL: FOG Forum
Bug Type: File Inclusion
Risk Level: Critical
Solution:
Edit the source code to ensure that input is properly verified.
Drupal Aggregation Module Security Bypass and XSS
Published by June 23rd, 2008 in Access Bypass, Content Management and Cross Site Scripting.Application: Drupal
Affected Version: prior to 5.x-4.4
Vendor’s URL: Aggregation Module
Bug Type: Security Bypass and Cross Site Scripting
Risk Level: Critical
Solution:
Update to version 5.x-4.4.
Drupal Taxonomy Image Module XSS
Published by June 23rd, 2008 in Content Management and Cross Site Scripting.Application: Drupal
Affected Version: prior to 5.x-1.3 and 6.x-1.3.
Vendor’s URL: Taxonomy Image Module
Bug Type: Cross Site Scripting
Risk Level: Medium
Solution:
Update to version 5.x-1.3 or 6.x-1.3.
http://drupal.org/project/taxonomy_image
Drupal Magic Tabs Module Arbitrary PHP Code Execution
Published by June 23rd, 2008 in Content Management and Remote Command Execution.Application: Drupal
Affected Version: prior to 5.x-1.1
Vendor’s URL: Magic Tabs Module
Bug Type: Code Execution
Risk Level: Critical
Solution:
Update to 5.x-1.1.
http://drupal.org/project/magic_tabs
Application: DotNetNuke
Affected Version: prior to 4.8.4
Vendor’s URL: DotNetNuke
Bug Type: Cross Site Scripting
Risk Level: Medium
Solution:
Update to version 4.8.4.
Gallery XSS and Security Bypass
Published by June 23rd, 2008 in Access Bypass, Cross Site Scripting and Image Galleries.Application: Gallery
Affected Version: all 2.x versions before 2.2.5
Vendor’s URL: http://gallery.menalto.com/
Bug Type: Cross Site Scripting and Security Bypass
Risk Level: Medium
Solution:
Update to version 2.2.5. Remove password protection from any non-album items.
Joomla JoomlaDate Component SQL Injection
Published by June 23rd, 2008 in Content Management and SQL Injection.Application: Joomla
Affected Version: version 1.0.05 and other versions.
Vendor’s URL: JoomlaDate Component
Bug Type: SQL Injection
Risk Level: Critical
Solution:
Contact the vendor for patch.
Joomla GameQ Component SQL Injection
Published by June 23rd, 2008 in Content Management and SQL Injection.Application: Joomla
Affected Version: version 4.0.0 and other versions.
Vendor’s URL: GameQ Component
Bug Type: SQL Injection
Risk Level:
Solution:
Edit the source code to ensure that input is properly sanitized.
Application: PHP Image Gallery
Affected Version:
Vendor’s URL: PHP Image Gallery
Bug Type: Cross Site Scripting
Risk Level: Medium
Solution:
Edit the source code to ensure that input is properly sanitized.
Application: 1Book
Affected Version: version 1.0.1 and other versions.
Vendor’s URL: http://1scripts.net/php-scripts/index.php?p=16
Bug Type: Code Execution
Risk Level: Critical
Solution:
Update to version 1.0.2.
Joomla EasyBook Component SQL Injection
Published by June 23rd, 2008 in Content Management and SQL Injection.Application: Joomla
Affected Version: version 1.1 and other versions.
Vendor’s URL: EasyBook Component
Bug Type: SQL Injection
Risk Level: Critical
Solution:
Edit the source code to ensure that input is properly sanitized.
