Application: vbDrupal
Affected Version: all 5.x versions prior to 5.10.0.
Vendor’s URL: vbDrupal
Bug Type: Cross Site Scripting
Risk Level: Medium
Solution:
Update to version 5.10.0 or later.
Application: Mambo
Affected Version: version 4.6.5 and reported in version 4.6.2 and other versions.
Vendor’s URL: Mambo
Bug Type: Cross Site Scripting
Risk Level: Medium
Solution:
Edit the source code to ensure that input is properly sanitised.
Application: Vanilla
Affected Version: version 1.1.4 and other versions.
Vendor’s URL: Vanilla
Bug Type: Cross Site Scripting
Risk Level: Medium
Solution:
All vulnerabilities except for the “Value” form field in #2 are fixed in version 1.1.5-rc1.
Edit the source code to ensure that input is properly sanitised. Do not browse untrusted web sites while logged on to the application.
Application: PHP Live Helper
Affected Version: version 2.0.1 and other versions.
Vendor’s URL: PHP Live Helper
Bug Type: SQL Injection
Risk Level: Critcal
Solution:
Update to version 2.1.0.
Application: vBulletin
Affected Version: 3.7.2 PL1 and 3.6.10 PL3 and prior versions.
Vendor’s URL: vBulletin
Bug Type: Script Insertion
Risk Level: Medium
Solution:
Update to version 3.7.2 PL2 or 3.6.10 PL4.
Application: TinyCMS
Affected Version: version 1.1.2 and other versions.
Vendor’s URL: TinyCMS
Bug Type: File Inclusion
Risk Level: Critical
Solution:
Edit the source code to ensure that input is properly verified.
Application: Kayako
Affected Version: version 3.20.02 and prior versions
Vendor’s URL: SupportSuite
Bug Type: SQL Injection and Cross Site Scripting
Risk Level: Critical
Solution:
Fixed in version 3.30.00 RC3.
Filter malicious characters and character sequences in a web proxy.
Application: Drupal
Affected Version: all 6.x versions prior to 6.4
Vendor’s URL: Drupal
Bug Type: Cross Site Scripting and Security Bypass
Risk Level: Medium
Solution:
Update to version 6.4.