Archive

Archive for October, 2008

Drupal Localization client Module XSRF

October 24th, 2008
Comments Off

Application: Drupal
Affected Version: all 5.x versions prior to 5.x-1.1 and all 6.x versions prior to 6.x-1.6.
Vendor’s URL: Localization client Module
Bug Type: Cross Site Scripting
Risk Level: Medium

Solution:
Update to version 5.x-1.1 or 6.x-1.6.

Content Management, Cross Site Scripting

Drupal Virtual Hosts Local File Inclusion

October 24th, 2008
Comments Off

Application: Drupal
Affected Version: all 5.x versions prior to 5.12 and all 6.x versions prior to 6.6.
Vendor’s URL: Virtual Hosts
Bug Type: File Inclusion
Risk Level: Critical

Solution:
Update to version 5.12 or 6.6.
Apply the vendor’s official patches to versions 5.11 or 6.5:

Content Management, File Inclusion

WordPress Newsletter Plugin “newsletter” SQLi

October 24th, 2008
Comments Off

Application: WordPress
Affected Version: version 2.x
Vendor’s URL: Newsletter Plugin
Bug Type: SQL Injection
Risk Level: Critical

Solution:
Edit the source code to ensure that input is properly sanitised.

Content Management, SQL Injection

XOOPS Makale Module “id” SQLi

October 24th, 2008
Comments Off

Application: XOOPS
Affected Version: version 0.26 and other versions.
Vendor’s URL: Makale Module
Bug Type: SQL Injection
Risk Level: Critical

Solution:
Edit the source code to ensure that input is properly sanitised.

Content Management, SQL Injection

Movable Type Unspecified XSS

October 24th, 2008
Comments Off

Application: Movable Type
Affected Version: version 4.21 and prior versions.
Vendor’s URL: Movable Type
Bug Type: Cross Site Scripting
Risk Level: Medium

Solution:

Content Management, Cross Site Scripting

Joomla DS-Syndicate Component “feed_id” SQL

October 24th, 2008
Comments Off

Application: Joomla
Affected Version: version 1.1.1 and other versions.
Vendor’s URL: DS-Syndicate Component
Bug Type: SQL Injection
Risk Level: Critical

Solution:
Edit the source code to ensure that input is properly sanitised.

Content Management, SQL Injection

Drupal Node Vote Module Vote Again SQLi

October 24th, 2008
Comments Off

Application: Drupal
Affected Version: version 5.x-1.0.
Vendor’s URL: Node Vote Module Vote Again
Bug Type: SQL Injection
Risk Level: Critical

Solution:
Update to version 5.x-1.1.

Content Management, SQL Injection

Drupal Node clone Module Security Bypass

October 24th, 2008
Comments Off

Application: Drupal
Affected Version: all 5.x-1.x versions prior to 5.x-1.6 and all 5.x-2.x versions prior to 5.x-2.6.
Vendor’s URL: Node clone Module
Bug Type: Security Bypass
Risk Level: Medium

Solution:
Update to version 5.x-1.6 or 5.x-2.6.

Access Bypass, Content Management

Drupal Shindig-Integrator Module Multiple Vulnerabilities

October 24th, 2008
Comments Off

Application: Drupal
Affected Version: all versions of Shindig-Integrator.
Vendor’s URL: Shindig-Integrator Module
Bug Type: Security Bypass, Cross Site Scripting
Risk Level: Critical

Solution:
Use another product.

Access Bypass, Content Management, Cross Site Scripting

Joomla OwnBiblio Component “catid” SQLi

October 24th, 2008
Comments Off

Application: Joomla
Affected Version: version 1.5.3 (1.5_fixed). Other versions may also be affected.
Vendor’s URL: OwnBiblio Component
Bug Type: SQL Injection
Risk Level: Critical

Solution:
Edit the source code to ensure that input is properly sanitised.

Content Management, SQL Injection

Joomla Mad4Joomla Mailforms Component “jid” SQLi

October 24th, 2008
Comments Off

Application: Joomla
Affected Version: all versions prior to 1.1.8.2.
Vendor’s URL: Mad4Joomla Mailforms Component
Bug Type: SQL Injection
Risk Level: Critical

Solution:
Update to version 1.1.8.2.

Content Management, SQL Injection

Joomla Ignite Gallery Component “gallery” SQLi

October 24th, 2008
Comments Off

Application: Joomla
Affected Version: versions from 0.8.0 up to and including 0.8.3.
Vendor’s URL: Ignite Gallery Component
Bug Type: SQL Injection
Risk Level: Critical

Solution:
Update to version 0.8.3.1.

Content Management, SQL Injection

Drupal EveryBlog Module Multiple Vulnerabilities

October 24th, 2008
Comments Off

Application: Drupal
Affected Version: all 5.x and 6.x versions.
Vendor’s URL: EveryBlog Module
Bug Type: Security Bypass, Cross Site Scripting, Privilege Escalation
Risk Level: Critical

Solution:
Use another product as all releases of the module have been removed from Drupal.org.

Access Bypass, Content Management, Cross Site Scripting, Privilege Escalation

Drupal SIOC Module Security Bypass

October 24th, 2008
Comments Off

Application: Drupal
Affected Version: all 5.x versions prior to 5.x-1.2 and all 6.x versions prior to 6.x-1.1.
Vendor’s URL: SIOC Module
Bug Type: Security Bypass
Risk Level: Critical

Solution:
Update to version 5.x-1.2 or 6.x-1.1.

Access Bypass, Content Management

Drupal Multiple Modules Security Bypass

October 24th, 2008
Comments Off

Application: Drupal
Affected Version:
- Live prior to version 6.x-1.0
- AJAX Picture Preview prior to version 6.x-1.2
- Banner Rotor prior to version 6.x-1.3
- Creative Commons Lite prior to version 6.x-1.1
- Keyboard shortcut utiilty prior to version 6.x-1.1
- LiveJournal CrossPoster prior to version 6.x-1.4
- Taxonomy import/export via XML prior to version 6.x-1.2

Bug Type: Security Bypass
Risk Level: Critical

Solution:
Update to:
- Live version 6.x-1.0
- AJAX Picture Preview version 6.x-1.2
- Banner Rotor version 6.x-1.3
- Creative Commons Lite version 6.x-1.1
- Keyboard shortcut utiilty version 6.x-1.1
- LiveJournal CrossPoster version 6.x-1.4
- Taxonomy import/export via XML version 6.x-1.2

Access Bypass, Content Management

Drupal Upload and Node Module API Security Bypass

October 24th, 2008
Comments Off

Application: Drupal
Affected Version: versions prior to 5.11.
Vendor’s URL: Upload and Node Module
Bug Type: Security Bypass
Risk Level: Medium

Solution:
Update to version 5.11.

Access Bypass, Content Management

Drupal Attach File Security Bypass

October 23rd, 2008
Comments Off

Application: Drupal
Affected Version: all 6.x versions prior to 6.5.
Vendor’s URL: Drupal
Bug Type: Security Bypass
Risk Level: Critical

Solution:
Update to version 6.5.

Access Bypass, Content Management

Drupal User and BlogAPI Security Bypass

October 23rd, 2008
Comments Off

Application: Drupal
Affected Version: all 5.x versions prior to 5.11 and all 6.x versions prior to 6.5.
Vendor’s URL: Drupal
Bug Type: Security Bypass
Risk Level: Critical

Solution:
Update to version 5.11 or 6.5. Grant the “Administer content with BlogAPI” permission to trusted users only.

Access Bypass, Discussion Boards

vbDrupal Multiple Security Bypass Vulnerabilities

October 23rd, 2008
Comments Off

Application: vbDrupal
Affected Version: all 5.x versions prior to 5.11.0.
Vendor’s URL: vbDrupal
Bug Type: Security Bypass
Risk Level: Critical

Solution:
Update to version 5.11.0. Grant the “Administer content with BlogAPI” permission to trusted users only.

Access Bypass, Discussion Boards

TWiki “image” Directory Traversal and Command Execution

October 23rd, 2008
Comments Off

Application: TWiki
Affected Version: versions prior to 4.2.3.
Vendor’s URL: TWiki
Bug Type: Command Execution
Risk Level: Critical

Solution:
Update to version 4.2.3.

Content Management, Remote Command Execution