Application: Joomla
Affected Version:
Vendor’s URL: Hotel Booking System Component
Bug Type: SQL Injection
Risk Level: Critical
Solution:
Edit the source code to ensure that input is properly sanitised.
Content Management, SQL Injection
Application: Drupal
Affected Version: versions prior to 2.2
Vendor’s URL: Views Module
Bug Type: SQL Injection
Risk Level: Medium
Solution:
Update to version 2.2
Content Management, SQL Injection
Application: Joomla
Affected Version: version 1.0 (Free Edition) and other versions.
Vendor’s URL: Live Chat Component
Bug Type: SQL Injection
Risk Level: Critical
Solution:
Edit the source code to ensure that input is properly sanitised.
Content Management, SQL Injection
Application: MediaWiki
Affected Version: versions 1.13.0 through 1.13.2 and versions since 1.3.0.
Vendor’s URL: MediaWiki
Bug Type: Cross Site Scripting
Risk Level: Critical
Solution:
Update to MediaWiki 1.13.3, 1.12.3 and 1.6.11 or apply patches.
Content Management, Cross Site Scripting
Application: phpBB
Affected Version: versions prior to 3.0.4.
Vendor’s URL: phpBB
Bug Type: Security Bypass
Risk Level: Medium
Solution:
Update to version 3.0.4
Access Bypass, Discussion Boards
Application: Moodle
Affected Version:
Vendor’s URL: Moodle
Bug Type: Cross Site Scripting
Risk Level: Medium
Solution:
Update to version 1.6.8, 1.7.6, 1.8.7, or 1.9.3.
Content Management, Cross Site Scripting
Application: TWiki
Affected Version:
Vendor’s URL: TWiki
Bug Type: Cross Site Scripting and Command Injection
Risk Level: Critical
Solution:
Update to version 4.2.4.
Content Management, Cross Site Scripting, Remote Command Execution
Application: XOOPS
Affected Version: XOOPS 2.3.x prior to 2.3.2a and XOOPS 2.3.x prior to 2.3.2b
Vendor’s URL: XOOPS
Bug Type: Script Insertion and Local File Inclusion
Risk Level: Critical
Solution:
Update to version 2.3.2b.
Content Management, File Inclusion
Application: PunBB
Affected Version: version 1.3.x prior to 1.3.2.
Vendor’s URL: PunBB
Bug Type: Cross Site Scripting and SQL Injection
Risk Level: Low
Solution:
Update to version 1.3.2 or apply hotfixes.
http://punbb.informer.com/downloads.php#1.3.2
Cross Site Scripting, Discussion Boards, SQL Injection
Application: phpBB
Affected Version: version 4.0. Other versions may also be affected.
Vendor’s URL: Tag Board Module
Bug Type: SQL Injection
Risk Level: Critical
Solution:
Edit the source code to ensure that input is properly sanitised.
Discussion Boards, SQL Injection
Application: Drupal
Affected Version:
- Storm for Drupal 5 prior to 5.x-1.14
- Storm for Drupal 6 prior to 6.x-1.18
Vendor’s URL: Storm Module
Bug Type: SQL Injection
Risk Level:
Solution:
Update to version 5.x-1.14 or 6.x-1.18.
Content Management, SQL Injection
Application: Movable Type
Affected Version: – Movable Type 4
- Movable Type 4 Enterprise
- Movable Type 4 Community Edition
- Movable Type 4 (Open Source)
- Movable Type 3
- Movable Type Enterprise 1.5
Vendor’s URL: Movable Type
Bug Type: XSS
Risk Level: Medium
Solution:
Update to the latest version.
Movable Type 4.23 (Open Source)
Movable Type 4.23 (Professional Pack Community Pack included)
Movable Type Commercial 4.23 (Professional Pack included)
Movable Type Enterprise 4.23
Movable Type 3.38
Movable Type Enterprise 1.56
Content Management, Cross Site Scripting
Application: Drupal
Affected Version: Drupal 5.x prior to 5.x-1.1.
Vendor’s URL: Comment Mail Module
Bug Type: XSRF
Risk Level: Critical
Solution:
Update to version 5.x-1.1.
Content Management, Cross Site Scripting
Application: Drupal
Affected Version: Drupal 5.x prior to 5.x-1.13 and Drupal 6.x prior to 6.x-1.0-beta1.
Vendor’s URL: User Karma Module
Bug Type: XSS and SQLi
Risk Level: Critical
Solution:
Update to a fixed version.
Drupal 5.x:
Update to version 5.x-1.13.
Drupal 6.x:
Update to version 6.x-1.0-beta1.
Content Management, Cross Site Scripting, SQL Injection
Application: WordPress
Affected Version: only affects IP-based virtual servers running on Apache 2.x.
Vendor’s URL: WordPress
Bug Type: Script Insertion
Risk Level: Medium
Solution:
Update to version 2.6.5.
Content Management, Cross Site Scripting
Application: Gallery
Affected Version: Gallery 1.x versions 1.5.8-svn-b34 and later
Vendor’s URL: Gallery
Bug Type: Security Bypass
Risk Level: Critical
Solution:
Update to version 1.5.10.
Access Bypass, Image Galleries