Application: Joomla
Affected Version:
Vendor’s URL: Hotel Booking System Component
Bug Type: SQL Injection
Risk Level: Critical
Solution:
Edit the source code to ensure that input is properly sanitised.
Application: Drupal
Affected Version: versions prior to 2.2
Vendor’s URL: Views Module
Bug Type: SQL Injection
Risk Level: Medium
Solution:
Update to version 2.2
Application: Joomla
Affected Version: version 1.0 (Free Edition) and other versions.
Vendor’s URL: Live Chat Component
Bug Type: SQL Injection
Risk Level: Critical
Solution:
Edit the source code to ensure that input is properly sanitised.
Application: MediaWiki
Affected Version: versions 1.13.0 through 1.13.2 and versions since 1.3.0.
Vendor’s URL: MediaWiki
Bug Type: Cross Site Scripting
Risk Level: Critical
Solution:
Update to MediaWiki 1.13.3, 1.12.3 and 1.6.11 or apply patches.
Application: phpBB
Affected Version: versions prior to 3.0.4.
Vendor’s URL: phpBB
Bug Type: Security Bypass
Risk Level: Medium
Solution:
Update to version 3.0.4
Application: Moodle
Affected Version:
Vendor’s URL: Moodle
Bug Type: Cross Site Scripting
Risk Level: Medium
Solution:
Update to version 1.6.8, 1.7.6, 1.8.7, or 1.9.3.
Application: TWiki
Affected Version:
Vendor’s URL: TWiki
Bug Type: Cross Site Scripting and Command Injection
Risk Level: Critical
Solution:
Update to version 4.2.4.
Content Management, Cross Site Scripting, Remote Command Execution
Application: XOOPS
Affected Version: XOOPS 2.3.x prior to 2.3.2a and XOOPS 2.3.x prior to 2.3.2b
Vendor’s URL: XOOPS
Bug Type: Script Insertion and Local File Inclusion
Risk Level: Critical
Solution:
Update to version 2.3.2b.
Application: PunBB
Affected Version: version 1.3.x prior to 1.3.2.
Vendor’s URL: PunBB
Bug Type: Cross Site Scripting and SQL Injection
Risk Level: Low
Solution:
Update to version 1.3.2 or apply hotfixes.
http://punbb.informer.com/downloads.php#1.3.2
Application: phpBB
Affected Version: version 4.0. Other versions may also be affected.
Vendor’s URL: Tag Board Module
Bug Type: SQL Injection
Risk Level: Critical
Solution:
Edit the source code to ensure that input is properly sanitised.
Application: Drupal
Affected Version:
- Storm for Drupal 5 prior to 5.x-1.14
- Storm for Drupal 6 prior to 6.x-1.18
Vendor’s URL: Storm Module
Bug Type: SQL Injection
Risk Level:
Solution:
Update to version 5.x-1.14 or 6.x-1.18.
Application: Movable Type
Affected Version: – Movable Type 4
- Movable Type 4 Enterprise
- Movable Type 4 Community Edition
- Movable Type 4 (Open Source)
- Movable Type 3
- Movable Type Enterprise 1.5
Vendor’s URL: Movable Type
Bug Type: XSS
Risk Level: Medium
Solution:
Update to the latest version.
Movable Type 4.23 (Open Source)
Movable Type 4.23 (Professional Pack Community Pack included)
Movable Type Commercial 4.23 (Professional Pack included)
Movable Type Enterprise 4.23
Movable Type 3.38
Movable Type Enterprise 1.56
Application: Drupal
Affected Version: Drupal 5.x prior to 5.x-1.1.
Vendor’s URL: Comment Mail Module
Bug Type: XSRF
Risk Level: Critical
Solution:
Update to version 5.x-1.1.
Application: Drupal
Affected Version: Drupal 5.x prior to 5.x-1.13 and Drupal 6.x prior to 6.x-1.0-beta1.
Vendor’s URL: User Karma Module
Bug Type: XSS and SQLi
Risk Level: Critical
Solution:
Update to a fixed version.
Drupal 5.x:
Update to version 5.x-1.13.
Drupal 6.x:
Update to version 6.x-1.0-beta1.
Application: WordPress
Affected Version: only affects IP-based virtual servers running on Apache 2.x.
Vendor’s URL: WordPress
Bug Type: Script Insertion
Risk Level: Medium
Solution:
Update to version 2.6.5.
Application: Gallery
Affected Version: Gallery 1.x versions 1.5.8-svn-b34 and later
Vendor’s URL: Gallery
Bug Type: Security Bypass
Risk Level: Critical
Solution:
Update to version 1.5.10.