Application: Drupal
Affected Version: prior to version 5.15.
Vendor’s URL: Node Access API
Bug Type: SQL Injection
Risk Level: Medium
Solution:
Update to version 5.15.
http://ftp.drupal.org/files/projects/drupal-5.15.tar.gz
Content Management, SQL Injection
Application: Joomla
Affected Version: version 1.5.5 and other versions.
Vendor’s URL: RD-Autos Component
Bug Type: SQL Injection
Risk Level: Critical
Solution:
Edit the source code to ensure that input is properly sanitised.
Content Management, SQL Injection
Application: Joomla
Affected Version:
Vendor’s URL: Eventing Component
Bug Type: SQL Injection
Risk Level: Critical
Solution:
Edit the source code to ensure that input is properly sanitised.
Content Management, SQL Injection
Application: Joomla
Affected Version: version 2009.1.5 and other versions.
Vendor’s URL: Fantasy Tournament Component
Bug Type: SQL Injection
Risk Level: Critical
Solution:
Edit the source code to ensure that input is properly sanitised.
Content Management, SQL Injection
Application: Drupal
Affected Version: prior to 5.x-1.2
Vendor’s URL: Notify Module
Bug Type: Privilege Escalation
Risk Level: Medium
Solution:
Update to version 5.x-1.2.
Content Management, Privilege Escalation
Application: Drupal
Affected Version: versions prior to 5.x-2.5.
Vendor’s URL: Internationalization (i18n) Translation Module
Bug Type: Security Bypass
Risk Level: Medium
Solution:
Update to version 5.x-2.5.
Access Bypass, Content Management
Application: Drupal
Affected Version: Drupal 6.x
Vendor’s URL: Content Translation Module
Bug Type: Security Bypass
Risk Level: Medium
Solution:
Update to version 6.9.
Access Bypass, Content Management
Application: Joomla
Affected Version:
Vendor’s URL: JA Showcase Component
Bug Type: SQL Injection
Risk Level: Critical
Solution:
Edit the source code to ensure that input is properly sanitised.
Content Management, SQL Injection
Application: XOOPS
Affected Version: version 2.3.2b and other versions.
Vendor’s URL: XOOPS
Bug Type: Code Injection
Risk Level: Critical
Solution:
Restrict web access to the affected files (e.g. via “.htaccess”).
Access Bypass, Content Management
Application: Drupal
Affected Version:
Vendor’s URL: Project Issue Tracking Module
Bug Type: Cross Site Scripting
Risk Level: Medium
Solution:
Update to version 5.x-2.3.
Content Management, Cross Site Scripting
Application: Drupal
Affected Version: versions prior to 5.x-1.3
Vendor’s URL: Project Module
Bug Type: File Upload and Cross Site Scripting
Risk Level: Critical
Solution:
Update to version 5.x-1.3.
Content Management, Cross Site Scripting, File Inclusion
Application: DotNetNuke
Affected Version: version 4.5.2 to 4.9
Vendor’s URL: Role Membership
Bug Type: Security Bypass
Risk Level: Medium
Solution:
Update to version 4.9.1.
Access Bypass, Content Management
Application: PostNuke
Affected Version: version 1.2i and other versions.
Vendor’s URL: PNphpBB2 Module
Bug Type: File Inclusion
Risk Level: Critical
Solution:
Edit the source code to ensure that input is properly verified.
Content Management, File Inclusion
Application: vBulletin
Affected Version: version 1.0.3c and other versions.
Vendor’s URL: Personal Sticky Threads Add-on
Bug Type: Security Bypass
Risk Level: Medium
Solution:
Edit the source code and ensure that proper access restrictions are implemented.
Access Bypass, Discussion Boards
Application: Joomla
Affected Version: version 1.5.8 and other versions.
Vendor’s URL: Joomla
Bug Type: Directory Traversal
Risk Level: Medium
Solution:
Update to version 1.5.9.
Content Management, Information Disclosure
Application: Joomla
Affected Version:
Vendor’s URL: mDigg Component
Bug Type: SQL Injection
Risk Level: Critical
Solution:
Edit the source code to ensure that input is properly sanitised.
Content Management, SQL Injection
Application: Joomla
Affected Version: version 1.0.0
Vendor’s URL: Live Ticker Component
Bug Type: SQL Injection
Risk Level: Critical
Solution:
Edit the source code to ensure that input is properly sanitised.
Content Management, SQL Injection
Application: Joomla
Affected Version: version 0.1 and other versions.
Vendor’s URL: PaxGallery Component
Bug Type: SQL Injection
Risk Level: Critical
Solution:
Edit the source code to ensure that input is properly sanitised.
Content Management, SQL Injection