Archive

Archive for February, 2009

Drupal Advertisement Module Script Insertion Vulnerability

February 20th, 2009
Comments Off

Application: Drupal
Affected Version: versions prior to 5.x-1.7 and 6.x-1.0-rc1.
Vendor’s URL: Advertisement Module
Bug Type: Cross Site Scripting
Risk Level: Medium

Solution:
Update to version 5.x-1.7 or 6.x-1.0-rc1.

Content Management, Cross Site Scripting

Drupal Link Module “description” Script Insertion Vulnerability

February 20th, 2009
Comments Off

Application: Drupal
Affected Version: version 5.x-2.5 and other versions.
Vendor’s URL: Link Module
Bug Type: Cross Site Scripting
Risk Level: Medium

Solution:
Grant the “administer content types” privilege to trusted users only.
Edit the source code to ensure that input is properly sanitised.

Content Management, Cross Site Scripting

Drupal Views Bulk Operations Module Script Insertion

February 20th, 2009
Comments Off

Application: Drupal
Affected Version: versions prior to 5.x-1.3 and 6.x-1.4.
Vendor’s URL: Views Bulk Operations Module
Bug Type: Cross Site Scripting
Risk Level: Critical

Solution:
Update to version 5.x-1.3 or 6.x-1.4.

Content Management, Cross Site Scripting

Drupal ImageField Module File Upload and Script Insertion

February 20th, 2009
Comments Off

Application: Drupal
Affected Version: version 5.x-2.2 and other versions.
Vendor’s URL: ImageField Module
Bug Type: System access
Risk Level: Critical

Solution:
Edit the source code to ensure that input is properly sanitised and verified.

Content Management, File Inclusion

Joomla! WebAmoeba Ticket System Component “catid” SQLi

February 20th, 2009
Comments Off

Application: Joomla!
Affected Version:
Vendor’s URL: WebAmoeba Ticket System Component
Bug Type: SQL Injection
Risk Level: Medium

Solution:
Edit the source code to ensure that input is properly sanitised.

Content Management, SQL Injection

Joomla BazaarBuilder Shopping Cart Component SQLi

February 20th, 2009
Comments Off

Application: Joomla
Affected Version: version 5.0 and other versions.
Vendor’s URL: BazaarBuilder Shopping Cart
Bug Type: SQL Injection
Risk Level: Critical

Solution:
Edit the source code to ensure that input is properly sanitised.

Content Management, E-Commerce, SQL Injection

osCommerce Cross-Site Request Forgery Vulnerability

February 20th, 2009
Comments Off

Application: osCommerce
Affected Version: version 2.2 Release Candidate 2a
Vendor’s URL: osCommerce
Bug Type: Cross Site Scripting
Risk Level: Medium

Solution:
Do not visit untrusted sites while being logged in to the application.

Cross Site Scripting, E-Commerce

Coppermine Photo Gallery Variable Overwrite Vulnerability

February 20th, 2009
Comments Off

Application: Coppermine
Affected Version: version 1.4.19 and other versions.
Vendor’s URL: Photo Gallery
Bug Type: Security Bypass
Risk Level: Critical

Solution:
Update to version 1.4.20.

Access Bypass, Image Galleries