Archive

Archive for April, 2009

Joomla RS-Monials Component “comments” Script Insertion

April 27th, 2009
Comments Off

Application: Joomla
Affected Version: version 1.5.1 and other versions.
Vendor’s URL: Joomla RS-Monials Component
Bug Type: Cross Site Scripting
Risk Level: Critical

Solution:
Filter malicious characters and character sequences in a web proxy.

Content Management, Cross Site Scripting

Drupal CCK Comment Reference Script Insertion

April 27th, 2009
Comments Off

Application: Drupal
Affected Version: versions prior to 6.x-1.2.
Vendor’s URL: Drupal CCK Comment Reference
Bug Type: Cross Site Scripting
Risk Level: Critical

Solution:
Update to version 6.x-1.2.
http://drupal.org/node/434842

Content Management, Cross Site Scripting

Drupal Print Module Content Title Script Insertion

April 27th, 2009
Comments Off

Application: Drupal
Affected Version: version 5.x prior to 5.x-4.5 and 6.x prior to 6.x-1.5.
Vendor’s URL: Drupal Print Module Content Title
Bug Type: Cross Site Scripting
Risk Level: Medium

Solution:
Update to a fixed version.

Print module 5.x-4.5:
http://drupal.org/node/434718

Print module 6.x-1.5:
http://drupal.org/node/434720

Content Management, Cross Site Scripting

Drupal Localization Client Module Script Insertion

April 27th, 2009
Comments Off

Application: Drupal
Affected Version: 5.x versions prior to 5.x-1.2 and 6.x versions prior to 6.x-1.7
Vendor’s URL: Drupal Localization Client Module
Bug Type: Cross Site Scripting
Risk Level: Medium

Solution:
Update to a fixed version.

Localization Client 5.x-1.2:
http://drupal.org/node/434694

Localization Client 6.x-1.7:
http://drupal.org/node/434688

Content Management, Cross Site Scripting

Geeklog “SESS_updateSessionTime()” SQLi

April 27th, 2009
Comments Off

Application: Geeklog
Affected Version: versions prior to 1.5.2sr2.
Vendor’s URL: Geeklog
Bug Type: SQL Injection
Risk Level: Critical

Solution:
Update to version 1.5.2sr2.

Content Management, SQL Injection

DotNetNuke PayPal IPN XSS

April 27th, 2009
Comments Off

Application: DotNetNuke
Affected Version: versions prior to 4.9.3
Vendor’s URL: DotNetNuke PayPal IPN
Bug Type: Cross Site Scripting
Risk Level: Medium

Solution:
Update to version 4.9.3.

Content Management, Cross Site Scripting

Joomla RD-Autos Component “makeid” SQLi

April 27th, 2009
Comments Off

Application: Joomla
Affected Version: version 1.5.7 and other versions.
Vendor’s URL: Joomla RD-Autos Component
Bug Type: SQL Injection
Risk Level: Critical

Solution:
Edit the source code to ensure that input is properly sanitised.

Content Management, SQL Injection

Joomla Messaging Component “controller” Local File Inclusion

April 27th, 2009
Comments Off

Application: Joomla
Affected Version: version 1.5.0 and other versions.
Vendor’s URL: Joomla Messaging Component
Bug Type: Local File Inclusion
Risk Level: Medium

Solution:
Edit the source code to ensure that input is properly verified.

Content Management, File Inclusion

Joomla! XSS and XSRF

April 27th, 2009
Comments Off

Application: Joomla
Affected Version: version 1.5.9 and prior versions.
Vendor’s URL: Joomla
Bug Type: Cross Site Scripting
Risk Level: Medium

Solution:
Update to version 1.5.10.

Content Management, Cross Site Scripting

My Simple Forum Multiple Vulnerabilities

April 27th, 2009
Comments Off

Application: My Simple Forum
Affected Version: version 7.1 and other versions.
Vendor’s URL: My Simple Forum
Bug Type: Cross Site Scripting, Exposure of system information
Risk Level: Critical

Solution:
Edit the source code to ensure that input is properly sanitised and verified.

Cross Site Scripting, Discussion Boards