Archive

Archive for July, 2009

PunBB Automatic Image Upload with Thumbnails SQLi

July 29th, 2009
Comments Off

Application: PunBB
Affected Version: version 1.3.6 and other version.
Vendor’s URL: PunBB Automatic Image Upload
Bug Type: SQL Injection
Risk Level: Critical

Solution:
Edit the source code to ensure that input is properly sanitised.

Discussion Boards, SQL Injection

XOOPS Celepar Multiple Vulnerabilities

July 29th, 2009
Comments Off

Application: XOOPS
Affected Version: -
Vendor’s URL: XOOPS Celepar
Bug Type: Cross Site Scripting and SQL Injection
Risk Level: Critical

Solution:
Edit the source code to ensure that input is properly sanitised.

Content Management, Cross Site Scripting, SQL Injection

Joomla Almond Classifieds Component SQLi and XSS

July 29th, 2009
Comments Off

Application: Joomla
Affected Version: version 7.5 and other versions.
Vendor’s URL: Almond Classifieds Component
Bug Type: SQL Injection and Cross Site Scripting
Risk Level: Critical

Solution:
Edit the source code to ensure that input is properly sanitised.

Content Management, Cross Site Scripting, SQL Injection

Joomla! Information Disclosure and File Upload

July 29th, 2009
Comments Off

Application: Joomla!
Affected Version: version 1.5.1 and other versions.
Vendor’s URL: Joomla!
Bug Type: Information Disclosure and File Upload
Risk Level: Critical

Solution:
Update to version 1.5.13.

Content Management, File Inclusion, Information Disclosure

WordPress Comment Author Script Insertion

July 29th, 2009
Comments Off

Application: WordPress
Affected Version: versions prior to 2.8.2.
Vendor’s URL: WordPress Comment Author
Bug Type: Script Insertion
Risk Level: Critical

Solution:
Update to version 2.8.2.

Content Management, Cross Site Scripting

PHP Scripts Now Multiple Products “rank” SQLi

July 29th, 2009
Comments Off

Application: PHP Scripts Now
Affected Version: -
Vendor’s URL: PHP Scripts Now
Bug Type: SQL Injection
Risk Level: Critical

Solution:
Edit the source code to ensure that input is properly sanitised.

SQL Injection

Joomla Jobline Component “search” SQLi

July 29th, 2009
Comments Off

Application: Joomla
Affected Version: version 1.1.2.2 and other versions.
Vendor’s URL: Jobline Component
Bug Type: SQL Injection
Risk Level: Critical

Solution:
Edit the source code to ensure that input is properly sanitised.

Content Management, SQL Injection

Joomla Acajoom GPL Component Backdoor Security

July 29th, 2009
Comments Off

Application: Joomla
Affected Version: versions downloaded between 2009-06-25 and 2009-06-28.
Vendor’s URL: Acajoom GPL Component
Bug Type: backdoor
Risk Level: Critical

Solution:
Update to version 3.2.7.

Content Management

Joomla! Cross-Site Scripting and Information Disclosure

July 29th, 2009
Comments Off

Application: Joomla!
Affected Version: versions prior to 1.5.12.
Vendor’s URL: Joomla!
Bug Type: Cross-Site Scripting and Information Disclosure
Risk Level: Medium

Solution:
Update to version 1.5.13.

Content Management, Cross Site Scripting, Information Disclosure

PunBB Vote For Us Module SQLi

July 29th, 2009
Comments Off

Application: PunBB
Affected Version: version 1.0.1 and other versions.
Vendor’s URL: Vote For Us Module
Bug Type: SQL Injection
Risk Level: Critical

Solution:
Edit the source code to ensure that input is properly sanitised.

Discussion Boards, SQL Injection

PunBB Affiliation Module SQLi

July 29th, 2009
Comments Off

Application: PunBB
Affected Version: version 1.1.0 and other versions.
Vendor’s URL: PunBB Affiliation Module
Bug Type: SQL Injection
Risk Level: Critical

Solution:
Edit the source code to ensure that input is properly sanitised.

Discussion Boards, SQL Injection

WordPress DM Albums Plugin “SECURITY_FILE” File Inclusion

July 29th, 2009
Comments Off

Application: WordPress
Affected Version: version 1.9.2 and other versions.
Vendor’s URL: DM Albums Plugin
Bug Type: File Inclusion
Risk Level: Critical

Solution:
Edit the source code to ensure that input is properly verified.
Set “register_globals” to “Off” in php.ini.

Content Management, File Inclusion

Joomla BookFlip Component “book_id” SQLi

July 29th, 2009
Comments Off

Application: Joomla
Affected Version: version 2.1 and other versions.
Vendor’s URL: BookFlip Component
Bug Type: SQL Injection
Risk Level: Critical

Solution:
Edit the source code to ensure that input is properly sanitised.

Content Management, SQL Injection

V-SpacePal Login Page SQLi

July 29th, 2009
Comments Off

Application: V-SpacePal
Affected Version:
Vendor’s URL: V-SpacePal
Bug Type: SQL Injection
Risk Level: Critical

Solution:
Filter malicious characters and character sequences using a proxy.
Contact developer.

SQL Injection