Archive

Archive for August, 2009

Joomla MisterEstate Component “searchstring” SQLi

August 20th, 2009
Comments Off

Application: Joomla
Affected Version:
Vendor’s URL: Joomla MisterEstate Component
Bug Type: SQL Injection
Risk Level: Critical

Solution:
Edit the source code to ensure that input is properly sanitised.

Content Management, SQL Injection

Joomla IDoBlog Component “userid” SQLi

August 20th, 2009
Comments Off

Application: Joomla
Affected Version: version 1.1 and other versions.
Vendor’s URL: Joomla IDoBlog Component
Bug Type: SQL Injection
Risk Level: Critical

Solution:
Edit the source code to ensure that input is properly sanitised.

Content Management, SQL Injection

Drupal Webform Report Module Unspecified Script Insertion

August 20th, 2009
Comments Off

Application: Drupal
Affected Version: all 5.x and 6.x versions.
Vendor’s URL: Webform Report Module
Bug Type: Cross Site Scripting
Risk Level: Critical

Solution:
The vendor recommends disabling and removing the Webform Report module.

Content Management, Cross Site Scripting

WordPress Privilege Escalation

August 20th, 2009
Comments Off

Application: WordPress
Affected Version:
Vendor’s URL: WordPress
Bug Type: Privilege Escalation
Risk Level: Medium

Solution:
Update to version 2.8.4.

Content Management, Privilege Escalation

SimpleSiteAdministration “username” SQLi

August 20th, 2009
Comments Off

Application: SimpleSiteAdministration
Affected Version: version 0.5 and other versions.
Vendor’s URL: SimpleSiteAdministration
Bug Type: SQL Injection
Risk Level: Critical

Solution:
Edit the source code to ensure that input is properly sanitised.

Content Management, SQL Injection

XOOPS “op” Cross-Site Scripting

August 20th, 2009
Comments Off

Application: XOOPS
Affected Version: version 2.3.3 and others.
Vendor’s URL: XOOPS
Bug Type: Cross Site Scripting
Risk Level: Medium

Solution:
Fixed in the SVN repository.
http://xoops.svn.sourceforge.net/view…s/pm/viewpmsg.php?r1=2621&r2=3292

Content Management, Cross Site Scripting

Drupal Live Module Privilege Escalation Security Issue

August 20th, 2009
Comments Off

Application: Drupal
Affected Version: versions prior to 6.x-1.2.
Vendor’s URL: Drupal Live Module
Bug Type: Privilege escalation
Risk Level: Low

Solution:
Update to version 6.x-1.2.
http://drupal.org/node/534976

Content Management, Privilege Escalation

Drupal Bibliography Module Script Insertion

August 20th, 2009
Comments Off

Application: Drupal
Affected Version: versions prior to 6.x-1.6 and 5.x-1.17.
Vendor’s URL: Drupal Bibliography Module
Bug Type: Cross Site Scripting
Risk Level: Low

Solution:
Update to version 6.x-1.6 or 5.x-1.17.
http://drupal.org/node/534744
http://drupal.org/node/534752

Content Management, Cross Site Scripting

Drupal Date Module Script Insertion

August 20th, 2009
Comments Off

Application: Drupal
Affected Version: version prior to 6.x-2.3.
Vendor’s URL: Drupal Date
Bug Type: Cross Site Scripting
Risk Level: Low

Solution:
Update to version 6.x-2.3.
http://drupal.org/node/534332

Content Management, Cross Site Scripting

Drupal Calendar Script Insertion

August 20th, 2009
Comments Off

Application: Drupal Calendar
Affected Version: version 6.x-2.1 and other versions.
Vendor’s URL: Drupal
Bug Type: Cross Site Scripting
Risk Level: Low

Solution:
Update to version 6.x-2.2.
http://drupal.org/node/534336

Content Management, Cross Site Scripting