Archive

Archive for September, 2009

Joomla Jreservation Component “pid” SQLi

September 23rd, 2009
Comments Off

Application: Joomla
Affected Version: version 1.0 and other versions.
Vendor’s URL: Jreservation Component
Bug Type: SQL Injection
Risk Level: Critical

Solution:
Edit the source code to ensure that input is properly sanitised.

Content Management, SQL Injection

Drupal Multiple Vulnerabilities

September 23rd, 2009
Comments Off

Application: Drupal
Affected Version: versions prior to 6.14.
Vendor’s URL: Drupal
Bug Type: Cross Site Scripting
Risk Level: Critical

Solution:
Update to version 6.14 or apply the patch.

Content Management, Cross Site Scripting

Joomla DJ-Catalog Component SQLi

September 23rd, 2009
Comments Off

Application: Joomla
Affected Version:
Vendor’s URL: DJ-Catalog Component
Bug Type: SQL Injection
Risk Level: Critical

Solution:
Update to fixed version 16-09-2009.

Content Management, SQL Injection

Drupal BUEditor Module Script Insertion

September 23rd, 2009
Comments Off

Application: Drupal
Affected Version: versions prior to 5.x-1.2 and 6.x-1.4.
Vendor’s URL: BUEditor Module
Bug Type: Cross Site Scripting
Risk Level: Critical

Solution:
Update to version 5.x-1.2 or 6.x-1.4.

Content Management, Cross Site Scripting

Joomla Joomloc Component “id” SQLi

September 23rd, 2009
Comments Off

Application: Joomla
Affected Version: version 1.0 and other versions.
Vendor’s URL: Joomloc Component
Bug Type: SQL Injection
Risk Level: Critical

Solution:
Edit the source code to ensure that input is properly sanitised.

Content Management, SQL Injection

Joomla Component Joomlub “aid” SQLi

September 23rd, 2009
Comments Off

Application: Joomla
Affected Version:
Vendor’s URL: Joomlub
Bug Type: SQL Injection
Risk Level: Critical

Solution:
Reportedly fixed. Contact the vendor for additional information.

Content Management, SQL Injection

PHP Live! “deptid” SQLi

September 23rd, 2009
Comments Off

Application: PHP Live!
Affected Version: version 3.3 and other versions.
Vendor’s URL: PHP Live!
Bug Type: SQL Injection
Risk Level: Critical

Solution:
Edit the source code to ensure that input is properly sanitised.

Customer Relationship, SQL Injection

phpBB Prime Quick Style “prime_quick_style” SQLi

September 23rd, 2009
Comments Off

Application: phpBB
Affected Version: versions prior to 1.2.3.
Vendor’s URL: Prime Quick Style
Bug Type: SQL Injection
Risk Level: Critical

Solution:
Update to version 1.2.3.

Discussion Boards, SQL Injection

FlexCMS Login Cookie SQLi

September 23rd, 2009
Comments Off

Application: FlexCMS
Affected Version: version 3.0 and other versions.
Vendor’s URL: FlexCMS
Bug Type: SQL Injection
Risk Level: Critical

Solution:
Edit the source code to ensure that input is properly sanitised.

Content Management, SQL Injection

Joomla DigiFolio Component “id” SQLi

September 23rd, 2009
Comments Off

Application: Joomla
Affected Version: version 1.52 and other versions.
Vendor’s URL: DigiFolio Component
Bug Type: SQL Injection
Risk Level: Critical

Solution:
Update to version 1.53.

Content Management, SQL Injection

Drupal Go – url redirects Module Multiple Vulnerabilities

September 23rd, 2009
Comments Off

Application: Drupal Go
Affected Version:
Vendor’s URL: url redirects Module
Bug Type: SQL Injection, Cross Site Scripting, Security Bypass
Risk Level: Critical

Solution:
Update to version 5.x-1.4 or 6.x-1.1.

Access Bypass, Content Management, Cross Site Scripting, SQL Injection

WordPress WP-Syntax Plugin Code Execution

September 23rd, 2009
Comments Off

Application: WordPress
Affected Version: version 0.9.8 and other versions.
Vendor’s URL: WP-Syntax Plugin
Bug Type: Code Execution
Risk Level: Critical

Solution:
Remove the “wp-syntax/test” directory.

Content Management, Remote Command Execution

SugarCRM Unspecified SQLi

September 23rd, 2009
Comments Off

Application: SugarCRM
Affected Version: versions 5.2.0g and prior, 5.0.0k and prior, and 4.5.1o and prior.
Vendor’s URL: SugarCRM
Bug Type: SQL Injection
Risk Level: Medium

Solution:
Update to version 5.2.0h, 5.0.0l, or 4.5.1p.

Content Management, SQL Injection