Archive

Archive for October, 2009

Drupal Moodle Course List Module SQLi

October 23rd, 2009
Comments Off

Application: Drupal
Affected Version: versions prior to 6.x-1.2.
Vendor’s URL: Moodle Course List Module
Bug Type: SQL Injection
Risk Level: Critical

Solution:
Update to version 6.x-1.2.
http://drupal.org/node/569734

Content Management, SQL Injection

WordPress Trackback Denial of Service

October 23rd, 2009
Comments Off

Application: WordPress
Affected Version: versions prior to 2.8.5.
Vendor’s URL: WordPress
Bug Type: Denial of Service
Risk Level: Medium

Solution:
Update to version 2.8.5.
http://wordpress.org/download/

Content Management, Denial Of Service

Joomla AjaxChat Component File Inclusion

October 23rd, 2009
Comments Off

Application: Joomla
Affected Version:
Vendor’s URL: AjaxChat Component
Bug Type: File Inclusion
Risk Level: Critical

Solution:
Edit the source code to ensure that input is properly verified.

Content Management, File Inclusion

Joomla CB Resume Builder Component “group_id” SQLi

October 23rd, 2009
Comments Off

Application: Joomla
Affected Version:
Vendor’s URL: CB Resume Builder Component
Bug Type: SQL Injection
Risk Level: Critical

Solution:
Edit the source code to ensure that input is properly sanitised.

Content Management, SQL Injection

Drupal Browscap Module Script Insertion

October 23rd, 2009
Comments Off

Application: Drupal
Affected Version: prior to version 5.x-1.1 and 6.x-1.1.
Vendor’s URL: Browscap Module
Bug Type: Cross Site Scripting
Risk Level: Medium

Solution:
Browscap 5.x:
Update to Browscap 5.x-1.1
http://drupal.org/node/592262

Browscap 6.x:
Update to Browscap 6.x-1.1
http://drupal.org/node/592264

Content Management, Cross Site Scripting

Joomla iCRM Basic Component Multiple Vulnerabilities

October 23rd, 2009
Comments Off

Application: Joomla
Affected Version: version 1.4.2.31 and other versions.
Vendor’s URL: iCRM Basic Component
Bug Type: Security Bypass
Risk Level: Critical

Solution:
Edit the source code to ensure that input is properly sanitised.

Access Bypass, Content Management

Joomla Fastball Component “league” SQLi

October 23rd, 2009
Comments Off

Application: Joomla
Affected Version: version 1.2 and other versions.
Vendor’s URL: Fastball Component
Bug Type: SQL Injection
Risk Level: Critical

Solution:
Edit the source code to ensure that input is properly sanitised.

Content Management, SQL Injection

Joomla Tupinambis Component “proyecto” SQLi

October 23rd, 2009
Comments Off

Application: Joomla
Affected Version: version 1.0
Vendor’s URL: Tupinambis Component
Bug Type: SQL Injection
Risk Level: Critical

Solution:
Edit the source code to ensure that input is properly sanitised.

Content Management, SQL Injection

Joomla SportFusion Component “cid[0]” SQLi

October 23rd, 2009
Comments Off

Application: Joomla
Affected Version: version 0.2.3 and others.
Vendor’s URL: SportFusion Component
Bug Type: SQL Injection
Risk Level: Critical

Solution:
Edit the source code to ensure that input is properly sanitised.

Content Management, SQL Injection

Joomla Integrated Newsletter Component “newsid” SQLi

October 23rd, 2009
Comments Off

Application: Joomla
Affected Version: version 0.3
Vendor’s URL: Integrated Newsletter Component
Bug Type: SQL Injection
Risk Level: Medium

Solution:
Edit the source code to ensure that input is properly sanitised.

Content Management, SQL Injection