Archive

Archive for December, 2009

WordPress Woopra Analytics Plugin Arbitrary File Creation

December 24th, 2009
Comments Off

Application: WordPress
Affected Version:
Vendor’s URL: Woopra Analytics Plugin
Bug Type: System Access
Risk Level: Critical

Solution:
Update to version 1.4.3.2.

Remove ofc_upload_image.php file from the Open Flash Chart directory.

Access Bypass, Content Management

Joomla JEEMA Article Collection Component “catid” SQLi

December 24th, 2009
Comments Off

Application: Joomla
Affected Version: version 1.0.0.1 and other versions.
Vendor’s URL: JEEMA Article Collection Component
Bug Type: SQL Injection
Risk Level: Critical

Solution:
Edit the source code to ensure that input is properly sanitised.

Content Management, SQL Injection

Joomla JoomPortfolio Component “secid” SQLi

December 24th, 2009
Comments Off

Application: Joomla
Affected Version: version 1.0.0 and other versions.
Vendor’s URL: JoomPortfolio Component
Bug Type: SQL Injection
Risk Level: Critical

Solution:
Edit the source code to ensure that input is properly sanitised.

Content Management, SQL Injection

WP-Forum Multiple SQLi

December 24th, 2009
Comments Off

Application: WP-Forum
Affected Version: versions 2.3 and 2.4 and other versions.
Vendor’s URL: WP-Forum
Bug Type: SQL Injection
Risk Level: Critical

Solution:
Edit the source code to ensure that input is properly sanitised.

Discussion Boards, SQL Injection

Invision Power Board Script Insertion and SQLi

December 24th, 2009
Comments Off

Application: Invision Power Board
Affected Version: version 2.3.6 and other versions.
Vendor’s URL: Invision Power Board
Bug Type: Script Insertion and SQL Injection
Risk Level: Medium

Solution:
Upgrade to version 3.0.5 or later.

Discussion Boards, SQL Injection

Joomla JPhoto Component “id” SQLi

December 24th, 2009
Comments Off

Application: Joomla
Affected Version: version 1.0
Vendor’s URL: JPhoto Component
Bug Type: SQL Injection
Risk Level: Critical

Solution:
Update to version 1.1 or later.

Content Management, SQL Injection

Zen Cart “url” Local File Inclusion

December 24th, 2009
Comments Off

Application: Zen Cart
Affected Version: version 1.3.8a (full fileset 12112007) and other versions
Vendor’s URL: Zen Cart
Bug Type: File Inclusion
Risk Level: Critical

Solution:
The vendor recommends to delete the “extras” folder from the webroot.

E-Commerce, File Inclusion

WordPress Google Analytics Plugin XSS

December 24th, 2009
Comments Off

Application: WordPress
Affected Version: version 3.2.4 and other versions
Vendor’s URL: Google Analytics Plugin
Bug Type: Cross Site Scripting
Risk Level: Medium

Solution:
Update to version 3.2.5.

Content Management, Cross Site Scripting

Joomla Joaktree Component “treeId” SQLi

December 24th, 2009
Comments Off

Application: Joomla
Affected Version: version 1.0 and others
Vendor’s URL: Joaktree Component
Bug Type: SQL Injection
Risk Level: High

Solution:
Edit the source code to ensure that input is properly sanitised.

Content Management, SQL Injection

Joomla LyftenBloggie Component “author” SQLi

December 1st, 2009
Comments Off

Application: Joomla
Affected Version: version 1.0.4 and other versions
Vendor’s URL: LyftenBloggie Component
Bug Type: SQL Injection
Risk Level: Critical

Solution:
Edit the source code to ensure that input is properly sanitised.

Content Management, SQL Injection

Joomla GCalendar Component “gcid” SQLi

December 1st, 2009
Comments Off

Application: Joomla
Affected Version: version 2.1.4 and other versions
Vendor’s URL: GCalendar Component
Bug Type: SQL Injection
Risk Level: Critical

Solution:
Edit the source code to ensure that input is properly sanitised.

Content Management, SQL Injection

Joomla iF Portfolio Nexus Component “id” SQLi

December 1st, 2009
Comments Off

Application: Joomla
Affected Version: version 1.1
Vendor’s URL: iF Portfolio Nexus Component
Bug Type: SQL Injection
Risk Level: Critical

Solution:
Edit the source code to ensure that input is properly sanitised.

Content Management, SQL Injection

JoomClip “cat” SQLi

December 1st, 2009
Comments Off

Application: JoomClip
Affected Version:
Vendor’s URL: JoomClip
Bug Type: SQL Injection
Risk Level: Critical

Solution:
Edit the source code to ensure that input is properly sanitised.

Filter malicious characters and character sequences in a proxy.

Content Management, SQL Injection

XOOPS Profile Activation Security Bypass

December 1st, 2009
Comments Off

Application: XOOPS
Affected Version: prior to 2.4.1
Vendor’s URL: XOOPS Profile Activation
Bug Type: Security Bypass
Risk Level: Medium

Solution:
Update to version 2.4.1.

Access Bypass, Content Management

WordPress File Upload and Script Insertion

December 1st, 2009
Comments Off

Application: WordPress
Affected Version: version 2.8.5
Vendor’s URL: WordPress
Bug Type: File Upload and Script Insertion
Risk Level: Medium

Solution:
Update to version 2.8.6.

Access Bypass, Content Management, Cross Site Scripting

Joomla Jumi Component Backdoor Security Issue

December 1st, 2009
Comments Off

Application: Joomla
Affected Version:
Vendor’s URL: Jumi Component
Bug Type: Access Bypass
Risk Level: Critical

Solution:
The vendor has released clean installation files.

Access Bypass, Content Management

PunBB Attachment Plugin “secure_str” SQLi

December 1st, 2009
Comments Off

Application: PunBB
Affected Version: version 1.0.2 and other versions.
Vendor’s URL: PunBB Attachment Plugin
Bug Type: SQL Injection
Risk Level: Critical

Solution:
Edit the source code to ensure that input is properly sanitised.

Discussion Boards, SQL Injection