Archive

Archive for February, 2010

Joomla Community Polls Component “controller” File Inclusion

February 23rd, 2010
Comments Off

Application: Joomla
Affected Version: versions prior to 1.5.3.
Vendor’s URL: Community Polls Component
Bug Type: File Inclusion
Risk Level: Critical

Solution:
Update to version 1.5.3 or later.

Content Management, File Inclusion

Drupal Content Distribution Module Multiple Vulnerabilities

February 23rd, 2010
Comments Off

Application: Drupal
Affected Version: versions prior to 6.x-1.3.
Vendor’s URL: Content Distribution Module
Bug Type:
Risk Level: Critical

Solution:
Update to version 6.x-1.3.

Content Management

Joomla! Core Design Scriptegrator Plugin Multiple File Inclusion

February 23rd, 2010
Comments Off

Application: Joomla!
Affected Version: version 1.4.1 and other versions.
Vendor’s URL: Core Design Scriptegrator Plugin
Bug Type: File Inclusion
Risk Level: Critical

Solution:
Edit the source code to ensure that input is properly sanitised.

Content Management, File Inclusion

Joomla RWCards Component “controller” File Inclusion

February 23rd, 2010
Comments Off

Application: Joomla
Affected Version: version 3.0.18 and other versions.
Vendor’s URL: RWCards Component
Bug Type: File Inclusion
Risk Level: Critical

Solution:
Edit the source code to ensure that input is properly sanitised.

Content Management, File Inclusion

Joomla Webee Comments Component “articleId” SQLi

February 23rd, 2010
Comments Off

Application: Joomla
Affected Version: version 2.0 and other versions.
Vendor’s URL: Webee Comments Component
Bug Type: SQL Injection
Risk Level: Critical

Solution:
Edit the source code to ensure that input is properly sanitised.

Content Management, SQL Injection

Joomla JQuarks Component “id” SQLi

February 23rd, 2010
Comments Off

Application: Joomla
Affected Version: version 0.2.3 and other versions.
Vendor’s URL: JQuarks Component
Bug Type: SQL Injection
Risk Level: Critical

Solution:
Update to version 0.2.4 or later.

Content Management, SQL Injection

Joomla AllVideos Plugin “file” Information Disclosure

February 23rd, 2010
Comments Off

Application: Joomla
Affected Version: version 3.1
Vendor’s URL: AllVideos Plugin
Bug Type: Information Disclosure
Risk Level: Critical

Solution:
Update to version 3.3 or later.

Content Management, Information Disclosure

Drupal Graphviz Filter Module Arbitrary Command Execution

February 23rd, 2010
Comments Off

Application: Drupal
Affected Version: versions prior to 6.x-1.6 and 5.x-1.3.
Vendor’s URL: Graphviz Filter Module
Bug Type: Command Execution
Risk Level: Critical

Solution:
If you use Graphviz Filter 6.x-1.x, upgrade to Graphviz Filter 6.x-1.6.
If you use Graphviz Filter 5.x-1.x, upgrade to Graphviz Filter 5.x-1.3.

Content Management, Remote Command Execution

odlican.net CMS Arbitrary File Upload

February 23rd, 2010
Comments Off

Application: odlican.net CMS
Affected Version: version 1.5.
Vendor’s URL: odlican.net CMS
Bug Type: File Inclusion
Risk Level: Critical

Solution:
Reportedly fixed in version 1.6.

Content Management, File Inclusion

Joomla Productbook Component “id” SQLi

February 23rd, 2010
Comments Off

Application: Joomla
Affected Version: version 1.0.4
Vendor’s URL: Productbook Component
Bug Type: SQL Injection
Risk Level: Critical

Solution:
Edit the source code to ensure that input is properly sanitised.

Content Management, SQL Injection

Joomla JEvents Search Plugin SQLi

February 23rd, 2010
Comments Off

Application: Joomla
Affected Version: versions prior to 1.5.3b
Vendor’s URL: JEvents Search Plugin
Bug Type: SQL Injection
Risk Level: Critical

Solution:
Update to version 1.5.3b or later.

Content Management, SQL Injection

Joomla! jVideoDirect Component “v” SQLi

February 23rd, 2010
Comments Off

Application: Joomla!
Affected Version: version 1.1RC3b and other versions.
Vendor’s URL: jVideoDirect Component
Bug Type: SQL Injection
Risk Level: Critical

Solution:
Edit the source code to ensure that input is properly sanitised.

Content Management, SQL Injection

Joomla! Documents Seller Component “category_id” SQLi

February 23rd, 2010
Comments Off

Application: Joomla!
Affected Version: version 2.5.1 and other versions.
Vendor’s URL: Documents Seller Component
Bug Type: SQL Injection
Risk Level: Critical

Solution:
Filter malicious characters and character sequences using a proxy.

Content Management, SQL Injection

Joomla! JE Event Calendars Component “event_id” SQLi

February 23rd, 2010
Comments Off

Application: Joomla
Affected Version: version 1.0
Vendor’s URL: JE Event Calendars Component
Bug Type: SQL Injection
Risk Level: Critical

Solution:
Edit the source code to ensure that input is properly sanitised.

Content Management, SQL Injection

Joomla ccNewsletter Component “controller” File Inclusion

February 23rd, 2010
Comments Off

Application: Joomla
Affected Version: version 1.0.5
Vendor’s URL: ccNewsletter Component
Bug Type: File Inclusion
Risk Level: Critical

Solution:
Update to version 1.0.6.

Content Management, File Inclusion