Archive

Archive for March, 2010

Drupal Mime Mail Module Arbitrary Code Execution

March 26th, 2010
Comments Off

Application: Drupal
Affected Version: versions prior to 5.x-1.1.
Vendor’s URL: Mime Mail Module
Bug Type: Code Execution
Risk Level: Critical

Solution:
Update to version 5.x-1.1.
http://drupal.org/node/752166

Content Management, Remote Command Execution

Joomla! JE Form Creator Component “view” Local File Inclusion

March 26th, 2010
Comments Off

Application: Joomla
Affected Version:
Vendor’s URL: JE Form Creator Component
Bug Type: Local File Inclusion
Risk Level: Critical

Solution:
Edit the source code to ensure that input is properly verified.

Content Management, File Inclusion

Drupal Email Input Filter Module PHP Code Execution

March 26th, 2010
Comments Off

Application: Drupal
Affected Version: versions prior to 6.x-1.1.
Vendor’s URL: Email Input Filter Module
Bug Type: Code Execution
Risk Level: Critical

Solution:
Update to version 6.x-1.1 or later.

Content Management, Remote Command Execution

Joomla JuliaPortfolio Component “controller” File Inclusion

March 26th, 2010
Comments Off

Application: Joomla
Affected Version: version 1.3.3 and other versions.
Vendor’s URL: JuliaPortfolio Component
Bug Type: File Inclusion
Risk Level: Critical

Solution:
Update to version 2.1 or later.

Content Management, File Inclusion

Joomla Ninja RSS Syndicator File Inclusion

March 26th, 2010
Comments Off

Application: Joomla
Affected Version: version 1.0.8 and other versions.
Vendor’s URL: Ninja RSS Syndicator
Bug Type: File Inclusion
Risk Level: Critical

Solution:
Update to version 1.0.9.

Content Management, File Inclusion

Joomla GCalendar Component “controller” File Inclusion

March 26th, 2010
Comments Off

Application: Joomla
Affected Version: version 2.1.5 and other versions.
Vendor’s URL: GCalendar Component
Bug Type: File Inclusion
Risk Level: Critical

Solution:
Edit the source code to ensure that input is properly sanitised.

Content Management, File Inclusion

PHP Classifieds “bid” SQLi

March 26th, 2010
Comments Off

Application: PHP Classifieds
Affected Version: version 7.5 and other versions.
Vendor’s URL: PHP Classifieds
Bug Type: SQL Injection
Risk Level: Critical

Solution:
Edit the source code to ensure that input is properly sanitised.

SQL Injection

phpBB Feed Permissions Security Issue

March 26th, 2010
Comments Off

Application: phpBB
Affected Version: version 3.0.7.
Vendor’s URL: phpBB
Bug Type: Security Bypass
Risk Level: version 3.0.7.

Solution:
Update to version 3.0.7PL1 or later.

Access Bypass, Discussion Boards

Joomla MyBlog Component “task” File Inclusion

March 26th, 2010
Comments Off

Application: Joomla
Affected Version: version 3.0.329 and other versions.
Vendor’s URL: MyBlog Component
Bug Type: File Inclusion
Risk Level: Critical

Solution:
Edit the source code to ensure that input is properly sanitised.

Content Management, File Inclusion

Drupal Internationalization Module Arbitrary Code Execution

March 26th, 2010
Comments Off

Application: Drupal
Affected Version: versions prior to 6.x-1.3 and 5.x-2.6.
Vendor’s URL: Internationalization Module
Bug Type: Code Execution
Risk Level: Critical

Solution:
Internationalization 6.x:

http://drupal.org/node/731590

Internationalization 5.x:

http://drupal.org/node/731586

Content Management, Remote Command Execution

Joomla SQL Reports Component “user_id” SQLi

March 26th, 2010
Comments Off

Application: Joomla
Affected Version: version 1.1 and other version.
Vendor’s URL: SQL Reports Component
Bug Type: SQL Injection
Risk Level: Critical

Solution:
Edit the source code to ensure that input is properly sanitised.

Content Management, SQL Injection