Exabytes Security Portal » 2010

Application: Drupal
Affected Version: versions prior to 6.x-1.1.
Vendor’s URL: Email Input Filter Module
Bug Type: Code Execution
Risk Level: Critical

Solution:
Update to version 6.x-1.1 or later.

Content Management, Remote Command Execution

Joomla JuliaPortfolio Component “controller” File Inclusion

March 26th, 2010

Comments Off

Application: Joomla
Affected Version: version 1.3.3 and other versions.
Vendor’s URL: JuliaPortfolio Component
Bug Type: File Inclusion
Risk Level: Critical

Solution:
Update to version 2.1 or later.

Content Management, File Inclusion

Joomla Ninja RSS Syndicator File Inclusion

March 26th, 2010

Comments Off

Application: Joomla
Affected Version: version 1.0.8 and other versions.
Vendor’s URL: Ninja RSS Syndicator
Bug Type: File Inclusion
Risk Level: Critical

Solution:
Update to version 1.0.9.

Content Management, File Inclusion

Joomla GCalendar Component “controller” File Inclusion

March 26th, 2010

Comments Off

Application: Joomla
Affected Version: version 2.1.5 and other versions.
Vendor’s URL: GCalendar Component
Bug Type: File Inclusion
Risk Level: Critical

Solution:
Edit the source code to ensure that input is properly sanitised.

Content Management, File Inclusion

PHP Classifieds “bid” SQLi

March 26th, 2010

Comments Off

Application: PHP Classifieds
Affected Version: version 7.5 and other versions.
Vendor’s URL: PHP Classifieds
Bug Type: SQL Injection
Risk Level: Critical

Solution:
Edit the source code to ensure that input is properly sanitised.

SQL Injection

phpBB Feed Permissions Security Issue

March 26th, 2010

Comments Off

Application: phpBB
Affected Version: version 3.0.7.
Vendor’s URL: phpBB
Bug Type: Security Bypass
Risk Level: version 3.0.7.

Solution:
Update to version 3.0.7PL1 or later.

Access Bypass, Discussion Boards

Joomla MyBlog Component “task” File Inclusion

March 26th, 2010

Comments Off

Application: Joomla
Affected Version: version 3.0.329 and other versions.
Vendor’s URL: MyBlog Component
Bug Type: File Inclusion
Risk Level: Critical

Solution:
Edit the source code to ensure that input is properly sanitised.

Content Management, File Inclusion

Drupal Internationalization Module Arbitrary Code Execution

March 26th, 2010

Comments Off

Application: Drupal
Affected Version: versions prior to 6.x-1.3 and 5.x-2.6.
Vendor’s URL: Internationalization Module
Bug Type: Code Execution
Risk Level: Critical

Solution:
Internationalization 6.x:

http://drupal.org/node/731590

Internationalization 5.x:

http://drupal.org/node/731586

Content Management, Remote Command Execution

Joomla SQL Reports Component “user_id” SQLi

March 26th, 2010

Comments Off

Application: Joomla
Affected Version: version 1.1 and other version.
Vendor’s URL: SQL Reports Component
Bug Type: SQL Injection
Risk Level: Critical

Solution:
Edit the source code to ensure that input is properly sanitised.

Content Management, SQL Injection

Archive

Drupal Mime Mail Module Arbitrary Code Execution

Joomla! JE Form Creator Component “view” Local File Inclusion

Drupal Email Input Filter Module PHP Code Execution

Joomla JuliaPortfolio Component “controller” File Inclusion

Joomla Ninja RSS Syndicator File Inclusion

Joomla GCalendar Component “controller” File Inclusion

PHP Classifieds “bid” SQLi

phpBB Feed Permissions Security Issue

Joomla MyBlog Component “task” File Inclusion

Drupal Internationalization Module Arbitrary Code Execution

Joomla SQL Reports Component “user_id” SQLi

Categories

Archives