Archive

Archive for April, 2010

Joomla! Portfolio Component Command Injection and File Enumeration

April 23rd, 2010
Comments Off

Application: Joomla!
Affected Version: version 2.0.2 and other versions.
Vendor’s URL: Portfolio Component
Bug Type: Command Injection and File Enumeration
Risk Level: Critical

Solution:
Edit the source code to ensure that input is properly sanitised.

Content Management

Joomla! AWDwall Components SQL Injection and Local File Inclusion

April 23rd, 2010
Comments Off

Application: Joomla!
Affected Version: versions prior to 1.5.5.
Vendor’s URL: AWDwall Components
Bug Type: SQL Injection and Local File Inclusion
Risk Level: Critical

Solution:
Update to version 1.5.5.

Content Management, File Inclusion, SQL Injection

CMS SiteLogic Cross-Site Scripting and SQLi

April 23rd, 2010
Comments Off

Application: CMS SiteLogic
Affected Version:
Vendor’s URL: CMS SiteLogic
Bug Type: Cross-Site Scripting and SQL Injection
Risk Level: Critical

Solution:
Edit the source code to ensure that input is properly sanitised.

Content Management, Cross Site Scripting, SQL Injection

Joomla S5 Clan Roster Component Two File Inclusion

April 23rd, 2010
Comments Off

Application: Joomla
Affected Version:
Vendor’s URL: S5 Clan Roster Component
Bug Type: File Inclusion
Risk Level: Critical

Solution:
Edit the source code to ensure that input is properly verified.

Content Management, File Inclusion

Joomla JA JobBoard Component Two File Inclusion

April 23rd, 2010
Comments Off

Application: Joomla
Affected Version: version 1.4.4 and other versions.
Vendor’s URL: JA JobBoard Component
Bug Type: File Inclusion
Risk Level: Critical

Solution:
Edit the source code to ensure that input is properly verified.

Content Management, File Inclusion

Drupal Views Module Arbitrary Code Execution

April 23rd, 2010
Comments Off

Application: Drupal Views Module Arbitrary Code Execution
Affected Version: versions prior to 6.x-2.9 and 5.x-1.7.
Vendor’s URL: Views Module
Bug Type: Code Execution
Risk Level: Critical

Solution:
Update to the latest version.

Access Bypass, Content Management

14 Joomla! Components SQL Injection Vulnerability

April 23rd, 2010
Comments Off

8 Joomla! Components “view” Local File Inclusion Vulnerability

April 23rd, 2010
Comments Off

50 Joomla Components “controller” File Inclusion Vulnerability

April 23rd, 2010
Comments Off

Application: Joomla!
Affected Version:
Vendor’s URL:
Joomla DW Graph Component
Joomla! Picasa Component
Joomla! Magic Updater Component
Joomla! SVMap Component
Joomla! JInventory Component
Joomla! Shoutbox Pro Component
Joomla! J!WHMCS Integrator Component
Joomla! Jukebox Component
Joomla Flickr
Joomla! Highslide JS Component
Joomla! Datafeeds Component
Joomla! VJDEO Component
Joomla webERPcustomer Component
Joomla! User Status Component
Joomla PowerMail Pro Component
Joomla TRAVELbook Component
Joomla tweetLA Component
Joomla Jfeedback Component
Joomla Jproject Manager Component
Joomla Preventive & Reservation Component
Joomla! Sweety Keeper Component
Joomla Web TV Component
Joomla Daily Horoscope Component
Joomla Online Flash Games Component
Joomla Memory Book Component
Joomla Online Market Component
Joomla AddressBook Component
Joomla CV Maker Component
Joomla Easy Ad Banner Component
Joomla! World Rates Component
Joomla Arcade Games Component
Joomla Online Exam Component
Joomla My Files Component
Joomla Digital Diary Component
Joomla JoomMail Component
Joomla wgPicasa Component
Joomla MT Fire Eagle Component
Joomla Love Factory Component
Joomla Deluxe Blog Factory Component
Joomla Gadget Factory Component
Joomla Archery Scores Component
Joomla Matamko Component
Joomla iF surfALERT Component
Joomla iNetLanka Google Component
Joomla iNetLanka Drawroot Component
Joomla! iNetLanka Multiple map Component
Joomla! iNetLanka Multiple root Component
Joomla BeeHeard Component
Joomla MMS Blog Component
Joomla! Webmoney WMI Component

Bug Type: File Inclusion
Risk Level: Critical

Solution:
Edit the source code to ensure that input is properly verified.
Update the component to the latest fixed version.

Content Management, File Inclusion