Application: Joomla
Affected Version: version 1.0.1 and other versions.
Vendor’s URL: JE Ajax Event Calendar Component
Bug Type: File Inclusion
Risk Level: Critical
Solution:
Edit the source code to ensure that input is properly verified.
Content Management, File Inclusion
Application: WordPress
Affected Version: versions prior to 4.1.3.
Vendor’s URL: Simple:Press Plugin
Bug Type: Security Bypass and System access
Risk Level: Critical
Solution:
Update to version 4.1.3 or later.
Access Bypass, Content Management
Application: Drupal
Affected Version: versions prior to 6.x-2.1.
Vendor’s URL: WordPress Import Module
Bug Type: File Upload
Risk Level: Critical
Solution:
Update to version 6.x-2.1.
Content Management, File Inclusion
Application: Drupal
Affected Version: versions prior to 6.x-3.4.
Vendor’s URL: Panels Module
Bug Type: Code Execution
Risk Level: Critical
Solution:
Update to version 6.x-3.4.
Content Management, Remote Command Execution
Application: Drupal
Affected Version: versions prior to 6.x-1.4.
Vendor’s URL: Chaos Tool Suite Module
Bug Type: Cross Site Scripting and Access Bypass
Risk Level: Critical
Solution:
Update to version 6.x-1.4
Content Management, Cross Site Scripting
Application: Drupal
Affected Version: versions prior to 6.x-4.9.
Vendor’s URL: Heartbeat Module
Bug Type: Cross Site Scripting
Risk Level: Critical
Solution:
Update to Heartbeat 6.x-4.9.
Content Management, Cross Site Scripting
Application: MigasCMS
Affected Version: version 1.1 and other versions.
Vendor’s URL: MigasCMS
Bug Type: SQL Injection
Risk Level: Critical
Solution:
Edit the source code to ensure that input is properly sanitised.
Content Management, SQL Injection
Application: Joomla
Affected Version: version 1.0.0 and other versions.
Vendor’s URL: Konsultasi Component
Bug Type: SQL Injection
Risk Level: Critical
Solution:
Edit the source code to ensure that input is properly sanitised.
Content Management, SQL Injection
Application: Invision Power Board
Affected Version: version 3.0.5
Vendor’s URL: Invision Power Board
Bug Type: Information Disclosure
Risk Level: Critical
Solution:
Apply the patch.
Discussion Boards, Information Disclosure
Application: Invision Power Board
Affected Version: version 2.3.6 and 3.0.5
Vendor’s URL: Invision Power Board
Bug Type: Cross Site Scripting
Risk Level: Critical
Solution:
Apply the patch.
Original Advisory:
http://community.invisionpower.com/topic/306221-ipboard-236-and-305-security-update/
Cross Site Scripting, Discussion Boards
Application: Drupal
Affected Version: versions prior to 6.x-1.1.
Vendor’s URL: CiviRegister Module
Bug Type: Cross Site Scripting
Risk Level: Critical
Solution:
Update to version 6.x-1.1.
Content Management, Cross Site Scripting
Application: Joomla
Affected Version: version 1.1 and other versions.
Vendor’s URL: Camp26 VisitorData Module
Bug Type: Command Injection
Risk Level: Critical
Solution:
Edit the source code to ensure that input is properly sanitised.
Content Management, Remote Command Execution
Application: CF Image Host
Affected Version: version 1.1 and other versions.
Vendor’s URL: CF Image Host
Bug Type: File Upload
Risk Level: Critical
Solution:
Update to version 1.1.1.
File Inclusion
Application: Drupal
Affected Version: versions prior to 6.x-3.3.
Vendor’s URL: FileField Module
Bug Type: File Upload
Risk Level: Critical
Solution:
Update to version 6.x-3.3 or later.
Content Management, File Inclusion
Application: Joomla!
Affected Version: version 0.9.1
Vendor’s URL: DJ-Classifieds Component
Bug Type: Cross Site Scripting and File Upload
Risk Level: Critical
Solution:
Grant only trusted users access to the affected component.
Content Management, Cross Site Scripting, File Inclusion
Application: Joomla
Affected Version: version 1.1.7 and other versions.
Vendor’s URL: ABC Component
Bug Type: SQL Injection
Risk Level: Critical
Solution:
Edit the source code to ensure that input is properly sanitised.
Content Management, SQL Injection