Archive

Archive for June, 2010

Moodle Multiple Vulnerabilities

June 21st, 2010
Comments Off

Application: Moodle
Affected Version:
Vendor’s URL: Moodle
Bug Type: Cross Site Scripting
Risk Level: Medium

Solution:
Update to version 1.8.13 or 1.9.9 or apply patches (see vendor’s advisories for details).

Content Management, Cross Site Scripting

Drupal Ubercart MIGS Module Security Issue

June 21st, 2010
Comments Off

Application: Drupal
Affected Version: versions prior to 6.x-1.2.
Vendor’s URL: Ubercart MIGS Module
Bug Type: Security Bypass
Risk Level: Critical

Solution:
Update to version 6.x-1.2 or later.

Access Bypass, Content Management

Drupal Ogone | Ubercart Module Security Bypass

June 21st, 2010
Comments Off

Application: Drupal
Affected Version: versions prior to 5.x-1.6 and 6.x-1.5.
Vendor’s URL: Ogone | Ubercart Module
Bug Type: Security Bypass
Risk Level: Critical

Solution:
Update to version 5.x-1.6 or later, or 6.x-1.5 or later.

Access Bypass, Content Management

CubeCart “shipKey” SQLi

June 21st, 2010
Comments Off

Application: CubeCart
Affected Version: CubeCart 4.3.9 and other versions.
Vendor’s URL: CubeCart
Bug Type: SQL Injection
Risk Level:

Solution:
Update to CubeCart 4.4.0 or greater.

E-Commerce, SQL Injection

Joomla My Car Component Two Vulnerabilities

June 21st, 2010
Comments Off

Application: Joomla
Affected Version: version 1.0 and other versions.
Vendor’s URL: My Car Component
Bug Type: Cross Site Scripting
Risk Level: Critical

Solution:
Edit the source code to ensure that input is properly sanitised.

Content Management, Cross Site Scripting

Joomla BF Quiz Component “catid” SQLi

June 21st, 2010
Comments Off

Application: Joomla
Affected Version: version 1.3.0 and other versions
Vendor’s URL: BF Quiz Component
Bug Type: SQL Injection
Risk Level: Critical

Solution:
Update to version 1.3.1.

Content Management, SQL Injection

osCommerce Visitor Web Stats Module “Accept-Language” SQLi

June 21st, 2010
Comments Off

Application: osCommerce
Affected Version: version 3.2.1 and other versions.
Vendor’s URL: Visitor Web Stats Module
Bug Type: SQL Injection
Risk Level: Critical

Solution:
Edit the source code to ensure that input is properly sanitised.

E-Commerce, SQL Injection

MultiShop CMS SQL Injection

June 21st, 2010
Comments Off

Application: MultiShop CMS
Affected Version:
Vendor’s URL: MultiShop CMS
Bug Type: SQL Injection
Risk Level: Critical

Solution:
Filter malicious characters and character sequences using a proxy.

Content Management, SQL Injection

Drupal AddonChat Module Security Bypass and Script Insertion

June 21st, 2010
Comments Off

Application: Drupal
Affected Version: versions prior to 6.x-1.2.
Vendor’s URL: AddonChat Module
Bug Type: Security Bypass and Cross Site Scripting
Risk Level: Critical

Solution:
Update to version 6.x-1.2.

Access Bypass, Content Management, Cross Site Scripting