Archive

Archive for September, 2010

ASP.NET Security Vulnerability

September 30th, 2010
Comments Off

Application: ASP.NET
Affected Version: All Microsoft .NET Framework
Vendor’s URL: Microsoft .NET Framework
Bug Type: Information Disclosure
Risk Level: Critical

Solution:
Windows Update or Download Patch
http://www.microsoft.com/technet/security/bulletin/MS10-070.mspx

Information Disclosure

Joomla JE Guestbook Component Multiple Vulnerabilities

September 30th, 2010
Comments Off

Application: Joomla
Affected Version: version 1.0 and other versions.
Vendor’s URL: JE Guestbook Component
Bug Type: SQL Injection
Risk Level: Critical

Solution:
Edit the source code to ensure that input is properly sanitised and verified.

SQL Injection

PBBoard Multiple Vulnerabilities

September 30th, 2010
Comments Off

Application: PBBoard
Affected Version: version 2.1.1 and other versions.
Vendor’s URL: PBBoard
Bug Type: Cross Site Scripting and SQL Injection
Risk Level: Critical

Solution:
Edit the source code to ensure that input is properly sanitised and uploaded file types are securely validated.

Cross Site Scripting, Discussion Boards, SQL Injection

Joomla! TimeTrack Component “ct_id” SQLi

September 30th, 2010
Comments Off

Application: Joomla!
Affected Version: version 1.2.3 and other versions.
Vendor’s URL: TimeTrack Component
Bug Type: SQL Injection
Risk Level: Critical

Solution:
Update to version 1.2.5

Content Management, SQL Injection

Joomla! K2 Component Multiple Script Insertion

September 30th, 2010
Comments Off

Application: Joomla!
Affected Version: versions prior to 2.4.
Vendor’s URL: K2 Component
Bug Type: Cross Site Scripting
Risk Level: Critical

Solution:
Update to version 2.4 or greater.

Content Management, Cross Site Scripting

Joomla Mosets Tree Component Image File Upload

September 30th, 2010
Comments Off

Application: Joomla
Affected Version: versions prior to 2.1.6.
Vendor’s URL: Mosets Tree Component
Bug Type: File Upload
Risk Level: Critical

Solution:
Update to version 2.1.6.

Content Management, File Inclusion

Joomla Comlantis Visitors Google Map Module “lastMarkerID” SQLi

September 30th, 2010
Comments Off

Application: Joomla
Affected Version: version 1.0.1 Lite and other versions.
Vendor’s URL: Comlantis Visitors Google Map Module
Bug Type: SQL Injection
Risk Level: Critical

Solution:
Edit the source code to ensure that input is properly sanitised.

Content Management, SQL Injection

WordPress Events Manager Extended Plugin Script Insertion

September 30th, 2010
Comments Off

Application: WordPress
Affected Version: version 3.1.2 and others
Vendor’s URL: Events Manager Extended Plugin
Bug Type: Cross Site Scripting
Risk Level: Critical

Solution:
Edit the source code to ensure that input is properly sanitised.

Content Management, Cross Site Scripting

Joomla! Aardvertiser Component “cat_name” SQLi

September 30th, 2010
Comments Off

Application: Joomla!
Affected Version: version 2.1.1 and other versions.
Vendor’s URL: Aardvertiser Component
Bug Type: SQL Injection
Risk Level: Critical

Solution:
Edit the source code to ensure that input is properly sanitised.

Content Management, SQL Injection

Joomla! Clantools Component “squad” SQLi

September 30th, 2010
Comments Off

Application: Joomla!
Affected Version: version 1.5 and other versions.
Vendor’s URL: Clantools Component
Bug Type: SQL Injection
Risk Level: Critical

Solution:
Apply patch.

Content Management, SQL Injection

MicroNetSoft Rental Property Management Website “ad_ID” SQLi

September 30th, 2010
Comments Off

Application: MicroNetSoft Rental Property Management Website
Affected Version:
Vendor’s URL: MicroNetSoft Rental Property Management Website
Bug Type: SQL Injection
Risk Level: Critical

Solution:
Edit the source code to ensure that input is properly sanitised.

Content Management, SQL Injection

Joomla! Clantools Component Two SQLi

September 30th, 2010
Comments Off

Application: Joomla!
Affected Version: version 1.2.3 and others.
Vendor’s URL: Clantools Component
Bug Type: SQL Injection
Risk Level: Critical

Solution:
Update to version 1.2.4.

Content Management, SQL Injection

Joomla! JE FAQ Pro Component “catid” SQLi

September 30th, 2010
Comments Off

Application: Joomla!
Affected Version: version 1.5.0 and other versions.
Vendor’s URL: JE FAQ Pro Component
Bug Type: SQL Injection
Risk Level: Critical

Solution:
version 1.5.0

Content Management, SQL Injection

Joomla! PicSell Component “dflink” File Disclosure

September 30th, 2010
Comments Off

Application: Joomla!
Affected Version: version 1.0 and other versions.
Vendor’s URL: PicSell Component
Bug Type: File Disclosure
Risk Level: Critical

Solution:
Edit the source code to ensure that input is properly verified.

Content Management, Information Disclosure

GaleriaSHQIP “album_id” SQLi

September 30th, 2010
Comments Off

Application: GaleriaSHQIP
Affected Version: version 1.0 and other versions.
Vendor’s URL: GaleriaSHQIP
Bug Type: SQL Injection
Risk Level: Critical

Solution:
Edit the source code to ensure that input is properly sanitised.

Image Galleries, SQL Injection

Prometeo CMS “ID” SQLi

September 30th, 2010
Comments Off

Application: Prometeo CMS
Affected Version: version 1.0.65 and other versions.
Vendor’s URL: Prometeo CMS
Bug Type: SQL Injection
Risk Level: Critical

Solution:
Edit the source code to ensure that input is properly sanitised.

Content Management, SQL Injection

Joomla! / Mambo Remository Component Arbitrary File Upload

September 30th, 2010
Comments Off

Application: Joomla! / Mambo
Affected Version: version 3.53.5J
Vendor’s URL: Remository Component
Bug Type: File Upload
Risk Level: Critical

Solution:
Update to version 3.53.7J.

Content Management, File Inclusion