Application: ASP.NET
Affected Version: All Microsoft .NET Framework
Vendor’s URL: Microsoft .NET Framework
Bug Type: Information Disclosure
Risk Level: Critical
Solution:
Windows Update or Download Patch
http://www.microsoft.com/technet/security/bulletin/MS10-070.mspx
Information Disclosure
Application: Joomla
Affected Version: version 1.0 and other versions.
Vendor’s URL: JE Guestbook Component
Bug Type: SQL Injection
Risk Level: Critical
Solution:
Edit the source code to ensure that input is properly sanitised and verified.
SQL Injection
Application: PBBoard
Affected Version: version 2.1.1 and other versions.
Vendor’s URL: PBBoard
Bug Type: Cross Site Scripting and SQL Injection
Risk Level: Critical
Solution:
Edit the source code to ensure that input is properly sanitised and uploaded file types are securely validated.
Cross Site Scripting, Discussion Boards, SQL Injection
Application: Joomla!
Affected Version: version 1.2.3 and other versions.
Vendor’s URL: TimeTrack Component
Bug Type: SQL Injection
Risk Level: Critical
Solution:
Update to version 1.2.5
Content Management, SQL Injection
Application: Joomla!
Affected Version: versions prior to 2.4.
Vendor’s URL: K2 Component
Bug Type: Cross Site Scripting
Risk Level: Critical
Solution:
Update to version 2.4 or greater.
Content Management, Cross Site Scripting
Application: Joomla
Affected Version: versions prior to 2.1.6.
Vendor’s URL: Mosets Tree Component
Bug Type: File Upload
Risk Level: Critical
Solution:
Update to version 2.1.6.
Content Management, File Inclusion
Application: Joomla
Affected Version: version 1.0.1 Lite and other versions.
Vendor’s URL: Comlantis Visitors Google Map Module
Bug Type: SQL Injection
Risk Level: Critical
Solution:
Edit the source code to ensure that input is properly sanitised.
Content Management, SQL Injection
Application: WordPress
Affected Version: version 3.1.2 and others
Vendor’s URL: Events Manager Extended Plugin
Bug Type: Cross Site Scripting
Risk Level: Critical
Solution:
Edit the source code to ensure that input is properly sanitised.
Content Management, Cross Site Scripting
Application: Joomla!
Affected Version: version 2.1.1 and other versions.
Vendor’s URL: Aardvertiser Component
Bug Type: SQL Injection
Risk Level: Critical
Solution:
Edit the source code to ensure that input is properly sanitised.
Content Management, SQL Injection
Application: Joomla!
Affected Version: version 1.5 and other versions.
Vendor’s URL: Clantools Component
Bug Type: SQL Injection
Risk Level: Critical
Solution:
Apply patch.
Content Management, SQL Injection
Application: MicroNetSoft Rental Property Management Website
Affected Version:
Vendor’s URL: MicroNetSoft Rental Property Management Website
Bug Type: SQL Injection
Risk Level: Critical
Solution:
Edit the source code to ensure that input is properly sanitised.
Content Management, SQL Injection
Application: Joomla!
Affected Version: version 1.2.3 and others.
Vendor’s URL: Clantools Component
Bug Type: SQL Injection
Risk Level: Critical
Solution:
Update to version 1.2.4.
Content Management, SQL Injection
Application: Joomla!
Affected Version: version 1.5.0 and other versions.
Vendor’s URL: JE FAQ Pro Component
Bug Type: SQL Injection
Risk Level: Critical
Solution:
version 1.5.0
Content Management, SQL Injection
Application: Joomla!
Affected Version: version 1.0 and other versions.
Vendor’s URL: PicSell Component
Bug Type: File Disclosure
Risk Level: Critical
Solution:
Edit the source code to ensure that input is properly verified.
Content Management, Information Disclosure
Application: GaleriaSHQIP
Affected Version: version 1.0 and other versions.
Vendor’s URL: GaleriaSHQIP
Bug Type: SQL Injection
Risk Level: Critical
Solution:
Edit the source code to ensure that input is properly sanitised.
Image Galleries, SQL Injection
Application: Prometeo CMS
Affected Version: version 1.0.65 and other versions.
Vendor’s URL: Prometeo CMS
Bug Type: SQL Injection
Risk Level: Critical
Solution:
Edit the source code to ensure that input is properly sanitised.
Content Management, SQL Injection
Application: Joomla! / Mambo
Affected Version: version 3.53.5J
Vendor’s URL: Remository Component
Bug Type: File Upload
Risk Level: Critical
Solution:
Update to version 3.53.7J.
Content Management, File Inclusion