Archive

Archive for October, 2010

Joomla! JomSocial Component Arbitrary File Upload

October 28th, 2010
Comments Off

Application: Joomla!
Affected Version: version 1.8.8 and other versions.
Vendor’s URL: JomSocial Component
Bug Type: File Inclusion
Risk Level: Critical

Solution:
Reportedly, an update to version 1.8.9 fixes the vulnerability.

Content Management, File Inclusion

Joomla! JE Directory Component “catid” SQL Injection

October 28th, 2010
Comments Off

Application: Joomla!
Affected Version: version 1.0 and other versions.
Vendor’s URL: JE Directory Component
Bug Type: SQL Injection
Risk Level: Critical

Solution:
Edit the source code to ensure that input is properly sanitised.

Content Management, SQL Injection

DeluxeBB “xthedateformat” SQL Injection

October 28th, 2010
Comments Off

Application: DeluxeBB
Affected Version: version 1.3 and other versions.
Vendor’s URL: DeluxeBB
Bug Type: SQL Injection
Risk Level: Critical

Solution:
Apply patch

Discussion Boards, SQL Injection

Joomla! Community Builder Enhanced Component”tabname” Local File Inclusion

October 28th, 2010
Comments Off

Application: Joomla!
Affected Version: version 1.4.8, 1.4.9, and 1.4.10 and other versions.
Vendor’s URL: Community Builder Enhanced Component
Bug Type: File Inclusion
Risk Level: Critical

Solution:
Update to version 1.4.11.

Content Management, File Inclusion

Joomla! JS Calendar Component Multiple Vulnerabilities

October 28th, 2010
Comments Off

Application: Joomla!
Affected Version: version 1.5.4
Vendor’s URL: JS Calendar Component
Bug Type: Cross Site Scripting and SQL Injection
Risk Level: Critical

Solution:
Edit the source code to ensure that input is properly sanitised.

Content Management, Cross Site Scripting, SQL Injection