Archive

Archive for February, 2011

WordPress cdnvote Plugin “cdn_vote_postid” / “cdnvote_point” SQL Injection

February 24th, 2011
Comments Off

Application: WordPress
Affected Version: version 0.4.1 and other versions
Vendor’s URL: cdnvote Plugin
Bug Type: SQL Injection
Risk Level: Critical

Solution:
Edit the source code to ensure that input is properly sanitised.

Content Management, SQL Injection

WordPress Comment Rating Plugin “id” SQL Injection

February 24th, 2011
Comments Off

Application: WordPress
Affected Version: version 2.9.23 and prior versions
Vendor’s URL: Comment Rating Plugin
Bug Type: SQL Injection
Risk Level: Critical

Solution:
Update to version 2.9.24.

Content Management, SQL Injection

Joomla! JCE Component Arbitrary File Upload

February 24th, 2011
Comments Off

Application: Joomla!
Affected Version: versions prior to 1.5.7.7
Vendor’s URL: JCE Component
Bug Type: File Upload
Risk Level: Critical

Solution:
Update to version 1.5.7.7.

Content Management, File Inclusion

Joomla! People Component SQL Injection

February 24th, 2011
Comments Off

Application: Joomla!
Affected Version: versions prior to 1.0.1.
Vendor’s URL: People Component
Bug Type: SQL Injection
Risk Level: Critical

Solution:
Update to version 1.0.1.

Content Management, SQL Injection

Joomla! Kunena Component “catids” SQL Injection

February 24th, 2011
Comments Off

Application: Joomla!
Affected Version: version 1.6.2 and other version
Vendor’s URL: Kunena Component
Bug Type: SQL Injection
Risk Level: Critical

Solution:
Update to version 1.6.3.

Content Management, SQL Injection

WordPress WP Forum Server Plugin “id” and “search_max” SQL Injection

February 24th, 2011
Comments Off

Application: WordPress
Affected Version: version 1.6.1 and other versions
Vendor’s URL: WP Forum Server Plugin
Bug Type: SQL Injection
Risk Level: Critical

Solution:
Edit the source code to ensure that input is properly sanitised.

Content Management, SQL Injection

WordPress Enable Media Replace Plugin Multiple Vulnerabilities

February 24th, 2011
Comments Off

Application: WordPress Enable Media Replace Plugin
Affected Version: version 2.3 and other versions.
Vendor’s URL: Enable Media Replace Plugin
Bug Type: SQL Injection and System Bypass
Risk Level: Critical

Solution:
Edit the source code to ensure that input is properly sanitised. Grant the “Author” role to trusted users only.

Access Bypass, Content Management, SQL Injection

Drupal Droptor Module SQL Injection

February 24th, 2011
Comments Off

Application: Drupal
Affected Version: versions prior to 6.x-2.8.
Vendor’s URL: Droptor Module
Bug Type: SQL Injection
Risk Level: Critical

Solution:
Update to version 6.x-2.8 or later.

Content Management, SQL Injection

Serendipity Xinha Cross-Site Scripting and File Upload

February 24th, 2011
Comments Off

Application: Serendipity
Affected Version: bundled version of Xinha.
Vendor’s URL: Serendipity Xinha
Bug Type: Cross-Site Scripting and File Upload
Risk Level: Critical

Solution:
Update to version 1.5.5.
Original Advisory

http://blog.s9y.org/archives/224-Important-Security-Update-Serendipity-1.5.5-released.html

Content Management, Cross Site Scripting, File Inclusion

VirtueMart “search_category” SQL Injection

February 24th, 2011
Comments Off

Application: VirtueMart
Affected Version: version 1.1.6 and other versions.
Vendor’s URL: VirtueMart
Bug Type: SQL Injection
Risk Level: Critical

Solution:
Apply patch.

E-Commerce, SQL Injection

Simple Web Content Management System Two Vulnerabilities

February 24th, 2011
Comments Off

Application: Simple Web Content Management System
Affected Version: version downloaded on 2011-02-01 and other versions.
Vendor’s URL: Simple Web Content Management System
Bug Type: Security Bypass and SQL Injection
Risk Level: Critical

Solution:
Edit the source code to ensure that input is properly sanitised. Restrict access to admin/item_delete.php (e.g. via .htaccess).

Access Bypass, Content Management, SQL Injection

Joomla! Frontend-User-Access “controller” Local File Inclusion

February 24th, 2011
Comments Off

Application: Joomla!
Affected Version: version 3.4.1
Vendor’s URL: Frontend-User-Access
Bug Type: File Inclusion
Risk Level: Critical

Solution:
Update to version 3.4.2.

Content Management, File Inclusion