Archive

Archive for March, 2011

Joomla! BookLibrary Component “searchtext” SQL Injection

March 28th, 2011
Comments Off

Application: Joomla!
Affected Version: version 2.0 and other version
Vendor’s URL: BookLibrary Component
Bug Type: SQL Injection
Risk Level: Critical

Solution:
The vendor has released an updated version 2.0, which fixes the vulnerability.

Content Management, SQL Injection

WordPress PHP Speedy Plugin Cross-Site Scripting and Remote File Inclusion

March 28th, 2011
Comments Off

Application: WordPress
Affected Version: version 0.5.2 and other versions.
Vendor’s URL: PHP Speedy Plugin
Bug Type: Cross-Site Scripting and Remote File Inclusion
Risk Level: Critical

Solution:
Edit the source code to ensure that input is properly sanitised and verified.

Content Management, Cross Site Scripting, SQL Injection

WordPress BackWPup Plugin “wpabs” Two Remote File Inclusion

March 28th, 2011
Comments Off

Application: WordPress
Affected Version: version 1.5.2 and other versions
Vendor’s URL: BackWPup Plugin
Bug Type: File Inclusion
Risk Level: Critical

Solution:
Edit the source code to ensure that input is properly verified.

Content Management, File Inclusion

WordPress WP Forum Multiple SQL Injection

March 28th, 2011
Comments Off

Application: WordPress
Affected Version: version 1.7.8 and other versions.
Vendor’s URL: WP Forum
Bug Type: SQL Injection
Risk Level: Critical

Solution:
Edit the source code to ensure that input is properly sanitised.

Content Management, SQL Injection

Joomla! XCloner Component “config” Local File Inclusion

March 28th, 2011
Comments Off

Application: Joomla!
Affected Version: versions 3.0.4 and 2.2 and other versions.
Vendor’s URL: XCloner Component
Bug Type: File Inclusion
Risk Level: Critical

Solution:
Edit the source code to ensure that input is properly verified.

Content Management, File Inclusion

Joomla! Xmap Component Compromised Source Packages Backdoor Security

March 28th, 2011
Comments Off

Application: Joomla!
Affected Version: from February 21st, 2011 to February 23rd, 2011 in version 1.2.10.
Vendor’s URL: Xmap Component
Bug Type: Packages compromise
Risk Level: Critical

Solution:
Updated to a fixed version 1.2.10 or later.

Content Management

WordPress jQuery Mega Menu Widget Plugin “skin” File Disclosure

March 28th, 2011
Comments Off

Application: WordPress
Affected Version: version 1.0 and other versions.
Vendor’s URL: jQuery Mega Menu Widget Plugin
Bug Type: File Disclosure
Risk Level: Critical

Solution:
Update to version 1.1.

Content Management, Information Disclosure

WordPress OPS Old Post Spinner Plugin “ops_file” File Disclosure

March 28th, 2011
Comments Off

Application: WordPress
Affected Version: version 2.2.1 and other version
Vendor’s URL: OPS Old Post Spinner Plugin
Bug Type: File Disclosure
Risk Level: Critical

Solution:
Edit the source code to ensure that input is properly verified.

Content Management, Information Disclosure

WordPress IWantOneButton Plugin “post_id” Cross-Site Scripting and SQL Injection

March 28th, 2011
Comments Off

Application: WordPress
Affected Version: version 3.0.1
Vendor’s URL: IWantOneButton Plugin
Bug Type: Cross-Site Scripting and SQL Injection
Risk Level: Critical

Solution:
Edit the source code to ensure that input is properly sanitised.

Content Management, Cross Site Scripting, SQL Injection