Application: WordPress
Affected Version: version 1.0.9 and other versions.
Vendor’s URL: Universal Post Manager Plugin
Bug Type: Cross Site Scripting and SQL Injection
Risk Level: Critical
Solution:
Edit the source code to ensure that input is properly sanitised.
Content Management, Cross Site Scripting, SQL Injection
Application: WordPress
Affected Version: version 1.1 and other versions.
Vendor’s URL: WP-StarsRateBox Plugin
Bug Type: Cross-Site Scripting and SQL Injection
Risk Level: Critical
Solution:
Edit the source code to ensure that input is properly sanitised.
Content Management, Cross Site Scripting, SQL Injection
Application: MyBB
Affected Version: version 1.6.2 and version 1.4.15 and other versions.
Vendor’s URL: MyBB
Bug Type: Information Disclosure and SQL Injection
Risk Level: Critical
Solution:
Update to version 1.6.3 or 1.4.16.
Discussion Boards, Information Disclosure, SQL Injection
Application: Joomla!
Affected Version: version 1.6.0 and 1.6.1 and other versions.
Vendor’s URL: Joomla!
Bug Type: Cross Site Scripting, Security Bypass, SQL Injection
Risk Level: Critical
Solution:
Update to version 1.6.2.
Access Bypass, Content Management, Cross Site Scripting, SQL Injection
Application: EZ-Shop
Affected Version: version 1.0.2 and other versions.
Vendor’s URL: EZ-Shop
Bug Type: SQL Injection
Risk Level: Critical
Solution:
Edit the source code to ensure that input is properly sanitised.
E-Commerce, SQL Injection
Application: PHP Album
Affected Version: version 0.4.1.14.fix06 and other versions.
Vendor’s URL: PHP Album
Bug Type: Cross Site Scripting and system access
Risk Level: Critical
Solution:
Edit the source code to ensure that input is properly sanitised. Do not browse untrusted sites or follow untrusted links while being logged-in to the application.
Access Bypass, Cross Site Scripting, Image Galleries
Application: TinyBB
Affected Version: version 1.4 released before April 11th 2011.
Vendor’s URL: TinyBB
Bug Type: SQL Injection
Risk Level: Critical
Solution:
The vendor has released an updated version 1.4 on April 11th, 2011, which fixes the vulnerability.
Discussion Boards, SQL Injection
Application: vBulletin
Affected Version: all versions of vBulletin 4.X
Vendor’s URL: vBulletin
Bug Type: SQL Injection
Risk Level: Critical
Solution:
Upgrade to the latest patch.
Content Management, SQL Injection
Application: WordPress
Affected Version: versions prior to 3.1.1.
Vendor’s URL: WordPress
Bug Type: Cross-Site Scripting and Denial of Service
Risk Level: Critical
Solution:
Update to version 3.1.1.
Content Management, Cross Site Scripting, Denial Of Service
Application: Joomla!
Affected Version: versions prior to 1.5.
Vendor’s URL: FLEXIcontent Component
Bug Type: Insecure Permissions and Command Injection
Risk Level:
Solution:
Update to version 1.5.
Content Management, Remote Command Execution
Application: WordPress
Affected Version: version 0.5.0.1 and other versions.
Vendor’s URL: WP Custom Pages
Bug Type: File Disclosure
Risk Level: Critical
Solution:
Edit the source code to ensure that input is properly verified.
Content Management, Information Disclosure
Application: Joomla!
Affected Version: versions prior to 1.3.
Vendor’s URL: Joomanager Component
Bug Type: SQL Injection
Risk Level: Critical
Solution:
Update to version 1.3.
Content Management, SQL Injection