Archive

Archive for June, 2011

WordPress Plugins Compromised Source Packages Backdoor Security Issue

June 28th, 2011
Comments Off

Application: WordPress
Affected Version:
WPtouch Plugin (source files were distributed on June 21st, 2011, and possibly prior.)
W3 Total Cache Plugin (source files were distributed on June 21st, 2011 and possibly prior.)
AddThis Plugin (source files were distributed on June 21st, 2011 and possibly prior.)
Vendor’s URL:
WPtouch Plugin
W3 Total Cache Plugin
AddThis Plugin
Bug Type: System Access – Backdoor
Risk Level: Critical

Solution:
WPtouch Plugin – Update to version 1.9.29.
W3 Total Cache Plugin – Manually install version 0.9.2.3 downloaded after June 21st, 2011.
AddThis Plugin – Manually install version 2.2.0 downloaded after June 21st, 2011.

Access Bypass, Blogs

DokuWiki “rss” Script Insertion

June 28th, 2011
Comments Off

Application: DokuWiki
Affected Version: versions 2010-11-07a and 2011-05-25 and prior versions
Vendor’s URL: DokuWiki
Bug Type: Cross Site Scripting
Risk Level: Critical

Solution:
Update to version 2011-05-25a.

Content Management, Cross Site Scripting

Joomla! Core Design Scriptegrator Unspecified File Inclusion

June 28th, 2011
Comments Off

Application: Joomla!
Affected Version: versions prior to 2.0.9.
Vendor’s URL: Core Design Scriptegrator
Bug Type: File Inclusion
Risk Level: Critical

Solution:
Update to version 2.0.9.

Content Management, File Inclusion

Joomla! Component Calc Builder “id” SQL Injection

June 28th, 2011
Comments Off

Application: Joomla!
Affected Version: version 0.0.1 and other versions.
Vendor’s URL: Component Calc Builder
Bug Type: SQL Injection
Risk Level: Critical

Solution:
Update to version 0.0.2.

Content Management, SQL Injection

e107 “user_field” SQL Injection

June 28th, 2011
Comments Off

Application: e107
Affected Version: version 0.7.25 and other versions.
Vendor’s URL: e107
Bug Type: SQL Injection
Risk Level: Critical

Solution:
Edit the source code to ensure that input is properly sanitised.

Content Management, SQL Injection

Joomla! Core Design Scriptegrator Plugin Two File Inclusion

June 28th, 2011
Comments Off

Application: Joomla!
Affected Version: version 1.5.5 and other versions.
Vendor’s URL: Core Design Scriptegrator Plugin
Bug Type: File Inclusion
Risk Level: Critical

Solution:
Update to version 1.5.6.

Content Management, File Inclusion

Joomla! Minitek FAQ Book Component “id” SQL Injection

June 28th, 2011
Comments Off

Application: Joomla!
Affected Version: version 1.3 and other versions.
Vendor’s URL: Minitek FAQ Book Component
Bug Type: SQL Injection
Risk Level: Critical

Solution:
Edit the source code to ensure that input is properly sanitised.

Content Management, SQL Injection

vBulletin YUI Component Library Unspecified

June 28th, 2011
Comments Off

Application: vBulletin
Affected Version: versions prior to 4.1.3 PL1 and vBulletin Forum Classic versions prior to 3.8.7 PL1 and 4.1.3 PL1.
Vendor’s URL: YUI Component Library
Bug Type: Unknown
Risk Level: Critical

Solution:
Update to vBulletin Publishing Suite version 4.1.3 PL1 or vBulletin Forum Classic version 3.8.7 PL1 or 4.1.3 PL1

Discussion Boards

Joomla! Jms FileSeller Component “view” Local File Inclusion

June 28th, 2011
Comments Off

Application: Joomla!
Affected Version: version 1.0 and other versions.
Vendor’s URL: Jms FileSeller Component
Bug Type: File Inclusion
Risk Level: Critical

Solution:
Update to version 1.1.

Content Management, File Inclusion

Joomla! Joomnik Gallery Component “album” SQL Injection

June 28th, 2011
Comments Off

Application: Joomla!
Affected Version: version 0.9 and other versions.
Vendor’s URL: Joomnik Gallery Component
Bug Type: SQL Injection
Risk Level: Critical

Solution:
Update to version 0.9.1.

Content Management, SQL Injection

Joomla! jomEstate PRO Component “district” SQL Injection

June 28th, 2011
Comments Off

Application: Joomla!
Affected Version: version 1.3.6 and other versions.
Vendor’s URL: jomEstate PRO Component
Bug Type: SQL Injection
Risk Level: Critical

Solution:
Filter malicious characters or character sequences via a proxy.

Content Management, SQL Injection

Drupal Script Insertion and Security Bypass

June 28th, 2011
Comments Off

Application: Drupal
Affected Version: version 7.0.
Vendor’s URL: Drupal
Bug Type: Script Insertion and Security Bypass
Risk Level: Critical

Solution:
Update to version 7.1 or later.

Access Bypass, Content Management