Archive

Archive for July, 2011

Joomla! AlphaRegistration Component “email” SQL Injection

July 26th, 2011
Comments Off

Application: Joomla!
Affected Version: version 2.0.13 and other versions.
Vendor’s URL: AlphaRegistration Component
Bug Type: SQL Injection
Risk Level: Critical

Solution:
Edit the source code to ensure that input is properly sanitised.

Content Management, SQL Injection

Joomla! Simple Page Options Module “spo_site_lang” Local File Inclusion

July 26th, 2011
Comments Off

Application: Joomla!
Affected Version: version 1.5.16 and other versions.
Vendor’s URL: Simple Page Options Module
Bug Type: File Inclusion
Risk Level: Critical

Solution:
Edit the source code to ensure that input is properly verified.

Content Management, File Inclusion

WordPress WP e-Commerce Plugin “collected_data[]” SQL Injection

July 26th, 2011
Comments Off

Application: WordPress
Affected Version: version 3.8.4 and prior versions.
Vendor’s URL: WP e-Commerce Plugin
Bug Type: SQL Injection
Risk Level: Critical

Solution:
Update to version 3.8.5.

Content Management, SQL Injection

vBulletin Search UI Unspecified SQL Injection

July 26th, 2011
Comments Off

Application: vBulletin
Affected Version: 4.1.4pl2 and prior versions.
Vendor’s URL: vBulletin
Bug Type: SQL Injection
Risk Level: Critical

Solution:
Update to a fixed version.

Discussion Boards, SQL Injection

WordPress bSuite Plugin Two Script Insertion

July 26th, 2011
Comments Off

Application: WordPress
Affected Version: version 4.0.7 and other versions
Vendor’s URL: bSuite Plugin
Bug Type: Cross Site Scripting
Risk Level: Critical

Solution:
Edit the source code to ensure that input is properly sanitised.

Content Management, Cross Site Scripting

Joomla! AvReloaded Component “divid” SQL Injection

July 26th, 2011
Comments Off

Application: Joomla!
Affected Version: versions prior to 1.2.7.
Vendor’s URL: AvReloaded Component
Bug Type: SQL Injection
Risk Level: Critical

Solution:
Update to version 1.2.7.

Content Management, SQL Injection

Joomla! Sobi2 Component Multiple SQL Injection

July 26th, 2011
Comments Off

Application: Joomla!
Affected Version: version 2.9.3.2 and prior version
Vendor’s URL: Sobi2 Component
Bug Type: SQL Injection
Risk Level: Critical

Solution:
Update to version 2.9.4.

Content Management, SQL Injection

Joomla! Fabrik Component Unspecified SQL Injection

July 26th, 2011
Comments Off

Application: Joomla!
Affected Version: versions prior to 2.1.
Vendor’s URL: Fabrik Component
Bug Type: SQL Injection
Risk Level: Critical

Solution:
Update to version 2.1.

Content Management, SQL Injection

Joomla! Xmap Component “view” SQL Injection

July 26th, 2011
Comments Off

Application: Joomla!
Affected Version: version 1.2.11
Vendor’s URL: Xmap Component
Bug Type: SQL Injection
Risk Level: SQL Injection

Solution:
Update to version 1.2.12.

Content Management, SQL Injection

Drupal Node Access Security Bypass

July 26th, 2011
Comments Off

Application: Drupal
Affected Version: versions 7.0, 7.1, and 7.2.
Vendor’s URL: Drupal
Bug Type: Security Bypass
Risk Level: Security Bypass

Solution:
Update to a fixed version.

Access Bypass, Content Management

Joomla! Newsletter Subscriber Plugin “name” and “email” Cross-Site Scripting

July 26th, 2011
Comments Off

Application: Joomla!
Affected Version: version 1.3 for Joomla! 1.5 and confirmed in version 1.2 for Joomla! 1.6.
Vendor’s URL: Newsletter Subscriber Plugin
Bug Type: Cross Site Scripting
Risk Level: Critical

Solution:
Update to version 1.3 for Joomla! 1.5 (released June 28th, 2011) or version 1.2 for Joomla! 1.6 (released June 29th, 2011).

Content Management, Cross Site Scripting

WordPress Unauthorized Access and SQL Injection

July 26th, 2011
Comments Off

Application: WordPress
Affected Version: versions 3.1.3 and prior
Vendor’s URL: WordPress
Bug Type: Unauthorized Access and SQL Injection
Risk Level: Critical

Solution:
Update to version 3.1.4.

Access Bypass, Content Management, SQL Injection