Archive

Archive for August, 2011

Drupal Addresses Module Script Insertion

August 24th, 2011
Comments Off

Application: Drupal
Affected Version: versions prior to 6.x-1.10.
Vendor’s URL: Addresses Module
Bug Type: Cross Site Scripting
Risk Level: Critical

Solution:
Update to version 6.x-1.10.

Content Management

WordPress WP Symposium Plugin “uid” SQL Injection

August 24th, 2011
Comments Off

Application: WordPress
Affected Version: version 0.64 and prior versions.
Vendor’s URL: WP Symposium Plugin
Bug Type: SQL Injection
Risk Level: Critical

Solution:
Update to version 11.8.18.

Blogs, SQL Injection

WordPress UnGallery Plugin “pic”, “zip”, and “movie” File Disclosure

August 24th, 2011
Comments Off

Application: WordPress
Affected Version: version 1.5.8 and prior versions.
Vendor’s URL: UnGallery Plugin
Bug Type: File Disclosure
Risk Level: Critical

Solution:
Update to version 1.5.9.

Blogs, Information Disclosure

DV Cart “keyword” SQL Injection

August 24th, 2011
Comments Off

Application: DV Cart
Affected Version: -
Vendor’s URL: DV Cart
Bug Type: SQL Injection
Risk Level: Critical

Solution:
Filter malicious characters and character sequences using a proxy.

E-Commerce, SQL Injection

WordPress Global Content Blocks Plugin “gcb” SQL Injection

August 24th, 2011
Comments Off

Application: WordPress
Affected Version: version 1.2 and other versions.
Vendor’s URL: Global Content Blocks Plugin
Bug Type: SQL Injection
Risk Level: Critical

Solution:
Update to version 1.3.

Blogs, SQL Injection

WordPress Menu Creator Plugin “menu_id” SQL Injection

August 24th, 2011
Comments Off

Application: WordPress
Affected Version: version 1.1.7 and other versions.
Vendor’s URL: Menu Creator Plugin
Bug Type: SQL Injection
Risk Level: Critical

Solution:
Edit the source code to ensure that input is properly sanitised.

Blogs, SQL Injection

WordPress File Groups Plugin “fgid” SQL Injection

August 24th, 2011
Comments Off

Application: WordPress
Affected Version: version 1.1.2 and prior versions.
Vendor’s URL: File Groups Plugin
Bug Type: SQL Injection
Risk Level: Critical

Solution:
Update to version 1.1.3.

Blogs, SQL Injection

WordPress WP DS FAQ Plugin “id” SQL Injection

August 24th, 2011
Comments Off

Application: WordPress
Affected Version: version 1.3.2
Vendor’s URL: WP DS FAQ Plugin
Bug Type: SQL Injection
Risk Level: Critical

Solution:
Edit the source code to ensure that input is properly sanitised.

Blogs, SQL Injection

WordPress Odihost Newsletter Plugin “id” SQL Injection

August 24th, 2011
Comments Off

Application: WordPress
Affected Version: version 1.0 and other versions.
Vendor’s URL: Odihost Newsletter Plugin
Bug Type: SQL Injection
Risk Level: Critical

Solution:
Edit the source code to ensure that input is properly sanitised.

Blogs, SQL Injection

Joomla! RAXO All-mode PRO Module TimThumb Arbitrary File Upload

August 24th, 2011
Comments Off

Application: Joomla!
Affected Version:
Vendor’s URL: RAXO All-mode PRO Module TimThumb
Bug Type: File Upload
Risk Level: Critical

Solution:
Update to version 1.5.0.

Content Management, File Inclusion

WordPress All in One Adsense and YPN Plugin Security Bypass

August 24th, 2011
Comments Off

Application: WordPress
Affected Version: version 2.01 and other versions.
Vendor’s URL: All in One Adsense and YPN Plugin
Bug Type: Security Bypass
Risk Level: Critical

Solution:
Restrict access to the wp-content/plugins/all-in-one-adsense-and-ypn/all-in-one-adsense-and-ypn.php script (e.g. via .htaccess).

Access Bypass, Blogs

WordPress Link Library Plugin “id” Cross-Site Scripting and SQL Injection

August 24th, 2011
Comments Off

Application: WordPress
Affected Version: version 5.0.8 and other versions.
Vendor’s URL: Link Library Plugin
Bug Type: Cross-Site Scripting and SQL Injection
Risk Level: Critical

Solution:
Edit the source code to ensure that input is properly sanitised.

Blogs, Cross Site Scripting, SQL Injection

Joomla! TNR ESearch Component “searchId” SQL Injection

August 24th, 2011
Comments Off

Application: Joomla!
Affected Version: version 3.0.0 and other versions.
Vendor’s URL: TNR ESearch Component
Bug Type: SQL Injection
Risk Level: Critical

Solution:
Edit the source code to ensure that input is properly sanitised.

Content Management, SQL Injection

WordPress UPM Polls Plugin “qid” SQL Injection

August 24th, 2011
Comments Off

Application: WordPress
Affected Version: version 1.0.3 and prior versions.
Vendor’s URL: UPM Polls Plugin
Bug Type: SQL Injection
Risk Level: Critical

Solution:
Update to version 1.0.4.

Blogs, SQL Injection

WordPress Media Library Categories Plugin “termid” SQL Injection

August 24th, 2011
Comments Off

Application: WordPress
Affected Version: version 1.0.6 and other versions.
Vendor’s URL: Media Library Categories Plugin
Bug Type: SQL Injection
Risk Level: Critical

Solution:
Edit the source code to ensure that input is properly sanitised.

Blogs, SQL Injection

Drupal Mail Logger Module Log Output Script Insertion

August 24th, 2011
Comments Off

Application: Drupal
Affected Version: versions prior to 6.x-1.1.
Vendor’s URL: Mail Logger Module
Bug Type: Cross Site Scripting
Risk Level: Critical

Solution:
Update to version 6.x-1.1.

Content Management, Cross Site Scripting

WordPress WP e-Commerce Plugin “cart_messages[]” Cross-Site Scripting

August 24th, 2011
Comments Off

Application: WordPress
Affected Version: version 3.8.6 and other versions.
Vendor’s URL: WP e-Commerce Plugin
Bug Type: Cross-Site Scripting
Risk Level: Critical

Solution:
Edit the source code to ensure that input is properly sanitised.

Blogs, Cross Site Scripting

TimThumb Domain Name Security Bypass and Insecure Cache Handling

August 24th, 2011
Comments Off

Application: TimThumb
Affected Version: versions prior to 1.34
Vendor’s URL: TimThumb
Bug Type: Security Bypass
Risk Level:

Solution:
Update to version 1.34.

Access Bypass

MyBB MyTabs Plugin “tab” SQL Injection

August 24th, 2011
Comments Off

Application: MyBB
Affected Version: version 1.31 and other versions.
Vendor’s URL: MyTabs Plugin
Bug Type: SQL Injection
Risk Level: Critical

Solution:
Edit the source code to ensure that input is properly sanitised.

Discussion Boards, SQL Injection

Drupal Taxonomy Filter Module Vocabulary Names Script Insertion

August 24th, 2011
Comments Off

Application: Drupal
Affected Version: version 6.x-1.3 and earlier.
Vendor’s URL: Taxonomy Filter Module
Bug Type: Cross Site Scripting
Risk Level: Critical

Solution:
Update to version 6.x-1.6.

Content Management, Cross Site Scripting