Archive

Archive for November, 2011

Joomla! Multiple NoNumber Extensions Local File Inclusion and PHP Code Execution

November 1st, 2011
Comments Off

Application: Joomla!
Affected Version:
* Add to Menu, versions prior to 1.8.1.
* AdminBar Docker, versions prior to 1.6.1.
* Advanced Module Manager, versions prior to 2.2.3.
* Articles Anywhere, versions prior to 1.13.1.
* Better Preview, versions prior to 1.10.1.
* Cache Cleaner, versions prior to 1.11.1.
* CDN, versions prior to 1.6.1.
* Content Templater, versions prior to 1.14.1.
* CustoMenu, versions prior to 2.8.1.
* DB Replacer, versions prior to 1.3.2.
* Modalizer, versions prior to 3.6.1.
* Modules Anywhere, versions prior to 1.13.1.
* NoNumber! Extension Manager, versions prior to 2.6.2.
* ReReplacer, versions prior to 2.17.2.
* Slider, versions prior to 1.7.1.
* Snippets, versions prior to 1.2.1.
* Sourcerer, versions prior to 2.11.1.
* Tabber, versions prior to 1.7.1.
* Timed Styles, versions prior to 1.4.1.
* Tooltips, versions prior to 1.1.1.
* What? Nothing!, versions prior to 6.2.1.
Vendor’s URL: Multiple NoNumber Extensions
Bug Type: File Inclusion and Code Execution
Risk Level: Critical

Solution:
Update to the respective latest version.

Content Management, File Inclusion, Remote Command Execution

WordPress Redirection Plugin “Referer” Header Script Insertion

November 1st, 2011
Comments Off

Application: WordPress
Affected Version: version 2.2.9 and prior versions.
Vendor’s URL: Redirection Plugin
Bug Type: Cross Site Scripting
Risk Level: Critical

Solution:
Update to version 2.2.10.

Blogs, Cross Site Scripting

WordPress YSlider Plugin “src” Arbitrary File Upload

November 1st, 2011
Comments Off

Application: WordPress
Affected Version: version 1.0 and prior versions.
Vendor’s URL: YSlider Plugin
Bug Type: File Upload
Risk Level: Critical

Solution:
Update to version 1.1.

Blogs, File Inclusion

WordPress SmoothGallery Plugin “src” Arbitrary File Upload

November 1st, 2011
Comments Off

Application: WordPress
Affected Version: version 1.15.1 and prior versions
Vendor’s URL: SmoothGallery Plugin
Bug Type: File Upload
Risk Level: Critical

Solution:
Update to version 1.15.2.

Blogs, File Inclusion

Joomla! Time Returns Component “id” SQL Injection

November 1st, 2011
Comments Off

Application: Joomla!
Affected Version: -
Vendor’s URL: Time Returns Component
Bug Type: SQL Injection
Risk Level: Critical

Solution:
Filter malicious characters and character sequences using a proxy.

Content Management, SQL Injection

WordPress Eventify Plugin “npath” File Inclusion

November 1st, 2011
Comments Off

Application: WordPress
Affected Version: version 1.7.g and prior versions.
Vendor’s URL: Eventify Plugin
Bug Type: File Inclusion
Risk Level: Critical

Solution:
Update to version 1.7.h.

Content Management, File Inclusion

MyBB Compromised Source Packages Backdoor Security Issue

November 1st, 2011
Comments Off

Application: MyBB
Affected Version: versions 1.6.4 on October 6th, 2011 and prior.
Vendor’s URL: MyBB
Bug Type: Source Packages Backdoor
Risk Level: Critical

Solution:
Manually download and install the latest version.

Discussion Boards

WordPress User Avatar Plugin “src” Arbitrary File Upload

November 1st, 2011
Comments Off

Application: WordPress
Affected Version: versions prior to 1.4.
Vendor’s URL: User Avatar Plugin
Bug Type: File Upload
Risk Level: Critical

Solution:
Update to version 1.4.

Content Management, File Inclusion

WordPress BackWPup Plugin “BackWPupJobTemp” File Inclusion

November 1st, 2011
Comments Off

Application: WordPress
Affected Version: version 2.1.5 and other versions.
Vendor’s URL: BackWPup Plugin
Bug Type: File Inclusion
Risk Level: Critical

Solution:
Edit the source code to ensure that input is properly verified.

Content Management, File Inclusion

WordPress WordPress Users Plugin “uid” SQL Injection

November 1st, 2011
Comments Off

Application: WordPress
Affected Version: version 1.3 and prior versions.
Vendor’s URL: WordPress Users Plugin
Bug Type: SQL Injection
Risk Level: Critical

Solution:
Update to version 1.4.

Content Management, SQL Injection

WordPress Contact Form Plugin “wpcf_easyform_formid” SQL Injection

November 1st, 2011
Comments Off

Application: WordPress
Affected Version: version 2.7.5 and other versions.
Vendor’s URL: Contact Form Plugin
Bug Type: SQL Injection
Risk Level: Critical

Solution:
Edit the source code to ensure that input is properly sanitised.

Content Management, SQL Injection

WordPress teachPress Plugin “root” Two Local File Inclusion

November 1st, 2011
Comments Off

Application: WordPress
Affected Version: version 2.3.2 and prior versions.
Vendor’s URL: teachPress Plugin
Bug Type: File Inclusion
Risk Level: Critical

Solution:
Update to version 2.3.3.

Content Management, File Inclusion

Drupal Certificate Login Module SQL Injection

November 1st, 2011
Comments Off

Application: Drupal
Affected Version: versions prior to 6.x-2.3.
Vendor’s URL: Certificate Login Module
Bug Type: SQL Injection
Risk Level: Critical

Solution:
Update to version 6.x-2.3

Content Management, SQL Injection

WordPress Light Post Plugin “abspath” File Inclusion

November 1st, 2011
Comments Off

Application: WordPress
Affected Version: version 1.4 and prior versions.
Vendor’s URL: Light Post Plugin
Bug Type: File Inclusion
Risk Level: Critical

Solution:
Update to version 1.5.

Content Management, File Inclusion

MyBB Advanced Forum Signatures Plugin Multiple SQL Injection

November 1st, 2011
Comments Off

Application: MyBB
Affected Version: version 2.0.4 and other version
Vendor’s URL: Advanced Forum Signatures Plugin
Bug Type: SQL Injection
Risk Level: Critical

Solution:
Edit the source code to ensure that input is properly sanitised.

Discussion Boards, SQL Injection

PrestaShop Presta2PhpList Module “list” SQL Injection

November 1st, 2011
Comments Off

Application: PrestaShop
Affected Version: version 1.5.
Vendor’s URL: Presta2PhpList Module
Bug Type: SQL Injection
Risk Level: Critical

Solution:
Edit the source code to ensure that input is properly sanitised.

E-Commerce, SQL Injection