Archive

Archive for February, 2012

WordPress WP-RecentComments Plugin “id” SQL Injection

February 26th, 2012
Comments Off

Application: WordPress
Affected Version: version 2.0.7 and other versions.
Vendor’s URL: WP-RecentComments Plugin
Bug Type: SQL Injection
Risk Level: Critical

Solution:
Edit the source code to ensure that input is properly sanitised.

Content Management, SQL Injection

Drupal Security Issue and Security Bypass

February 26th, 2012
Comments Off

Application: Drupal
Affected Version: versions prior to 6.23 and versions prior to 7.11.
Vendor’s URL: Drupal
Bug Type: Security Bypass
Risk Level: Critical

Solution:
Update to the latest version.

Access Bypass, Content Management

WordPress Magn Drag and Drop Upload Plugin Arbitrary File Upload

February 26th, 2012
Comments Off

Application: WordPress
Affected Version: version 1.1.4 and prior versions.
Vendor’s URL: Magn Drag and Drop Upload Plugin
Bug Type: File Upload
Risk Level: Critical

Solution:
Update to version 1.2.0.

Content Management, File Inclusion

Joomla! DT Register Component “list1″ SQL Injection

February 26th, 2012
Comments Off

Application: Joomla!
Affected Version: version 2.7.13a and other versions.
Vendor’s URL: DT Register Component
Bug Type: SQL Injection
Risk Level: Critical

Solution:
Filter malicious characters and character sequences using a proxy.

Content Management, SQL Injection

WordPress SB Uploader Plugin Arbitrary File Upload

February 26th, 2012
Comments Off

Application: WordPress
Affected Version: version 3.2 and other versions.
Vendor’s URL: SB Uploader Plugin
Bug Type: File Upload
Risk Level: Critical

Solution:
Edit the source code to ensure that input is properly verified.

Content Management, File Inclusion

WordPress Absolute Privacy Plugin Security Bypass

February 26th, 2012
Comments Off

Application: WordPress
Affected Version: version 2.0.5 and other versions.
Vendor’s URL: Absolute Privacy Plugin
Bug Type: Security Bypass
Risk Level: Critical

Solution:
Edit the source code to ensure that input is properly verified.

Access Bypass, Content Management

Drupal Faster Permissions Module Security Bypass

February 26th, 2012
Comments Off

Application: Drupal
Affected Version: versions prior to 7.x-1.2.
Vendor’s URL: Faster Permissions Module
Bug Type: Security Bypass
Risk Level:

Solution:
Update to version 7.x-1.2.

Access Bypass, Content Management

WordPress Relocate Upload Plugin “abspath” File Inclusion

February 26th, 2012
Comments Off

Application: WordPress
Affected Version: version 0.14 and prior versions.
Vendor’s URL: Relocate Upload Plugin
Bug Type: File Inclusion
Risk Level: Critical

Solution:
Update to version 0.20.

Content Management, File Inclusion

Drupal Finder Module Multiple Vulnerabilities

February 26th, 2012
Comments Off

Application: Drupal
Affected Version: versions 7.x-1.6 and prior.
Vendor’s URL: Finder Module
Bug Type: Cross Site Scripting and system bypass
Risk Level: Critical

Solution:
The script insertion vulnerabilities are fixed in version 7.x-2.0-alpha8. Edit the source code to ensure that input is properly sanitised.

Access Bypass, Content Management, Cross Site Scripting

ImpressCMS Multiple Vulnerabilities

February 1st, 2012
Comments Off

Application: ImpressCMS
Affected Version: version 1.3 Final and prior versions.
Vendor’s URL: ImpressCMS
Bug Type: Cross Site Scripting
Risk Level: Critical

Solution:
Update to version 1.2.7 Final or 1.3.1 Final.

Content Management, Cross Site Scripting

Joomla! Simple File Upload Module Arbitrary File Upload

February 1st, 2012
Comments Off

Application: Joomla!
Affected Version: version 1.3.5 and other versions.
Vendor’s URL: Simple File Upload Module
Bug Type: File Upload
Risk Level: Critical

Solution:
Restrict access to the upload folder (e.g. via .htaccess).

Content Management, File Inclusion

Joomla! JE Story Submit Component File Upload

February 1st, 2012
Comments Off

Application: Joomla!
Affected Version: version 1.9.3 and other versions.
Vendor’s URL: JE Story Submit Component
Bug Type: File Upload
Risk Level: Critical

Solution:
Restrict access to the upload folder (e.g. via .htaccess).

Content Management, File Inclusion

WordPress Kish Guest Posting Plugin Arbitrary File Upload

February 1st, 2012
Comments Off

Application: WordPress
Affected Version: version 1.2 and other versions.
Vendor’s URL: Kish Guest Posting Plugin
Bug Type: File Upload
Risk Level: Critical

Solution:
Restrict access to wp-content/plugins/kish-guest-posting/uploadify/scripts/uploadify.php (e.g. via .htaccess).

Content Management, File Inclusion

WordPress Theme Tuner Plugin “tt-abspath” File Inclusion

February 1st, 2012
Comments Off

Application: WordPress
Affected Version: version 0.7 and other versions
Vendor’s URL: Theme Tuner Plugin
Bug Type: File Inclusion
Risk Level: Critical

Solution:
Update to version 0.8.

Content Management, File Inclusion

WordPress AllWebMenus Plugin Arbitrary File Upload

February 1st, 2012
Comments Off

Application: WordPress
Affected Version: version 1.1.8 and prior versions.
Vendor’s URL: AllWebMenus Plugin
Bug Type: File Upload
Risk Level: Critical

Solution:
Update to version 1.1.9.

Content Management, File Inclusion

WordPress WP e-Commerce Unspecified SQL Injection

February 1st, 2012
Comments Off

Application: WordPress
Affected Version: versions prior to 3.8.7.6.
Vendor’s URL: WP e-Commerce
Bug Type: SQL Injection
Risk Level: Critical

Solution:
Update to version 3.8.7.6.

Content Management, SQL Injection

WordPress uCan Post Plugin Two Script Insertion

February 1st, 2012
Comments Off

Application: WordPress
Affected Version: version 1.0.09 and other versions.
Vendor’s URL: uCan Post Plugin
Bug Type: Cross Site Scripting
Risk Level: Critical

Solution:
Edit the source code to ensure that input is properly sanitised.

Content Management, Cross Site Scripting

WordPress NextGEN Gallery Plugin “paged” Input Sanitisation

February 1st, 2012
Comments Off

Application: WordPress
Affected Version: versions prior to 1.9.1.
Vendor’s URL: NextGEN Gallery Plugin
Bug Type: Input Sanitisation
Risk Level: Critical

Solution:
Update to version 1.9.1.

Content Management

WordPress myEASYbackup Plugin “dwn_file” File Disclosure

February 1st, 2012
Comments Off

Application: WordPress
Affected Version: version 1.0.8.1 and other versions.
Vendor’s URL: myEASYbackup Plugin
Bug Type: File Disclosure
Risk Level: Critical

Solution:
Update to version 1.0.9.

Content Management, Information Disclosure

phpMyDirectory “id” SQL Injection

February 1st, 2012
Comments Off

Application: phpMyDirectory
Affected Version: version 1.3.3 and other versions.
Vendor’s URL: phpMyDirectory
Bug Type: SQL Injection
Risk Level: Critical

Solution:
Filter malicious characters and character sequences using a proxy.

General Purpose Directories, SQL Injection