Archive

Archive for March, 2012

OneFileCMS User Redirection Security Bypass Security Issue

March 30th, 2012
Comments Off

Application: OneFileCMS
Affected Version: version 1.1.4 and prior versions.
Vendor’s URL: OneFileCMS
Bug Type: Security Bypass
Risk Level: Critical

Solution:
Update to version 1.1.5.

Access Bypass, Content Management

OSClass combine.php File Manipulation Vulnerability

March 30th, 2012
Comments Off

Application: OSClass
Affected Version: version 2.3.5 and prior versions.
Vendor’s URL: OSClass
Bug Type: Manipulation of data
Risk Level: Critical

Solution:
Update to version 2.3.6.

Uncategorized

Joomla! Cross-Site Scripting and SQL Injection Vulnerabilities

March 30th, 2012
Comments Off

Application: Joomla!
Affected Version: versions 2.5.0 and 2.5.1 and prior versions
Vendor’s URL: Joomla!
Bug Type: Cross-Site Scripting and SQL Injection
Risk Level: Critical

Solution:
Update to version 2.5.2.

Content Management, Cross Site Scripting, SQL Injection

WordPress Formidable Pro Plugin Unspecified Vulnerabilities

March 30th, 2012
Comments Off

Application: WordPress
Affected Version: versions prior to 1.6.3.
Vendor’s URL: Formidable Pro Plugin
Bug Type: -
Risk Level: Critical

Solution:
Update to version 1.6.3.

Content Management

WordPress Video Embed & Thumbnail Generator Plugin Code Execution Vulnerabilities

March 30th, 2012
Comments Off

Application: WordPress
Affected Version: version 1.1 and other versions.
Vendor’s URL: Video Embed & Thumbnail Generator Plugin
Bug Type: Code Execution
Risk Level: Critical

Solution:
Upgrade to version 2.0.

Content Management, Remote Command Execution

Joomla! Two Security Bypass Vulnerabilities

March 30th, 2012
Comments Off

Application: Joomla!
Affected Version: versions 2.5.0 through 2.5.2.
Vendor’s URL: Joomla!
Bug Type: Security Bypass
Risk Level: Critical

Solution:
Update to version 2.5.3.

Access Bypass, Content Management

Drupal CKEditor / FCKeditor Modules Cross Site Scripting and Code Execution Vulnerabilities

March 30th, 2012
Comments Off

Application: Drupal
Affected Version:
* FCKeditor module versions 6.x-2.x prior to 6.x-2.3.
* CKEditor module versions 6.x-1.x prior to 6.x-1.9.
* CKEditor module versions 7.x-1.x prior to 7.x-1.7.
Vendor’s URL: CKEditor / FCKeditor Modules
Bug Type: Cross Site Scripting and Code Execution
Risk Level: Critical

Solution:
Update to a fixed version.

Content Management, Cross Site Scripting, Remote Command Execution

Drupal Slidebox Module Security Bypass Vulnerability

March 30th, 2012
Comments Off

Application: Drupal
Affected Version: versions 7.x-1.0 through 7.x-1.3.
Vendor’s URL: Slidebox Module
Bug Type: Security Bypass
Risk Level: Critical

Solution:
Update to version 7.x-1.4.

Access Bypass, Content Management

WordPress BuddyPress Plugin “exclude” SQL Injection

March 30th, 2012
Comments Off

Application: WordPress
Affected Version: version 1.5.4
Vendor’s URL: BuddyPress Plugin
Bug Type: SQL Injection
Risk Level: Critical

Solution:
version 1.5.4

Content Management, SQL Injection

WordPress Image News slider Plugin Unspecified Vulnerabilities

March 30th, 2012
Comments Off

Application: WordPress
Affected Version: versions prior to 3.2.
Vendor’s URL: Image News slider Plugin
Bug Type:
Risk Level: Critical

Solution:
Update to version 3.2

Content Management

WordPress Blaze Slideshow Plugin Unspecified Vulnerabilities

March 30th, 2012
Comments Off

Application: WordPress
Affected Version: versions prior to 2.2.
Vendor’s URL: Blaze Slideshow Plugin
Bug Type:
Risk Level: Critical

Solution:
Update to version 2.2.

Content Management