Archive

Archive for April, 2012

WordPress Nmedia Users File Uploader Plugin Multiple Vulnerabilities

April 30th, 2012
Comments Off

Application: WordPress
Affected Version: versions prior to 1.8.
Vendor’s URL: Nmedia Users File Uploader Plugin
Bug Type: arbitrary file upload
Risk Level: Critical

Solution:
Update to version 1.8.

Content Management, File Inclusion

WordPress WP Marketplace Plugin File Enumeration Weakness and File Upload Vulnerability

April 30th, 2012
Comments Off

Application: WordPress
Affected Version: version 1.2.1 and prior versions.
Vendor’s URL: WP Marketplace Plugin
Bug Type: File Upload
Risk Level: Critical

Solution:
Update to version 1.2.2.

Content Management, File Inclusion

Gajim SQL and Command Injection Vulnerabilities

April 30th, 2012
Comments Off

Application: Gajim
Affected Version: versions prior to 0.15.
Vendor’s URL: Gajim
Bug Type: SQL and Command Injection
Risk Level: Critical

Solution:
Update to version 0.15.

Remote Command Execution, SQL Injection

OpenCart Two Vulnerabilities

April 30th, 2012
Comments Off

Application: OpenCart
Affected Version: version 1.5.2.1 and other versions.
Vendor’s URL: OpenCart
Bug Type: arbitrary code execution
Risk Level: Critical

Solution:
Edit the source code to ensure that input is properly verified. Restrict access to the download folder (e.g. via .htaccess)

E-Commerce, Remote Command Execution

vBulletin Two Script Insertion

April 30th, 2012
Comments Off

Application: vBulletin
Affected Version: versions 4.1.4 through 4.1.11.
Vendor’s URL: vBulletin
Bug Type: Cross Site Scripting
Risk Level: Critical

Solution:
Install patch, please consult with developers.

Cross Site Scripting, Discussion Boards

e-ticketing “user_name” and “password” SQL Injection

April 30th, 2012
Comments Off

Application: e-ticketing
Affected Version: version downloaded on 2012-04-05, other versions are not affected.
Vendor’s URL: e-ticketing
Bug Type: SQL Injection
Risk Level: Critical

Solution:
Edit the source code to ensure that input is properly sanitised.

Customer Relationship, SQL Injection

WordPress Another WordPress Classifieds Plugin Unspecified Image Upload Vulnerability

April 30th, 2012
Comments Off

Application: WordPress
Affected Version: versions prior to 2.0.
Vendor’s URL: Another WordPress Classifieds Plugin
Bug Type:
Risk Level: Critical

Solution:
Upgrade to version 2.0.

Content Management

Drupal Ubercart Module Script Insertion and Code Injection Vulnerabilities

April 30th, 2012
Comments Off

Application: Drupal
Affected Version: Ubercart 6.x-2.x. Drupal versions 6.x-2.x prior to 6.x-2.8 and versions 7.x-3.x prior to 7.x-3.1.
Vendor’s URL: Ubercart Module
Bug Type: Cross Site Scripting and code injection
Risk Level: Critical

Solution:
Update to version 6.x-2.8 or 7.x-3.1.

Content Management, Cross Site Scripting, Remote Command Execution

Drupal Linkit Module Information Disclosure Security Issue

April 30th, 2012
Comments Off

Application: Drupal
Affected Version: versions prior to 7.x-2.2.
Vendor’s URL: Linkit Module
Bug Type: Information Disclosure
Risk Level: Critical

Solution:
Update to version 7.x-2.3.

Content Management, Information Disclosure

Joomla! NinjaXplorer Component Unspecified Vulnerability

April 30th, 2012
Comments Off

Application: Joomla!
Affected Version: versions prior to 1.0.7.
Vendor’s URL: NinjaXplorer Component
Bug Type:
Risk Level: Critical

Solution:
Update to version 1.0.7.

Content Management

Joomla! ccNewsletter Component “id” SQL Injection

April 30th, 2012
Comments Off

Application: Joomla!
Affected Version: version 1.0.9 and prior versions
Vendor’s URL: ccNewsletter Component
Bug Type: SQL Injection
Risk Level: Critical

Solution:
Update to version 1.0.10 or later.

Content Management, SQL Injection

WordPress Zingiri Web Shop Plugin Multiple Unspecified Vulnerabilities

April 30th, 2012
Comments Off

Application: WordPress
Affected Version: versions prior to 2.4.0.
Vendor’s URL: Zingiri Web Shop Plugin
Bug Type: -
Risk Level: Critical

Solution:
Update to version 2.4.0.

Content Management