Archive

Archive for August, 2012

WordPress Image News slider Plugin Unspecified Vulnerabilities

August 30th, 2012
Comments Off

Application: WordPress
Affected Version: versions prior to 3.4.
Vendor’s URL: Image News slider Plugin
Bug Type: -
Risk Level: Critical

Solution:
Update to version 3.4.

Content Management

WordPress Count Per Day Plugin “note” Script Insertion

August 30th, 2012
Comments Off

Application: WordPress
Affected Version: version 3.2.3 and other versions.
Vendor’s URL: Count Per Day Plugin
Bug Type: Cross Site Scripting
Risk Level: Critical

Solution:
No official solution is currently available.

Content Management, Cross Site Scripting

Joomla! Komento Component RSS Feed “cid” SQL Injection

August 30th, 2012
Comments Off

Application: Joomla!
Affected Version: version 1.0.2769 free edition and other versions.
Vendor’s URL: Komento Component
Bug Type: SQL Injection
Risk Level: Critical

Solution:
Update to version 1.0.2771.

Content Management, SQL Injection

WordPress Zingiri Web Shop Plugin Cookie SQL Injection

August 30th, 2012
Comments Off

Application: WordPress
Affected Version: version 2.4.7 and prior versions.
Vendor’s URL: Zingiri Web Shop Plugin
Bug Type: SQL Injection
Risk Level: Critical

Solution:
Update to version 2.4.8.

Content Management, SQL Injection

WordPress RSVPMaker RVSP Report Script Insertion

August 30th, 2012
Comments Off

Application: WordPress
Affected Version: versions prior to 2.5.5.
Vendor’s URL: RSVPMaker RVSP Report
Bug Type: Cross Site Scripting
Risk Level: Critical

Solution:
Update to version 2.5.5.

Content Management, Cross Site Scripting

WordPress Mz-jajak Plugin “id” SQL Injection

August 30th, 2012
Comments Off

Application: WordPress
Affected Version: version 2.1 and other versions.
Vendor’s URL: Mz-jajak Plugin
Bug Type: SQL Injection
Risk Level: Critical

Solution:
No official solution is currently available.

Content Management, SQL Injection

WordPress SimpleMail Plugin Email Fields Script Insertion

August 30th, 2012
Comments Off

Application: WordPress
Affected Version: version 1.0.6 and other versions.
Vendor’s URL: SimpleMail Plugin
Bug Type: Cross Site Scripting
Risk Level: Critical

Solution:
No official solution is currently available.

Content Management, Cross Site Scripting

WordPress Postie Plugin Email Script Insertion

August 30th, 2012
Comments Off

Application: WordPress
Affected Version: version 1.4.4 and other versions.
Vendor’s URL: Postie Plugin
Bug Type: Cross Site Scripting
Risk Level: Critical

Solution:
The vendor has released a fix, however, the fix is ineffective. No official solution is currently available.

Content Management, Cross Site Scripting

Joomla! En Masse Component Remote File Inclusion

August 30th, 2012
Comments Off

Application: Joomla!
Affected Version: versions prior to 3.1.3.
Vendor’s URL: En Masse Component
Bug Type: File Inclusion
Risk Level: Critical

Solution:
Update to version 3.1.3.

Content Management, File Inclusion

Joomla! En Masse Component “sortBy” SQL Injection

August 30th, 2012
Comments Off

Application: Joomla!
Affected Version: version 3.0.3 and other versions.
Vendor’s URL: En Masse Component
Bug Type: SQL Injection
Risk Level: Critical

Solution:
No official solution is currently available.

Content Management, SQL Injection

WordPress Vitamin Plugin Two Arbitrary File Disclosure

August 30th, 2012
Comments Off

Application: WordPress
Affected Version: version 1.0.
Vendor’s URL: Vitamin Plugin
Bug Type: File Disclosure
Risk Level: Critical

Solution:
Update to version 1.1.

Content Management, Information Disclosure

WordPress WP Lead Management Plugin Script Insertion

August 30th, 2012
Comments Off

Application: WordPress
Affected Version: version 3.0.0 and other versions.
Vendor’s URL: WP Lead Management Plugin
Bug Type: Cross Site Scripting
Risk Level: Critical

Solution:
No official solution is currently available.

Content Management, Cross Site Scripting

WordPress Featured Post with thumbnail Plugin Unspecified timthumb Vulnerability

August 30th, 2012
Comments Off

Application: WordPress
Affected Version: versions prior to 1.5.
Vendor’s URL: Featured Post with thumbnail Plugin
Bug Type: Unspecified
Risk Level: Critical

Solution:
Update to version 1.5.

Content Management

Joomla! Joomgalaxy Component “catid” SQL Injection

August 30th, 2012
Comments Off

Application: Joomla!
Affected Version: version 1.2.0.4 and other versions.
Vendor’s URL: Joomgalaxy Component
Bug Type: SQL Injection
Risk Level: Critical

Solution:
No official solution is currently available.

Content Management, SQL Injection

Drupal Monthly Archive by Node Type Module Node Access Security Bypass

August 30th, 2012
Comments Off

Application: Drupal
Affected Version: all 6.x versions.
Vendor’s URL: Monthly Archive by Node Type Module
Bug Type: Security Bypass
Risk Level: Critical

Solution:
No official solution is currently available.

Access Bypass, Content Management

Joomla! Movm Component “id” SQL Injection

August 30th, 2012
Comments Off

Application: Joomla!
Affected Version: SQL Injection
Vendor’s URL: Movm Component
Bug Type: SQL Injection
Risk Level: Critical

Solution:
No official solution is currently available.

Content Management, SQL Injection

WordPress Cloudsafe365 Plugin Multiple Vulnerabilities

August 30th, 2012
Comments Off

Application: WordPress
Affected Version: version 1.46 and prior versions.
Vendor’s URL: Cloudsafe365 Plugin
Bug Type: Cross Site Scripting
Risk Level: Critical

Solution:
Update to version 1.47.

Content Management, Cross Site Scripting