Archive

Archive for September, 2012

WordPress CSS Plus Plugin Unspecified Vulnerabilities

September 30th, 2012
Comments Off

Application: WordPress
Affected Version: versions prior to 1.3.2.
Vendor’s URL: CSS Plus Plugin
Bug Type: -
Risk Level: Critical

Solution:
Update to version 1.3.2.

Content Management

Drupal PRH Search Module Script Insertion

September 30th, 2012
Comments Off

Application: Drupal
Affected Version: versions prior to 7.x-1.1.
Vendor’s URL: PRH Search Module
Bug Type: Cross Site Scripting
Risk Level: Critical

Solution:
Update to version 7.x-1.1.

Content Management, Cross Site Scripting

WordPress Answer My Question Plugin “user_name” and “subject” Script Insertion

September 30th, 2012
Comments Off

Application: WordPress
Affected Version: versions prior to 1.2.
Vendor’s URL: Answer My Question Plugin
Bug Type: Cross Site Scripting
Risk Level: Critical

Solution:
Update to version 1.2.

Content Management, Cross Site Scripting

Drupal PDFThumb Module Command Injection

September 30th, 2012
Comments Off

Application: Drupal
Affected Version: versions prior to 7.x-1.1.
Vendor’s URL: PDFThumb Module
Bug Type: System Access
Risk Level: Critical

Solution:
Update to version 7.x-1.1.

Access Bypass, Content Management

WordPress Mac Photo Gallery Plugin Two Security Bypass Security

September 30th, 2012
Comments Off

Application: WordPress
Affected Version: version 2.10 and other versions.
Vendor’s URL: Mac Photo Gallery Plugin
Bug Type: Security Bypass
Risk Level: Critical

Solution:
Upgrade to a fixed version (please contact the vendor for details).

Access Bypass, Content Management

Joomla! iCagenda Component “id” SQL Injection Vulnerability

September 30th, 2012
Comments Off

Application: Joomla!
Affected Version: version 1.2.2 and other versions.
Vendor’s URL: iCagenda Component
Bug Type: SQL Injection
Risk Level: Critical

Solution:
The vendor has released a fix, however, the fix is ineffective. No official solution is currently available.

Content Management, SQL Injection

MediaWiki Multiple Vulnerabilities

September 30th, 2012
Comments Off

Application: MediaWiki
Affected Version: versions prior to 1.18.5 and prior to 1.19.2.
Vendor’s URL: MediaWiki
Bug Type: Cross Site Scripting
Risk Level: Critical

Solution:
Update to version 1.18.5 or 1.19.2 and apply the vendor workaround in case only external authentication is used (please see the vendor’s advisory for details).

Content Management, Cross Site Scripting

WordPress Carousel Slideshow Plugin Unspecified Vulnerabilities

September 30th, 2012
Comments Off

Application: WordPress
Affected Version: versions prior to 3.10.
Vendor’s URL: Carousel Slideshow Plugin
Bug Type: -
Risk Level: Critical

Solution:
Update to version 3.10.

Content Management