Archive

Archive for October, 2012

WordPress GRAND FlAGallery Plugin Multipe Vulnerabilities

October 30th, 2012
Comments Off

Application: WordPress
Affected Version: version 2.00 and other versions.
Vendor’s URL: GRAND FlAGallery Plugin
Bug Type: SQL Injection, System Access
Risk Level: Critical

Solution:
No official solution is currently available.

Access Bypass, Content Management, SQL Injection

Tiki Wiki CMS/Groupware “unserialize()” PHP Code Execution

October 30th, 2012
Comments Off

Application: Tiki Wiki CMS/Groupware
Affected Version: versions prior to 6.8 and 9.2.
Vendor’s URL: Tiki Wiki CMS/Groupware
Bug Type: Code Execution
Risk Level: Critical

Solution:
Update to version 6.8 or 9.2.

Content Management, Remote Command Execution

WordPress Poll Plugin Multiple SQL Injection

October 30th, 2012
Comments Off

Application: WordPress
Affected Version: version 33.5 and prior versions.
Vendor’s URL: Poll Plugin
Bug Type: SQL Injection
Risk Level: Critical

Solution:
Update to version 33.6.

Content Management, SQL Injection

WordPress FireStorm Professional Real Estate Plugin SQL Injection

October 30th, 2012
Comments Off

Application: WordPress
Affected Version: version 2.05.01 and other versions.
Vendor’s URL: FireStorm Professional Real Estate Plugin
Bug Type: SQL Injection
Risk Level: Critical

Solution:
Update to version 2.06.03

Content Management, SQL Injection

Joomla! Commedia Component “id” SQL Injection

October 30th, 2012
Comments Off

Application: Joomla!
Affected Version: version 3.1 and prior versions.
Vendor’s URL: Commedia Component
Bug Type: SQL Injection
Risk Level: Critical

Solution:
Update to version 3.2.

Content Management, SQL Injection

WordPress Cimy User Manager Plugin “cimy_um_filename” Arbitrary File Disclosure

October 30th, 2012
Comments Off

Application: WordPress
Affected Version: version 1.4.2 and other versions.
Vendor’s URL: Cimy User Manager Plugin
Bug Type: File Disclosure
Risk Level: Critical

Solution:
No official solution is currently available.

Content Management, Information Disclosure

WordPress UnGallery Plugin “search” Arbitrary Command Execution

October 30th, 2012
Comments Off

Application: WordPress
Affected Version: version 2.1.5 and other versions.
Vendor’s URL: UnGallery Plugin
Bug Type: System access
Risk Level: Critical

Solution:
Update to version 2.1.6 or later.

Access Bypass, Content Management

Magento Unirgy uStoreLocator Extension SQL Injection

October 30th, 2012
Comments Off

Application: Magento
Affected Version: versions 2.0.0 and prior.
Vendor’s URL: Unirgy uStoreLocator Extension
Bug Type: SQL Injection
Risk Level: Critical

Solution:
Update to version 2.0.1 or later.

E-Commerce, SQL Injection

Joomla! Freestyle Support Component “prodid” SQL Injection

October 30th, 2012
Comments Off

Application: Joomla!
Affected Version: version 1.9.1.1400 and other versions.
Vendor’s URL: Freestyle Support Component
Bug Type: SQL Injection
Risk Level: Critical

Solution:
Update to version 1.9.2.1484.

Content Management, SQL Injection

WordPress Download Shortcode Plugin “file” Arbitrary File Disclosure

October 30th, 2012
Comments Off

Application: WordPress
Affected Version: version 0.1.
Vendor’s URL: Download Shortcode Plugin
Bug Type: File Disclosure
Risk Level: Critical

Solution:
Update to version 0.2.1.

Content Management, Information Disclosure

PBBoard “PowerBB_username” Cookie SQL Injection

October 30th, 2012
Comments Off

Application: PBBoard
Affected Version: version 3.0 and other versions.
Vendor’s URL: PBBoard
Bug Type: SQL Injection
Risk Level: Critical

Solution:
No official solution is currently available.

Discussion Boards, SQL Injection

WordPress Crayon Syntax Highlighter Plugin “wp_load” Remote File Inclusion Vulnerability

October 30th, 2012
Comments Off

Application: WordPress
Affected Version: version 1.12.1 and prior versions.
Vendor’s URL: Crayon Syntax Highlighter Plugin
Bug Type: File Inclusion
Risk Level: Critical

Solution:
Update to version 1.13.

Content Management, File Inclusion

WordPress eShop Magic Plugin “file” Arbitrary File Disclosure Vulnerability

October 30th, 2012
Comments Off

Application: WordPress
Affected Version: version 0.1.
Vendor’s URL: eShop Magic Plugin
Bug Type: File Disclosure
Risk Level: Critical

Solution:
Update to version 0.2.

Content Management, Information Disclosure

Drupal Basic webmail Module Multiple Vulnerabilities

October 30th, 2012
Comments Off

Application: Drupal
Affected Version: 6.x-1.x versions prior to 6.x-1.2.
Vendor’s URL: Basic webmail Module
Bug Type: Cross Site Scripting
Risk Level: Critical

Solution:
Update to version 6.x-1.2.

Content Management, Cross Site Scripting

Joomla! AceFTP Component Unspecified Directory Traversal Vulnerability

October 30th, 2012
Comments Off

Application: Joomla!
Affected Version: version 1.0.2 and prior versions.
Vendor’s URL: AceFTP Component
Bug Type:
Risk Level: Critical

Solution:
Upgrade to version 2.0.0.

Content Management

WordPress Pinterest “Pin It” Button Lite Plugin Multiple Unspecified Vulnerabilities

October 30th, 2012
Comments Off

Application: WordPress
Affected Version: versions prior to 1.4.0.
Vendor’s URL: Pinterest “Pin It” Button Lite Plugin
Bug Type: -
Risk Level: Critical

Solution:
Update to version 1.4.0.

Content Management

WordPress Spider Calendar Plugin Cross-Site Scripting and SQL Injection

October 30th, 2012
Comments Off

Application: WordPress
Affected Version: versions 1.0.1 and other versions.
Vendor’s URL: Spider Calendar Plugin
Bug Type: #1 Cross Site Scripting and #2 SQL Injection
Risk Level: Critical

Solution:
Update to version 1.1.0, which fixes vulnerability #2. No official solution is currently available for vulnerability #1.

Content Management, Cross Site Scripting, SQL Injection

Joomla! MijoFTP Component Unspecified Vulnerability

October 30th, 2012
Comments Off

Application: Joomla!
Affected Version: versions prior to 1.1.0.
Vendor’s URL: MijoFTP Component
Bug Type: System Access
Risk Level: Critical

Solution:
Update to version 1.1.0.

Access Bypass, Content Management