Archive

Archive for November, 2012

Joomla! jNews Component Open Flash Chart Arbitrary File Creation

November 26th, 2012
Comments Off

Application: Joomla!
Affected Version: versions prior to 7.9.1.
Vendor’s URL: jNews Component Open Flash Chart
Bug Type: System Bypass
Risk Level: Critical

Solution:
Update to version 7.9.1.

Access Bypass, Content Management

WordPress vTiger CRM Lead Capture Plugin Unspecified Vulnerability

November 26th, 2012
Comments Off

Application: WordPress
Affected Version: version 1.0
Vendor’s URL: vTiger CRM Lead Capture Plugin
Bug Type:
Risk Level: Critical

Solution:
Update to version 1.1.0.

Content Management

DotNetNuke Multiple Vulnerabilities

November 26th, 2012
Comments Off

Application: DotNetNuke
Affected Version: versions prior to 6.2.5.
Vendor’s URL: DotNetNuke
Bug Type: Security Bypass, Cross Site Scripting
Risk Level:

Solution:
Update to version 6.2.5.

Access Bypass, Content Management, Cross Site Scripting

Drupal User Read-Only Module Security Bypass Security

November 26th, 2012
Comments Off

Application: Drupal
Affected Version: 6.x-1.x versions prior to 6.x-1.4 and 7.x-1.x versions prior to 7.x-1.4.
Vendor’s URL: User Read-Only Module
Bug Type: Security Bypass
Risk Level: Critical

Solution:
Update to a fixed version.

Access Bypass, Content Management

WordPress Advanced Custom Fields Plugin “acf_abspath” Remote File Inclusion

November 26th, 2012
Comments Off

Application: WordPress
Affected Version: version 3.5.1 and prior versions.
Vendor’s URL: Advanced Custom Fields Plugin
Bug Type: File Inclusion
Risk Level: Critical

Solution:
Update to version 3.5.2.

Content Management, File Inclusion

Moodle Multiple Vulnerabilities

November 26th, 2012
Comments Off

Application: Moodle
Affected Version: versions prior to 2.3.3, 2.2.6, and 2.1.9.
Vendor’s URL: Moodle
Bug Type: Security Bypass, Cross Site Scripting, SQL Injection
Risk Level: Critical

Solution:
Update to version 2.3.3, 2.2.6, or 2.1.9.

Access Bypass, Content Management, Cross Site Scripting, SQL Injection

WordPress WP-Filebase Plugin Unspecified Vulnerabilities

November 26th, 2012
Comments Off

Application: WordPress
Affected Version: version 0.2.9.24 and prior versions.
Vendor’s URL: WP-Filebase Plugin
Bug Type: -
Risk Level: Critical

Solution:
Update to version 0.2.9.25.

Content Management

Eventy Cross-Site Scripting and SQL Injection

November 26th, 2012
Comments Off

Application: Eventy
Affected Version: version 1.8 and other versions.
Vendor’s URL: Eventy
Bug Type: Cross-Site Scripting and SQL Injection
Risk Level: Critical

Solution:
No official solution is currently available.

Content Management, Cross Site Scripting, SQL Injection

PrestaShop “message” Script Insertion

November 26th, 2012
Comments Off

Application: PrestaShop
Affected Version: version 1.5.1 and prior versions.
Vendor’s URL: PrestaShop
Bug Type: Cross Site Scripting
Risk Level: Critical

Solution:
Update to version 1.5.2.

Cross Site Scripting, E-Commerce

WordPress Hitasoft FLV Player Plugin “id” SQL Injection

November 26th, 2012
Comments Off

Application: WordPress
Affected Version: version 1.1 and other versions.
Vendor’s URL: Hitasoft FLV Player Plugin
Bug Type: SQL Injection
Risk Level: Critical

Solution:
No official solution is currently available.

Content Management, SQL Injection

WordPress AJAX Post Search Plugin SQL Injection

November 26th, 2012
Comments Off

Application: WordPress
Affected Version: version 1.1 and other versions.
Vendor’s URL: AJAX Post Search Plugin
Bug Type: SQL Injection
Risk Level: Critical

Solution:
Update to version 1.3.

Content Management, SQL Injection

WordPress All Video Gallery Plugin Multiple SQL Injection

November 26th, 2012
Comments Off

Application: WordPress
Affected Version: version 1.1 published prior to 2012-11-02 and prior versions.
Vendor’s URL: All Video Gallery Plugin
Bug Type: SQL Injection
Risk Level: Critical

Solution:
Update to version 1.1 published after 2012-11-01.

Content Management, SQL Injection

WordPress Spider Catalog Plugin Two Script Insertion

November 26th, 2012
Comments Off

Application: WordPress
Affected Version: version 1.1 and other versions.
Vendor’s URL: Spider Catalog Plugin
Bug Type: Cross Site Scripting
Risk Level: Critical

Solution:
No official solution is currently available.

Content Management, Cross Site Scripting

MyBB Follower User Plugin “usid” SQL Injection

November 26th, 2012
Comments Off

Application: MyBB
Affected Version: version 1.5 and other versions.
Vendor’s URL: Follower User Plugin
Bug Type: SQL Injection
Risk Level: Critical

Solution:
No official solution is currently available.

Discussion Boards, SQL Injection

Joomla! Spider Catalog Component “product_id” SQL Injection

November 26th, 2012
Comments Off

Application: Joomla!
Affected Version: version 1.1 and other versions.
Vendor’s URL: Spider Catalog Component
Bug Type: SQL Injection
Risk Level: Critical

Solution:
No official solution is currently available.

Content Management, SQL Injection

Plone Multiple Vulnerabilities

November 26th, 2012
Comments Off

Application: Plone
Affected Version: Plone 2.x, 3.x, 4.x.
Vendor’s URL: Plone
Bug Type: Security Bypass, Cross Site Scripting, DOS, Brute force, System Access
Risk Level: Critical

Solution:
Apply patches.

Access Bypass, Content Management, Cross Site Scripting, Denial Of Service