Archive

Archive for December, 2012

MyBB Transactions Plugin “transaction” SQL Injection

December 24th, 2012
Comments Off

Application: MyBB
Affected Version: version 2.0 and other versions.
Vendor’s URL: Transactions Plugin
Bug Type: SQL Injection
Risk Level: Critical

Solution:
No official solution is currently available.

Content Management, SQL Injection

Joomla! Virtuemart 2 Multiple Customfields Filter Module Unspecified Vulnerability

December 24th, 2012
Comments Off

Application: Joomla!
Affected Version: versions prior to 1.6.6.
Vendor’s URL: Virtuemart 2 Multiple Customfields Filter Module
Bug Type: -
Risk Level: Critical

Solution:
Update to version 1.6.6.

Content Management

MyBB DyMy User Agent Plugin “User-Agent” SQL Injection

December 24th, 2012
Comments Off

Application: MyBB
Affected Version: version 0.1.3 and other versions.
Vendor’s URL: DyMy User Agent Plugin
Bug Type: SQL Injection
Risk Level: Critical

Solution:
No official solution is currently available.

Discussion Boards, SQL Injection

MyBB MyYoutube Plugin Script Insertion and SQL Injection

December 24th, 2012
Comments Off

Application: MyBB
Affected Version: version 1.0 and other versions.
Vendor’s URL: MyYoutube Plugin
Bug Type: Cross-Site Scripting and SQL Injection
Risk Level: Critical

Solution:
No official solution is currently available.

Cross Site Scripting, Discussion Boards, SQL Injection

MyBB Facebook profile link on Postbit Plugin Script Insertion

December 24th, 2012
Comments Off

Application: MyBB
Affected Version: version 2.4
Vendor’s URL: Facebook profile link on Postbit Plugin
Bug Type: Cross-Site Scripting
Risk Level: Critical

Solution:
No official solution is currently available.

Content Management, Cross Site Scripting

WordPress Portable phpMyAdmin Plugin Security Bypass

December 24th, 2012
Comments Off

Application: WordPress
Affected Version: versions prior to 1.3.1.
Vendor’s URL: Portable phpMyAdmin Plugin
Bug Type: Security Bypass
Risk Level: Critical

Solution:
Update to version 1.3.1.

Access Bypass, Content Management

WordPress Floating Social Media Links Plugin “wpp” Remote File Inclusion

December 24th, 2012
Comments Off

Application: WordPress
Affected Version: version 1.4.2 and prior versions.
Vendor’s URL: Floating Social Media Links Plugin
Bug Type: File Inclusion
Risk Level: Critical

Solution:
Update to version 1.4.3.

Content Management, File Inclusion

Joomla! JooProperty Component Cross-Site Scripting and SQL Injection

December 24th, 2012
Comments Off

Application: Joomla!
Affected Version: version 1.13.0 and other versions.
Vendor’s URL: JooProperty Component
Bug Type: Cross-Site Scripting and SQL Injection
Risk Level:

Solution:
No official solution is currently available.

Content Management, Cross Site Scripting, SQL Injection

JSUpload “writeItemContent()” Arbitrary File Disclosure Vulnerability

December 24th, 2012
Comments Off

Application: JSUpload
Affected Version: versions prior to 0.6.5.
Vendor’s URL: JSUpload
Bug Type: File Disclosure
Risk Level: Critical

Solution:
Update to version 0.6.5.

Information Disclosure

MediaWiki Two Vulnerabilities

December 24th, 2012
Comments Off

Application: MediaWiki
Affected Version: versions prior to 1.18.6, 1.19.3, and 1.20.1.
Vendor’s URL: MediaWiki
Bug Type: Hijacking, DOS
Risk Level: Critical

Solution:
Update to version 1.18.6, 1.19.3, or 1.20.1.

Content Management, Denial Of Service

Joomla! sh404SEF Component Unspecified Vulnerability

December 24th, 2012
Comments Off

Application: Joomla!
Affected Version: versions 3.4.x, 3.5.x, and 3.6.x.
Vendor’s URL: sh404SEF Component
Bug Type: -
Risk Level: Critical

Solution:
Update to version 3.7.0 (build 1485).

Content Management