Archive

Archive for February, 2013

CubeCart “unserialize()” Configuration Manipulation Vulnerability

February 26th, 2013
Comments Off

Application: CubeCart
Affected Version: version 5.2.0 and prior versions.
Vendor’s URL: CubeCart
Bug Type: Security Bypass
Risk Level: Critical

Solution:
Update to version 5.2.1.

Access Bypass, E-Commerce

WordPress WP ecommerce Shop Styling Plugin “dompdf” Remote File Inclusion Vulnerability

February 26th, 2013
Comments Off

Application: WordPress
Affected Version: version 1.7.2 and other versions.
Vendor’s URL: WP ecommerce Shop Styling Plugin
Bug Type: File Inclusion
Risk Level: Critical

Solution:
Update to version 1.8.

Content Management, File Inclusion

Joomla! Multiple Information Disclosure Vulnerabilities

February 26th, 2013
Comments Off

Application: Joomla!
Affected Version: 3.0.x versions prior to 3.0.3.
Vendor’s URL: Joomla!
Bug Type: Information Disclosure
Risk Level: Critical

Solution:
Update to version 2.5.9 or 3.0.3.

Content Management, Information Disclosure

WordPress Gallery Plugin “load” Remote File Inclusion Vulnerability

February 26th, 2013
Comments Off

Application: WordPress
Affected Version: version 1.4 and other versions.
Vendor’s URL: Gallery Plugin
Bug Type: Critical
Risk Level: File Inclusion

Solution:
No official solution is currently available.

Content Management, File Inclusion

WordPress Mingle Forum Plugin Cross-Site Scripting and SQL Injection

February 26th, 2013
Comments Off

Application: WordPress
Affected Version: version 1.0.33.3 and prior versions.
Vendor’s URL: Mingle Forum Plugin
Bug Type: Cross-Site Scripting and SQL Injection
Risk Level: Critical

Solution:
Update to version 1.0.34.

Content Management, Cross Site Scripting, SQL Injection

PHP-Fusion Two SQL Injection Vulnerabilities

February 26th, 2013
Comments Off

Application: PHP-Fusion
Affected Version: version 7.02.05 and other versions.
Vendor’s URL: PHP-Fusion
Bug Type: SQL injection
Risk Level: Critical

Solution:
Update to version 7.02.06.

Content Management, SQL Injection