Archive

Archive for August, 2013

WordPress A Forms Plugin Cross-Site Request Forgery and Form Field Script Insertion

August 26th, 2013
Comments Off

Application: WordPress
Affected Version: version 1.4.1 and prior versions.
Vendor’s URL: A Forms Plugin
Bug Type: Cross-Site Scripting
Risk Level: Medium

Solution:
Update to version 1.4.2.

Content Management, Cross Site Scripting

WordPress All-in-One Event Calendar Plugin Script Insertion and SQL Injection

August 26th, 2013
Comments Off

Application: WordPress
Affected Version: version 1.9 and other versions.
Vendor’s URL: All-in-One Event Calendar Plugin
Bug Type: Cross Site Scripting and SQL Injection
Risk Level: Critical

Solution:
Update to version 1.10.

Content Management, Cross Site Scripting, SQL Injection

Joomla! redSHOP Component “pid” SQL Injection

August 26th, 2013
Comments Off

Application: Joomla!
Affected Version: version 1.2 and prior versions.
Vendor’s URL: redSHOP Component
Bug Type: SQL Injection
Risk Level: Critical

Solution:
Update to version 1.3.

Content Management, SQL Injection

Drupal RESTful Web Services Module Two Security Bypass

August 26th, 2013
Comments Off

Application: Drupal
Affected Version: 7.x-1.x versions prior to 7.x-1.4 and the 7.x-2.x versions prior to 7.x-2.1.
Vendor’s URL: RESTful Web Services Module
Bug Type: Security Bypass
Risk Level: Critical

Solution:
Update to a fixed version.

Access Bypass, Content Management

SocialEngine Timeline Plugin Arbitrary File Upload

August 26th, 2013
Comments Off

Application: SocialEngine
Affected Version: version 4.2.5p9 and other versions.
Vendor’s URL: Timeline Plugin
Bug Type: File Upload
Risk Level: Critical

Solution:
Update to version 4.6.0.

Content Management, File Inclusion

Joomla! Jomres Component Script Insertion and SQL Injection

August 26th, 2013
Comments Off

Application: Joomla!
Affected Version: version 7.3.0 and other versions.
Vendor’s URL: Jomres Component
Bug Type: Cross Site Scripting and SQL Injection
Risk Level: Critical

Solution:
Update to version 7.3.1.

Content Management, Cross Site Scripting, SQL Injection

Joomla! SectionEx Component Two SQL Injection

August 26th, 2013
Comments Off

Application: Joomla!
Affected Version: versions prior to 2.5.104.
Vendor’s URL: SectionEx Component
Bug Type: SQL Injection
Risk Level: Critical

Solution:
Update to version 2.5.104.

Content Management, SQL Injection

Joomla! “lang” Cross-Site Scripting

August 26th, 2013
Comments Off

Application: Joomla!
Affected Version: versions 3.1.4 and 3.1.5.
Vendor’s URL: Joomla!
Bug Type: Cross-Site Scripting
Risk Level: Critical

Solution:
Fixed in the git repository.

Content Management, Cross Site Scripting

WordPress Chat Plugin “message” Script Insertion

August 26th, 2013
Comments Off

Application: WordPress
Affected Version: version 1.0.8 and prior versions.
Vendor’s URL: Chat Plugin
Bug Type: Cross Site Scripting
Risk Level: Medium

Solution:
Update to version 1.0.8.1.

Content Management, Cross Site Scripting

Joomla! Arbitrary File Upload

August 26th, 2013
Comments Off

Application: Joomla!
Affected Version: version 3.1.4 and versions prior to 2.5.14 and 3.1.5.
Vendor’s URL: Joomla!
Bug Type: File Upload
Risk Level: Critical

Solution:
Update to version 2.5.14 or 3.1.5.

Content Management, File Inclusion

WordPress BulletProof Security Plugin Security Log Script Insertion

August 26th, 2013
Comments Off

Application: WordPress
Affected Version: version .48.9 and other versions.
Vendor’s URL: BulletProof Security Plugin
Bug Type: Cross Site Scripting
Risk Level: Medium

Solution:
Update to version .49.

Content Management, Cross Site Scripting

Cotonti “c” SQL Injection

August 26th, 2013
Comments Off

Application: Cotonti
Affected Version: version 0.9.13 and prior versions.
Vendor’s URL: Cotonti
Bug Type: SQL Injection
Risk Level: Critical

Solution:
Update to version 0.9.14.

Content Management, SQL Injection

WordPress Better WP Security Plugin 404 Error Log Script Insertion

August 26th, 2013
Comments Off

Application: WordPress
Affected Version: versions prior to 3.5.4.
Vendor’s URL: Better WP Security Plugin
Bug Type: Cross Site Scripting
Risk Level: Critical

Solution:
Update to version 3.5.4.

Content Management, Cross Site Scripting

Joomla! VirtueMart Component Two Cross-Site Scripting and SQL Injection

August 26th, 2013
Comments Off

Application: Joomla!
Affected Version: versions prior to 2.0.22b.
Vendor’s URL: VirtueMart Component
Bug Type: Cross-Site Scripting and SQL Injection
Risk Level: Critical

Solution:
Update to version 2.0.22b.

Cross Site Scripting, E-Commerce, SQL Injection