Archive

Archive for September, 2013

glFusion “cat_id” SQL Injection

September 30th, 2013
Comments Off

Application: glFusion
Affected Version: version 1.3.0 and prior versions.
Vendor’s URL: glFusion
Bug Type: SQL Injection
Risk Level: Critical

Solution:
Update to version 1.3.1.

Content Management, SQL Injection

WordPress Design Approval System Plugin “step” Cross-Site Scripting

September 30th, 2013
Comments Off

Application: WordPress
Affected Version: versions prior to 3.7
Vendor’s URL: Design Approval System Plugin
Bug Type: Cross-Site Scripting
Risk Level: Critical

Solution:
Update to version 3.7.

Content Management, Cross Site Scripting

MediaWiki CentralAuth Extension Authentication Bypass

September 30th, 2013
Comments Off

Application: MediaWiki
Affected Version: versions prior to 11.38.2.6 and 11.39.0.15.
Vendor’s URL: CentralAuth Extension
Bug Type: Security Bypass
Risk Level: Critical

Solution:
Update to a fixed version.

Access Bypass, Content Management

WordPress Simple Login Registration Plugin “username” Cross-Site Scripting

September 30th, 2013
Comments Off

Application: WordPress
Affected Version: version 1.0.1 and other versions.
Vendor’s URL: Simple Login Registration Plugin
Bug Type: Cross-Site Scripting
Risk Level: Critical

Solution:
No official solution is currently available.

Content Management, Cross Site Scripting

WordPress VideoWhisper Live Streaming Integration Plugin Two Script Insertion

September 30th, 2013
Comments Off

Application: WordPress
Affected Version: version 4.25.3 and other versions.
Vendor’s URL: VideoWhisper Live Streaming Integration Plugin
Bug Type: Cross Site Scripting
Risk Level: Critical

Solution:
No official solution is currently available.

Content Management, Cross Site Scripting

WordPress Complete Gallery Manager Plugin Arbitrary File Upload

September 30th, 2013
Comments Off

Application: WordPress
Affected Version: version 3.3.3 and other versions.
Vendor’s URL: Complete Gallery Manager Plugin
Bug Type: File Upload
Risk Level: Critical

Solution:
No official solution is currently available.

Content Management, File Inclusion

WordPress Simple Dropbox Upload Plugin Arbitrary File Upload

September 30th, 2013
Comments Off

Application: WordPress
Affected Version: version 1.8.8 and other versions.
Vendor’s URL: Simple Dropbox Upload Plugin
Bug Type: File Upload
Risk Level: Critical

Solution:
No official solution is currently available.

Content Management, File Inclusion

WordPress Multiple Vulnerabilities

September 30th, 2013
Comments Off

Application: WordPress
Affected Version: version 3.6 and prior versions.
Vendor’s URL: WordPress
Bug Type: Security Bypass, Cross Site Scripting, Spoofing, System access
Risk Level: Critical

Solution:
Update to version 3.6.1.

Access Bypass, Content Management, Cross Site Scripting

AspxCommerce Logo Module Arbitrary File Upload

September 30th, 2013
Comments Off

Application: AspxCommerce
Affected Version: version 2.0 and other versions.
Vendor’s URL: Logo Module
Bug Type: File Upload
Risk Level: Critical

Solution:
No official solution is currently available.

E-Commerce, File Inclusion