Archive

Archive for October, 2013

WordPress Gallery Bank Plugin Unspecified Vulnerabilities

October 31st, 2013
Comments Off

Application: WordPress
Affected Version: versions prior to 2.20.
Vendor’s URL: Gallery Bank Plugin
Bug Type:
Risk Level: Critical

Solution:
Update to version 2.20.

Content Management

Simple Machines Forum Multiple Vulnerabilities

October 31st, 2013
Comments Off

Application: Simple Machines Forum
Affected Version: versions prior to 2.0.6 and 1.1.19.
Vendor’s URL: Simple Machines Forum
Bug Type: System access
Risk Level: Critical

Solution:
Update to version 2.0.6 or 1.1.19.

Access Bypass, Discussion Boards

WordPress Quick Paypal Payments Plugin Two Script Insertion

October 31st, 2013
Comments Off

Application: WordPress
Affected Version: version 3.0 and other versions.
Vendor’s URL: Quick Paypal Payments Plugin
Bug Type: Cross Site Scripting
Risk Level: Critical

Solution:
No official solution is currently available.

Uncategorized

Drupal Simplenews Module Email Subscription API Script Insertion

October 31st, 2013
Comments Off

Application: Drupal
Affected Version: versions prior to 6.x-1.5 and prior to 7.x-1.1.
Vendor’s URL: Simplenews Module
Bug Type: Cross Site Scripting
Risk Level: Critical

Solution:
Update to version 6.x-1.5 or 7.x-1.1.

Content Management, Cross Site Scripting

Bilboplanet Cross-Site Scripting and SQL Injection

October 31st, 2013
Comments Off

Application: Bilboplanet
Affected Version: version 2.0 and other versions.
Vendor’s URL: Bilboplanet
Bug Type: Cross-Site Scripting and SQL Injection
Risk Level: Critical

Solution:
No official solution is currently available.

Content Management, Cross Site Scripting, SQL Injection

osCommerce “products_id” Script Insertion

October 31st, 2013
Comments Off

Application: osCommerce
Affected Version: version 2.3.3 and prior versions.
Vendor’s URL: osCommerce
Bug Type: Cross Site Scripting
Risk Level: Critical

Solution:
Update to version 2.3.3.1.

Cross Site Scripting, E-Commerce

WordPress Landing Pages Plugin “post” SQL Injection

October 31st, 2013
Comments Off

Application: WordPress
Affected Version: version 1.2.3 and prior versions.
Vendor’s URL: Landing Pages Plugin
Bug Type: SQL Injection
Risk Level: Critical

Solution:
Update to version 1.2.3 (10/09/13).

Content Management, SQL Injection

WordPress Quick Contact Form Plugin Two Script Insertion

October 31st, 2013
Comments Off

Application: WordPress
Affected Version: version 6.0 and prior versions.
Vendor’s URL: Quick Contact Form Plugin
Bug Type: Cross Site Scripting
Risk Level: Critical

Solution:
Update to version 6.1.

Uncategorized

WordPress SEO Watcher Plugin Open Flash Chart Arbitrary File Creation

October 31st, 2013
Comments Off

Application: WordPress
Affected Version: version 1.4 and other versions.
Vendor’s URL: SEO Watcher Plugin
Bug Type: File Creation
Risk Level: Critical

Solution:
No official solution is currently available.

Access Bypass, Content Management

WordPress WP-SlimStat-Ex Plugin Open Flash Chart Arbitrary File Creation

October 31st, 2013
Comments Off

Application: WordPress
Affected Version: version 2.1.2
Vendor’s URL: WP-SlimStat-Ex Plugin
Bug Type: System Access
Risk Level: Critical

Solution:
No official solution is currently available.

Access Bypass, Content Management