Archive

Archive for December, 2013

InstantCMS “orderby” SQL Injection

December 30th, 2013
Comments Off

Application: InstantCMS
Affected Version: versions 1.10.3 and prior.
Vendor’s URL: InstantCMS
Bug Type: SQL Injection
Risk Level: Critical

Solution:
Apply patch.

Content Management, SQL Injection

WordPress FormCraft Plugin “id” SQL Injection

December 30th, 2013
Comments Off

Application: WordPress
Affected Version: version 1.3 and other versions.
Vendor’s URL: FormCraft Plugin
Bug Type: SQL Injection
Risk Level: Critical

Solution:
No official solution is currently available.

Content Management, SQL Injection

WordPress Download Manager Plugin “file[title]” Script Insertion

December 30th, 2013
Comments Off

Application: WordPress
Affected Version: version 2.5.8 and other versions.
Vendor’s URL: Download Manager Plugin
Bug Type: Cross Site Scripting
Risk Level: Critical

Solution:
No official solution is currently available.

Content Management, Cross Site Scripting

WordPress Blooog Theme jPlayer Cross-Site Scripting

December 30th, 2013
Comments Off

Application: WordPress
Affected Version:
Vendor’s URL: Blooog Theme jPlayer
Bug Type: Cross-Site Scripting
Risk Level: Critical

Solution:
No official solution is currently available.

Content Management, Cross Site Scripting

CMS Made Simple “handler” Script Insertion

December 30th, 2013
Comments Off

Application: CMS Made Simple
Affected Version: version 1.11.9 and other versions.
Vendor’s URL: CMS Made Simple
Bug Type: Cross Site Scripting
Risk Level: Critical

Solution:
No official solution is currently available.

Content Management, Cross Site Scripting

WordPress JS Hotel Plugin “roomid” Cross-Site Scripting

December 30th, 2013
Comments Off

Application: WordPress
Affected Version: version 2.2.1 and other versions
Vendor’s URL: JS Hotel Plugin
Bug Type: Cross-Site Scripting
Risk Level: Critical

Solution:
No official solution is currently available.

Content Management, Cross Site Scripting

WordPress S3 Video Plugin “base” Cross-Site Scripting

December 30th, 2013
Comments Off

Application: WordPress
Affected Version: versions prior to 0.983.
Vendor’s URL: S3 Video Plugin
Bug Type: Cross-Site Scripting
Risk Level: Critical

Solution:
Update to version 0.983.

Content Management, Cross Site Scripting

WordPress Broken Link Checker Plugin Two Cross-Site Scripting

December 30th, 2013
Comments Off

Application: WordPress
Affected Version: versions prior to 1.9.2.
Vendor’s URL: Broken Link Checker Plugin
Bug Type: Cross-Site Scripting
Risk Level: Critical

Solution:
Update to version 1.9.2.

Content Management, Cross Site Scripting

WordPress OptimizePress Plugin Arbitrary File Upload

December 30th, 2013
Comments Off

Application: WordPress
Affected Version: versions prior to 1.6.
Vendor’s URL: OptimizePress Plugin
Bug Type: File Upload
Risk Level: Critical

Solution:
Update to version 1.6.

Content Management, File Inclusion

WordPress Advanced Dewplayer Plugin download-file.php Access Bypass

December 30th, 2013
Comments Off

Application: WordPress
Affected Version: version 1.2 and other versions.
Vendor’s URL: Advanced Dewplayer Plugin
Bug Type: Access Bypass
Risk Level: Critical

Solution:
No official solution is currently available.

Access Bypass, Content Management

MyBB Cross-Site Scripting and SQL Injection

December 30th, 2013
Comments Off

Application: MyBB
Affected Version: versions prior to 1.6.12.
Vendor’s URL: MyBB
Bug Type: Cross-Site Scripting and SQL Injection
Risk Level: Critical

Solution:
Update to version 1.6.12.

Cross Site Scripting, Discussion Boards, SQL Injection

WordPress Recommend to a friend Plugin “current_url” Cross-Site Scripting

December 30th, 2013
Comments Off

Application: WordPress
Affected Version: version 2.0.2 and other versions.
Vendor’s URL: Recommend to a friend Plugin
Bug Type: Cross-Site Scripting
Risk Level: Critical

Solution:
No official solution is currently available.

Content Management, Cross Site Scripting