Archive

Archive for February, 2014

Joomla! Multiple Vulnerabilities

February 28th, 2014
Comments Off

Application: Joomla!
Affected Version: versions 2.5.18, 3.2.1 and 3.2.2
Vendor’s URL: Joomla!
Bug Type: Security Bypass, Cross Site Scripting, SQL Injection
Risk Level: Critical

Solution:
Update to version 2.5.19 or 3.2.3.

Access Bypass, Content Management, Cross Site Scripting, SQL Injection

WordPress Search Everything Plugin SQL Injection

February 28th, 2014
Comments Off

Application: WordPress
Affected Version: version 7.0.2 and prior versions.
Vendor’s URL: Search Everything Plugin
Bug Type: SQL Injection
Risk Level: Critical

Solution:
Update to version 7.0.3 or later.

Content Management, SQL Injection

Drupal Slickgrid Module Security Bypass Security Issue

February 28th, 2014
Comments Off

Application: Drupal
Affected Version: 7.x-1.x versions prior to 7.x-2.0.
Vendor’s URL: Slickgrid Module
Bug Type: Security Bypass
Risk Level: Critical

Solution:
Update to version 7.x-2.0.

Access Bypass, Content Management

WordPress AdRotate Plugin “track” SQL Injection

February 28th, 2014
Comments Off

Application: WordPress
Affected Version: AdRotate Free version 3.9.4 and reported in AdRotate Pro versions prior to 3.9.6.
Vendor’s URL: AdRotate Plugin
Bug Type: SQL Injection
Risk Level: Critical

Solution:
Update to a fixed version.

Content Management, SQL Injection

WordPress BuddyPress Plugin Script Insertion and Security Bypass

February 28th, 2014
Comments Off

Application: WordPress
Affected Version: version 1.9.1 and prior versions.
Vendor’s URL: BuddyPress Plugin
Bug Type: Script Insertion and Security Bypass
Risk Level: Critical

Solution:
Update to version 1.9.2.

Access Bypass, Content Management, Cross Site Scripting

WordPress Kiddo Theme “uploadify.php” Arbitrary File Upload

February 28th, 2014
Comments Off

Application: WordPress
Affected Version:
Vendor’s URL: Kiddo Theme
Bug Type: File Upload
Risk Level: Critical

Solution:
No official solution is currently available.

Content Management, File Inclusion

Zabbix API User Spoofing and Security Bypass

February 28th, 2014
Comments Off

Application: Zabbix
Affected Version: versions prior to 2.0.11 and 2.2.2.
Vendor’s URL: Zabbix
Bug Type: User Spoofing and Security Bypass
Risk Level: Critical

Solution:
Update to version 2.0.11 or 2.2.2.

Access Bypass

Drupal Services Module Security Bypass

February 28th, 2014
Comments Off

Application: Drupal
Affected Version: 7.x-1.x versions prior to 7.x-3.7.
Vendor’s URL: Drupal Services Module
Bug Type: Security Bypass
Risk Level: Critical

Solution:
Update to version 7.x-3.7.

Access Bypass, Content Management

Joomla! PROJOOM Smart Flash Header Component Arbitrary File Upload

February 28th, 2014
Comments Off

Application: Joomla!
Affected Version: versions prior to 3.0.3.
Vendor’s URL: PROJOOM Smart Flash Header Component
Bug Type: File Upload
Risk Level: Critical

Solution:
Update to version 3.0.3.

Content Management, File Inclusion

MyBB “keywords” Cross-Site Scripting

February 28th, 2014
Comments Off

Application: MyBB
Affected Version: version 1.6.12 and other versions.
Vendor’s URL: MyBB
Bug Type: Cross-Site Scripting
Risk Level: Critical

Solution:
No official solution is currently available.

Cross Site Scripting, Discussion Boards

ImpressCMS “image_path” Arbitrary File Deletion

February 28th, 2014
Comments Off

Application: ImpressCMS
Affected Version: versions 1.3.5, 1.3.6, and 1.3.6.1 and other versions.
Vendor’s URL: ImpressCMS
Bug Type: File Deletion
Risk Level: Critical

Solution:
The vendor has released a fix in version 1.3.6, however, the fix is only partially effective. No official solution is currently available.

Access Bypass, Content Management

Joomla! Music Collection Component Unspecified Vulnerability

February 28th, 2014
Comments Off

Application: Joomla!
Affected Version: version 2.4.0 and prior versions.
Vendor’s URL: Music Collection Component
Bug Type:
Risk Level: Critical

Solution:
Update to version 2.4.1.

Content Management

Joomla! JV Comment Component “id” SQL Injection

February 28th, 2014
Comments Off

Application: Joomla!
Affected Version: version 3.0.2 and prior versions
Vendor’s URL: JV Comment Component
Bug Type: SQL Injection
Risk Level: Critical

Solution:
Update to version 3.0.3.

Content Management, SQL Injection