Application: Joomla Jom Comment Component
Affected Version: version 2.0 and other versions.
Vendor’s URL: Joomla Jom Comment Component
Bug Type: SQL Injection
Risk Level: Critical
Solution:
Update to version 2.2.
Archive for the 'Applications' Category
Joomla Jom Comment Component Unspecified SQL Injection
Published by April 18th, 2008 in Content Management and SQL Injection.WordPress WP-Download Plugin SQL Injection
Published by April 18th, 2008 in Content Management and SQL Injection.Application: WordPress WP-Download Plugin
Affected Version: 1.2 and other versions.
Vendor’s URL: WordPress WP-Download Plugin
Bug Type: SQL Injection
Risk Level: Critical
Solution:
Update to version 1.2.1.
Application: AuraCMS
Affected Version: 2.2.1 and other versions.
Vendor’s URL: AuraCMS
Bug Type: SQL Injection
Risk Level: Critical
Solution:
Edit the source code to ensure that input is properly sanitized.
Application: Simple Gallery
Affected Version: 2.2 and other versions.
Vendor’s URL: Simple Gallery
Bug Type: Cross Site Scripting
Risk Level: Medium
Solution:
Edit the source code to ensure that input is properly sanitized.
Drupal Webform Module Unspecified Script Insertion
Published by April 18th, 2008 in Content Management.Application: Drupal Webform Module
Affected Version: prior to version 5.x-1.10.
Vendor’s URL: Drupal Webform Module
Bug Type: Script Insertion
Risk Level: Critical
Solution:
Update to version 5.x-1.10.
Application: PHP Photo Gallery
Affected Version:
Vendor’s URL: PHP Photo Gallery
Bug Type: SQL Injection
Risk Level: Critical
Solution:
Edit the source code to ensure that input is properly sanitized.
Wikepage Information Disclosure
Published by April 18th, 2008 in Content Management and Information Disclosure.Application: Wikepage
Affected Version: version Opus 13 2007.2 and other versions.
Vendor’s URL: Wikepage
Bug Type: Information Disclosure
Risk Level: Medium
Solution:
Edit the source code to ensure that input is properly sanitized.
Drupal Menu System Security Bypass
Published by April 18th, 2008 in Access Bypass and Content Management.Application: Drupal Menu System
Affected Version: 6.2 and prior versions.
Vendor’s URL: Drupal Menu System
Bug Type: Security Bypass
Risk Level: Critical
Solution:
Update to Drupal 6.2 or apply patch.
Gallery Script Lite Information Disclosure
Published by April 18th, 2008 in Image Galleries and Information Disclosure.Application: Gallery Script Lite
Affected Version:
Vendor’s URL: Gallery Script Lite
Bug Type: Information Disclosure
Risk Level: Critical
Solution:
Edit the source code to ensure that input is properly sanitized.
Drupal Simple Access Module Security Bypass
Published by April 18th, 2008 in Access Bypass and Content Management.Application: Drupal Simple Access Module
Affected Version: 5.x-1.2-2 and prior versions.
Vendor’s URL: Drupal Simple Access Module
Bug Type: Access bypass
Risk Level: Critical
Solution:
Update to version 5.x-1.3.
KwsPHP ConcoursPhoto Module SQL Injection
Published by April 18th, 2008 in Image Galleries and SQL Injection.Application: KwsPHP ConcoursPhoto Module
Affected Version: 2.0 and prior version.
Vendor’s URL: KwsPHP ConcoursPhoto Module
Bug Type: SQL Injection
Risk Level: Critical
Solution:
Update to version 2.1.
Coppermine Photo Gallery SQL Injection
Published by April 18th, 2008 in Image Galleries and SQL Injection.Application: Coppermine Photo Gallery
Affected Version: 1.4.16 and other versions.
Vendor’s URL: Coppermine Photo Gallery
Bug Type: SQL Injection
Risk Level: Critical
Solution:
Update to version 1.4.17.
1024 CMS SQL Injection and File Inclusion
Published by April 18th, 2008 in Content Management, File Inclusion and SQL Injection.Application: 1024 CMS
Affected Version: 1.4.1 and other versions.
Vendor’s URL: 1024 CMS
Bug Type: SQL Injection, File Inclusion
Risk Level: Critical
Solution:
Edit the source code to ensure that input is properly sanitized and verified.
cpCommerce Multiple Vulnerabilities
Published by April 18th, 2008 in Cross Site Scripting, E-Commerce and SQL Injection.Application: cpCommerce
Affected Version: 1.1.0 and other versions.
Vendor’s URL: cpCommerce
Bug Type: Cross Site Scripting and SQL injection
Risk Level: Critical
Solution:
Edit the source code to ensure that input is properly sanitized and verified.
Coppermine Photo Gallery SQL Injection
Published by April 18th, 2008 in Image Galleries and SQL Injection.Application: Coppermine Photo Gallery
Affected Version: 1.4.17 and other versions.
Vendor’s URL: Coppermine Photo Gallery
Bug Type: SQL Injection
Risk Level: Critical
Solution:
Update to version 1.4.18.
phpBB Security Bypass Vulnerabilities
Published by April 18th, 2008 in Access Bypass and Discussion Boards.Application: phpBB
Affected Version: 3.0.0.
Vendor’s URL: phpBB
Bug Type: Access Bypass
Risk Level: Critical
Solution:
Update to version 3.0.1.
Application: CubeCart
Affected Version: 4.2.1 and other versions.
Vendor’s URL: CubeCart
Bug Type: Cross Site Scripting
Risk Level: Medium
Solution:
Edit the source code to ensure that input is properly sanitized.
RunCMS Photo Module SQL Injection
Published by April 18th, 2008 in Content Management and SQL Injection.Application: RunCMS Photo Module
Affected Version: 3.02 and other versions.
Vendor’s URL: RunCMS Photo Module
Bug Type: SQL Injection
Risk Level: Critical
Solution:
Edit the source code to ensure that input is properly sanitized.
e107 my_gallery Plugin Information Disclosure
Published by April 18th, 2008 in Image Galleries and Information Disclosure.Application: e107 my_gallery Plugin
Affected Version: 2.3 and other versions.
Vendor’s URL: e107 my_gallery
Bug Type: Information Disclosure
Risk Level: Critical
Solution:
Edit the source code to ensure that input is properly sanitized.
Application: Photo Cart
Affected Version: 4.1 and other versions.
Vendor’s URL: Photo Cart
Bug Type: Cross Site Scripting
Risk Level: Medium
Solution:
Apply patch. http://www.picturespro.com/sp/
