Categories

Applications (151)
Blogs (3)
Content Management (101)
Customer Relationship (2)
Discussion Boards (19)
E-Commerce (8)
General Purpose Directories (1)
Image Galleries (15)
Mailing Lists (1)
Tips (3)
Vulnerabilities (249)
Access Bypass (42)
Cross Site Scripting (94)
Denial Of Service (2)
File Inclusion (40)
Information Disclosure (13)
Privilege Escalation (2)
Remote Command Execution (12)
Session Hijacking (1)
SQL Injection (84)

Archive for the 'Content Management' Category

Joomla Jom Comment Component Unspecified SQL Injection

Published by TL Guan April 18th, 2008 in Content Management and SQL Injection.

Application: Joomla Jom Comment Component
Affected Version: version 2.0 and other versions.
Vendor’s URL: Joomla Jom Comment Component
Bug Type: SQL Injection
Risk Level: Critical

Solution:
Update to version 2.2.

WordPress WP-Download Plugin SQL Injection

Published by TL Guan April 18th, 2008 in Content Management and SQL Injection.

Application: WordPress WP-Download Plugin
Affected Version: 1.2 and other versions.
Vendor’s URL: WordPress WP-Download Plugin
Bug Type: SQL Injection
Risk Level: Critical

Solution:
Update to version 1.2.1.

AuraCMS SQL Injection

Published by TL Guan April 18th, 2008 in Content Management and SQL Injection.

Application: AuraCMS
Affected Version: 2.2.1 and other versions.
Vendor’s URL: AuraCMS
Bug Type: SQL Injection
Risk Level: Critical

Solution:
Edit the source code to ensure that input is properly sanitized.

Drupal Webform Module Unspecified Script Insertion

Published by TL Guan April 18th, 2008 in Content Management.

Application: Drupal Webform Module
Affected Version: prior to version 5.x-1.10.
Vendor’s URL: Drupal Webform Module
Bug Type: Script Insertion
Risk Level: Critical

Solution:
Update to version 5.x-1.10.

Wikepage Information Disclosure

Published by TL Guan April 18th, 2008 in Content Management and Information Disclosure.

Application: Wikepage
Affected Version: version Opus 13 2007.2 and other versions.
Vendor’s URL: Wikepage
Bug Type: Information Disclosure
Risk Level: Medium

Solution:
Edit the source code to ensure that input is properly sanitized.

Drupal Menu System Security Bypass

Published by TL Guan April 18th, 2008 in Access Bypass and Content Management.

Application: Drupal Menu System
Affected Version: 6.2 and prior versions.
Vendor’s URL: Drupal Menu System
Bug Type: Security Bypass
Risk Level: Critical

Solution:
Update to Drupal 6.2 or apply patch.

Drupal Simple Access Module Security Bypass

Published by TL Guan April 18th, 2008 in Access Bypass and Content Management.

Application: Drupal Simple Access Module
Affected Version: 5.x-1.2-2 and prior versions.
Vendor’s URL: Drupal Simple Access Module
Bug Type: Access bypass
Risk Level: Critical

Solution:
Update to version 5.x-1.3.

1024 CMS SQL Injection and File Inclusion

Published by TL Guan April 18th, 2008 in Content Management, File Inclusion and SQL Injection.

Application: 1024 CMS
Affected Version: 1.4.1 and other versions.
Vendor’s URL: 1024 CMS
Bug Type: SQL Injection, File Inclusion
Risk Level: Critical

Solution:
Edit the source code to ensure that input is properly sanitized and verified.

RunCMS Photo Module SQL Injection

Published by TL Guan April 18th, 2008 in Content Management and SQL Injection.

Application: RunCMS Photo Module
Affected Version: 3.02 and other versions.
Vendor’s URL: RunCMS Photo Module
Bug Type: SQL Injection
Risk Level: Critical

Solution:
Edit the source code to ensure that input is properly sanitized.

Joomla rekry!Joom Component SQL Injection

Published by TL Guan April 18th, 2008 in Content Management and SQL Injection.

Application: Joomla rekry!Joom Component
Affected Version: 1.0.0 and other versions.
Vendor’s URL: Joomla rekry!Joom Component
Bug Type: SQL Injection
Risk Level: Critical

Solution:
Edit the source code to ensure that input is properly sanitized.

Joomla Custompages Component File Inclusion

Published by TL Guan April 18th, 2008 in Access Bypass, Content Management and File Inclusion.

Application: Joomla
Affected Version: 1.1 and other versions.
Vendor’s URL: Joomla Custompages Component
Bug Type: access bypass, file inclusion
Risk Level: Critical

Solution:
Edit the source code to ensure that input is properly verified.

Joomla Alberghi Component “id” SQL Injection

Published by TL Guan March 21st, 2008 in Content Management and SQL Injection.

Application: Joomla Alberghi Component
Affected Version: 2.1.3 SR and other version.
Vendor’s URL: Joomla Alberghi Component
Bug Type: SQL Injection
Risk Level: Critical

Solution:
Edit the source code to ensure that input is properly sanitized.

Joomla Joovideo Component “id” SQL Injection

Published by TL Guan March 21st, 2008 in Content Management and SQL Injection.

Application: Joomla Joovideo Component
Affected Version: 1.2.2 PRO and other versions.
Vendor’s URL: Joomla Joovideo Component
Bug Type: SQL Injection
Risk Level: Critical

Solution:
Edit the source code to ensure that input is properly sanitized.

Joomla Restaurante Component “id” SQL Injection

Published by TL Guan March 21st, 2008 in Content Management and SQL Injection.

Application: Joomla Restaurante Component
Affected Version: 1.0 and other versions.
Vendor’s URL: Joomla Restaurante Component
Bug Type: SQL Injection
Risk Level: Critical

Solution:
Edit the source code to ensure that input is properly sanitized.

Joomla Acajoom PRO Component SQL Injection

Published by TL Guan March 20th, 2008 in Content Management and SQL Injection.

Application: Joomla Acajoom PRO Component
Affected Version: 1.2.5 and 1.1.5 and other versions.
Vendor’s URL: Joomla Acajoom PRO Component
Bug Type: SQL injection
Risk Level: Critical

Solution:
Edit the source code to ensure that input is properly sanitized.

fuzzylime File Inclusion

Published by TL Guan March 20th, 2008 in Content Management and File Inclusion.

Application: fuzzylime
Affected Version: 3.01 and other versions.
Vendor’s URL: fuzzylime
Bug Type: File inclusion
Risk Level: Critical

Solution:
Edit the source code to ensure that input is properly verified.

XOOPS Tutorials Module “tid” SQL Injection

Published by TL Guan March 20th, 2008 in Content Management and SQL Injection.

Application: XOOPS Tutorials Module
Affected Version: 2.1b and other versions.
Vendor’s URL: XOOPS Tutorials Module
Bug Type: SQL Injection
Risk Level: Critical

Solution:
Edit the source code to ensure that input is properly sanitized.

PHP-Nuke Hadith Module “cat” SQL Injection

Published by TL Guan March 20th, 2008 in Content Management and SQL Injection.

Application: PHP-Nuke Hadith Module
Affected Version:
Vendor’s URL: PHP-Nuke Hadith Module
Bug Type: SQL Injection
Risk Level: Critical

Solution:
Edit the source code to ensure that input is properly sanitized.

Joomla! eWriting Component “cat” SQL Injection

Published by TL Guan March 20th, 2008 in Content Management and SQL Injection.

Application: Joomla! eWriting Component
Affected Version: 1.2.1 and other versions.
Vendor’s URL: Joomla! eWriting Component
Bug Type: SQL Injection
Risk Level: Critical

Solution:
Edit the source code to ensure that input is properly sanitized.

PHP-Nuke Kütüb-i Sitte Module “kid” SQL Injection

Published by TL Guan March 20th, 2008 in Content Management and SQL Injection.

Application: PHP-Nuke Kütüb-i Sitte Module
Affected Version: 1.1 and other versions.
Vendor’s URL: PHP-Nuke Kütüb-i Sitte Module
Bug Type: SQL Injection
Risk Level: Critical

Solution:
Edit the source code to ensure that input is properly sanitized.

About

You are currently browsing the Exabytes Security Portal weblog archives for the Content Management category.

Longer entries are truncated. Click the headline of an entry to read it in its entirety.

Subscribe

Latest

Archives



Valid XHTML 1.0 Transitional