Categories

Applications (151)
Blogs (3)
Content Management (101)
Customer Relationship (2)
Discussion Boards (19)
E-Commerce (8)
General Purpose Directories (1)
Image Galleries (15)
Mailing Lists (1)
Tips (3)
Vulnerabilities (249)
Access Bypass (42)
Cross Site Scripting (94)
Denial Of Service (2)
File Inclusion (40)
Information Disclosure (13)
Privilege Escalation (2)
Remote Command Execution (12)
Session Hijacking (1)
SQL Injection (84)

Archive for the 'Access Bypass' Category

Drupal Menu System Security Bypass

Published by TL Guan April 18th, 2008 in Access Bypass and Content Management.

Application: Drupal Menu System
Affected Version: 6.2 and prior versions.
Vendor’s URL: Drupal Menu System
Bug Type: Security Bypass
Risk Level: Critical

Solution:
Update to Drupal 6.2 or apply patch.

KnowledgeQuest SQL Injection and Security Bypass

Published by TL Guan April 18th, 2008 in Access Bypass and SQL Injection.

Application: KnowledgeQuest
Affected Version: 2.6 and other versions.
Vendor’s URL: KnowledgeQuest
Bug Type: Security Bypass
Risk Level: Critical

Solution:
Edit the source code to ensure that input is properly sanitized. Restrict access to the admincheck.php

Drupal Simple Access Module Security Bypass

Published by TL Guan April 18th, 2008 in Access Bypass and Content Management.

Application: Drupal Simple Access Module
Affected Version: 5.x-1.2-2 and prior versions.
Vendor’s URL: Drupal Simple Access Module
Bug Type: Access bypass
Risk Level: Critical

Solution:
Update to version 5.x-1.3.

phpBB Security Bypass Vulnerabilities

Published by TL Guan April 18th, 2008 in Access Bypass and Discussion Boards.

Application: phpBB
Affected Version: 3.0.0.
Vendor’s URL: phpBB
Bug Type: Access Bypass
Risk Level: Critical

Solution:
Update to version 3.0.1.

Joomla Custompages Component File Inclusion

Published by TL Guan April 18th, 2008 in Access Bypass, Content Management and File Inclusion.

Application: Joomla
Affected Version: 1.1 and other versions.
Vendor’s URL: Joomla Custompages Component
Bug Type: access bypass, file inclusion
Risk Level: Critical

Solution:
Edit the source code to ensure that input is properly verified.

DotNetNuke Multiple Vulnerabilities

Published by TL Guan April 18th, 2008 in Access Bypass, Discussion Boards and Privilege Escalation.

Application: DotNetNuke
Affected Version: version prior to 4.8.2.
Vendor’s URL: http://www.dotnetnuke.com/
Bug Type: Privilege escalation, access bypass
Risk Level: Critical

Solution:
Update to version 4.8.2.
http://www.dotnetnuke.com/tabid/125/default.aspx

Gallarific Multiple Vulnerabilities

Published by TL Guan March 21st, 2008 in Access Bypass, Cross Site Scripting and Image Galleries.

Application: Gallarific
Affected Version: Gallarific Free Edition 1.1 and other versions.
Vendor’s URL: http://www.gallarific.com/
Bug Type: Cross Site Scripting and Security Bypass
Risk Level: Critical

Solution:
Use another product, or disable it until the patch is released.

WordPress Sniplets Plugin Multiple Vulnerabilities

Published by TL Guan March 20th, 2008 in Access Bypass, Content Management and Cross Site Scripting.

Application: WordPress
Affected Version: 1.2.2 and other versions.
Vendor’s URL: http://urbangiraffe.com/plugins/sniplets/
Bug Type: Cross Site Scripting and Security Bypass
Risk Level: Critical

Solution:
Edit the source code to ensure that input is properly verified and sanitized.

h2desk Support System Security Bypass

Published by TL Guan March 20th, 2008 in Access Bypass and Customer Relationship.

Application: h2desk Support System
Affected Version:
Vendor’s URL: http://www.heathcosoft.com/h2desk/
Bug Type: Security Bypass
Risk Level: Medium

Solution:
Grant trusted users to access

Drupal Header Image Module Security Bypass Vulnerability

Published by TL Guan February 22nd, 2008 in Access Bypass and Content Management.

Application: Drupal Header Image Module
Affected Version: Prior to 5.x-1.1.
Vendor’s URL: http://drupal.org/project/headerimage
Bug Type: Access Bypass
Risk Level: Medium

Solution:
Update to version 5.x-1.1.

WordPress MU File Upload and Security Bypass

Published by TL Guan February 22nd, 2008 in Access Bypass and Content Management.

Application: WordPress MU
Affected Version: 1.3.1 and other versions.
Vendor’s URL: http://mu.wordpress.org/
Bug Type: Access Bypass
Risk Level: Critical

Solution:
Update to version 1.3.2 or later.

WordPress XML-RPC Post Edit Vulnerability

Published by TL Guan February 22nd, 2008 in Access Bypass and Content Management.

Application: Wordpress
Affected Version: 2.3.2 and other versions.
Vendor’s URL: http://wordpress.org/
Bug Type: Access Bypass
Risk Level: Medium

Solution:
Update to version 2.3.3.

Drupal Secure Site Module Security Bypass

Published by TL Guan February 21st, 2008 in Access Bypass and Content Management.

Application: Drupal secure site module
Affected Version: 5.x and 4.7.x
Vendor’s URL: http://drupal.org/project/securesite
Bug Type: Security Bypass
Risk Level: Critical

Solution:
Update to Secure Site 5.x-1.1 or 4.7.x-1.1.

PortalApp Multiple Vulnerabilities

Published by TL Guan January 22nd, 2008 in Access Bypass, Content Management, Cross Site Scripting and Discussion Boards.

Application: PortalApp
Affected Version: 4.0.
Vendor’s URL: PortalApp
Bug Type: Security Bypass, Cross Site Scripting
Risk Level: Critical

Solution:
Edit the source code to ensure that input is properly sanitised and access to dangerous actions is properly restricted.

XOOPS Security Bypass

Published by TL Guan January 22nd, 2008 in Access Bypass and Content Management.

Application: Xoops 2.x
Affected Version: 2.0.18.
Vendor’s URL: http://www.xoops.org/
Bug Type: Security Bypass
Risk Level: Low

Solution:
Update to version 2.0.18.

Mambo Multiple Vulnerabilities

Published by TL Guan January 22nd, 2008 in Access Bypass, Content Management and Cross Site Scripting.

Application: Mambo 4.x
Affected Version: 4.6.2.
Vendor’s URL: http://www.mamboserver.com/
Bug Type: Cross Site Scripting, System Access
Risk Level: Critical

Solution:
Update to version 4.6.3.

Gallery Multiple Vulnerabilities

Published by David December 28th, 2007 in Access Bypass and Cross Site Scripting.

Application: Gallery
Affected Version: Gallery 2.x
Vendor’s URL: Application site
Bug Type: Exposure of sensitive information, Cross Site Scripting, Security Bypass
Risk Level: Critical

Solution:
Update to version 2.2.4.

PMOS Help Desk PHP Code Execution and Security Bypass

Published by David December 28th, 2007 in Access Bypass and Cross Site Scripting.

Application: PMOS Help Desk
Affected Version: PMOS Help Desk 2.x
Vendor’s URL: Application site
Bug Type: Cross Site Scripting, System bypass
Risk Level: Critical

Solution:
Consult with provider for proper action.

Dokeos “My productions” File Upload and Cross-Site Scripting Vulnerabilities

Published by David December 28th, 2007 in Access Bypass and Cross Site Scripting.

Application: Dokeos
Affected Version: Dokeos 1.x
Vendor’s URL: Application site
Bug Type: Cross Site Scripting, System bypass
Risk Level: Critical

Solution:
Edit the source code to ensure that input is sanitised or consult with provider for proper action.

SyndeoCMS “cmsdir” File Inclusion Vulnerability

Published by David November 21st, 2007 in Access Bypass and Remote Command Execution.

Application: SyndeoCMS
Affected Version: SyndeoCMS 2.x
Vendor’s URL: Application site
Bug Type: Access Bypass
Risk Level: Low

Solution:
Update to version 2.5.01.

About

You are currently browsing the Exabytes Security Portal weblog archives for the Access Bypass category.

Longer entries are truncated. Click the headline of an entry to read it in its entirety.

Subscribe

Latest

Archives



Valid XHTML 1.0 Transitional