Application: CMSQLite
Affected Version: version 1.3.1 and other versions.
Vendor’s URL: CMSQLite
Bug Type: File Upload and Security Bypass
Risk Level: Critical

Solution:
Restrict access to the “admin” directory (e.g. via a “.htaccess” file).

Access Bypass, Content Management, File Inclusion

Application: Ultimate PHP Board
Affected Version: version 2.2.6 and other versions.
Vendor’s URL: Ultimate PHP Board
Bug Type: Security Bypass and File Disclosure
Risk Level: Medium

Solution:
Restrict access to the admin_restore.php script (e.g. via .htaccess). Edit the source code to ensure that input is properly verified.

Access Bypass, Discussion Boards, Information Disclosure

Application: Drupal
Affected Version: versions prior to 6.x-1.2.
Vendor’s URL: Ubercart MIGS Module
Bug Type: Security Bypass
Risk Level: Critical

Solution:
Update to version 6.x-1.2 or later.

Access Bypass, Content Management

Application: Drupal
Affected Version: versions prior to 5.x-1.6 and 6.x-1.5.
Vendor’s URL: Ogone | Ubercart Module
Bug Type: Security Bypass
Risk Level: Critical

Solution:
Update to version 5.x-1.6 or later, or 6.x-1.5 or later.

Access Bypass, Content Management

Application: Drupal
Affected Version: versions prior to 6.x-1.2.
Vendor’s URL: AddonChat Module
Bug Type: Security Bypass and Cross Site Scripting
Risk Level: Critical

Solution:
Update to version 6.x-1.2.

Access Bypass, Content Management, Cross Site Scripting

Application: WordPress
Affected Version: versions prior to 4.1.3.
Vendor’s URL: Simple:Press Plugin
Bug Type: Security Bypass and System access
Risk Level: Critical

Solution:
Update to version 4.1.3 or later.

Access Bypass, Content Management

Application: Drupal Views Module Arbitrary Code Execution
Affected Version: versions prior to 6.x-2.9 and 5.x-1.7.
Vendor’s URL: Views Module
Bug Type: Code Execution
Risk Level: Critical

Solution:
Update to the latest version.

Access Bypass, Content Management

Application: phpBB
Affected Version: version 3.0.7.
Vendor’s URL: phpBB
Bug Type: Security Bypass
Risk Level: version 3.0.7.

Solution:
Update to version 3.0.7PL1 or later.

Access Bypass, Discussion Boards

Application: WordPress
Affected Version:
Vendor’s URL: Woopra Analytics Plugin
Bug Type: System Access
Risk Level: Critical

Solution:
Update to version 1.4.3.2.

Remove ofc_upload_image.php file from the Open Flash Chart directory.

Access Bypass, Content Management

Application: XOOPS
Affected Version: prior to 2.4.1
Vendor’s URL: XOOPS Profile Activation
Bug Type: Security Bypass
Risk Level: Medium

Solution:
Update to version 2.4.1.

Access Bypass, Content Management

Application: WordPress
Affected Version: version 2.8.5
Vendor’s URL: WordPress
Bug Type: File Upload and Script Insertion
Risk Level: Medium

Solution:
Update to version 2.8.6.

Access Bypass, Content Management, Cross Site Scripting

Application: Joomla
Affected Version:
Vendor’s URL: Jumi Component
Bug Type: Access Bypass
Risk Level: Critical

Solution:
The vendor has released clean installation files.

Access Bypass, Content Management

Application: Joomla
Affected Version: version 1.4.2.31 and other versions.
Vendor’s URL: iCRM Basic Component
Bug Type: Security Bypass
Risk Level: Critical

Solution:
Edit the source code to ensure that input is properly sanitised.

Access Bypass, Content Management

Application: Drupal Go
Affected Version:
Vendor’s URL: url redirects Module
Bug Type: SQL Injection, Cross Site Scripting, Security Bypass
Risk Level: Critical

Solution:
Update to version 5.x-1.4 or 6.x-1.1.

Access Bypass, Content Management, Cross Site Scripting, SQL Injection

Application: Zen Cart
Affected Version: version 1.3.8a (full fileset 12112007) and other versions.
Vendor’s URL: Zen Cart
Bug Type: Security Bypass
Risk Level: Critical

Solution:
Apply patch.
http://www.zen-cart.com/forum/attachment.php?attachmentid=5943&d=1245789282

Access Bypass, E-Commerce

Application: Movable Type
Affected Version: versions prior to 4.26.
Vendor’s URL: Movable Type
Bug Type: Security Bypass and Cross Site Scripting
Risk Level: Critical

Solution:
Update to version 4.26 or later.

Access Bypass, Blogs, Cross Site Scripting

Application: Drupal
Affected Version: versions prior to 6.x-2.6.
Vendor’s URL: Drupal Views Module
Bug Type: Cross Site Scripting and Security Bypass
Risk Level: Critical

Solution:
Update to version 6.x-2.6.
http://drupal.org/node/488082

Access Bypass, Content Management, Cross Site Scripting

Application: Drupal
Affected Version: versions prior to 6.x-0.14.
Vendor’s URL: Drupal Services Module
Bug Type: Security Bypass
Risk Level: Critical

Solution:
Update to version 6.x-0.14.
http://drupal.org/node/487784

Access Bypass, Content Management

Application: osCommerce Finnish Bank Payment Module
Affected Version:
Vendor’s URL: osCommerce Finnish Bank Payment Module
Bug Type: Security Bypass
Risk Level: Critical

Solution:
Apply vendor patch

Access Bypass, E-Commerce

Application: osCommerce Luottokunta Module
Affected Version: versions prior to 1.3.
Vendor’s URL: osCommerce Luottokunta Module
Bug Type: Security Bypass
Risk Level: Critical

Solution:
Update to version 1.3.
http://addons.oscommerce.com/info/3698

Access Bypass, E-Commerce