Archive

Archive for the ‘Access Bypass’ Category

WordPress Jetpack Plugin Security Bypass

April 29th, 2014
Comments Off

Application: WordPress
Affected Version: versions prior to 2.9.3.
Vendor’s URL: Jetpack Plugin
Bug Type: Security Bypass
Risk Level: Critical

Solution:
Update to version 2.9.3.

Access Bypass, Content Management

WordPress Multiple Vulnerabilities

April 29th, 2014
Comments Off

Application: WordPress
Affected Version: versions prior to 3.8.2.
Vendor’s URL: WordPress
Bug Type: Security Bypass, Cross Site Scripting
Risk Level: Critical

Solution:
Update to version 3.8.3.

Access Bypass, Content Management, Cross Site Scripting

WordPress File Gallery Plugin Settings Arbitrary Command Execution

April 29th, 2014
Comments Off

Application: WordPress
Affected Version: version 1.7.9 and other versions
Vendor’s URL: File Gallery Plugin
Bug Type: System Access
Risk Level: Critical

Solution:
Update to version 1.7.9.2.

Access Bypass, Content Management

CosmoShop ePRO Security Bypass

March 30th, 2014
Comments Off

Application: CosmoShop
Affected Version: version 10.17.00 and other versions.
Vendor’s URL: CosmoShop ePRO
Bug Type: Security Bypass
Risk Level: Critical

Solution:
No official solution is currently available.

Access Bypass, E-Commerce

Joomla! Multiple Vulnerabilities

February 28th, 2014
Comments Off

Application: Joomla!
Affected Version: versions 2.5.18, 3.2.1 and 3.2.2
Vendor’s URL: Joomla!
Bug Type: Security Bypass, Cross Site Scripting, SQL Injection
Risk Level: Critical

Solution:
Update to version 2.5.19 or 3.2.3.

Access Bypass, Content Management, Cross Site Scripting, SQL Injection

Drupal Slickgrid Module Security Bypass Security Issue

February 28th, 2014
Comments Off

Application: Drupal
Affected Version: 7.x-1.x versions prior to 7.x-2.0.
Vendor’s URL: Slickgrid Module
Bug Type: Security Bypass
Risk Level: Critical

Solution:
Update to version 7.x-2.0.

Access Bypass, Content Management

WordPress BuddyPress Plugin Script Insertion and Security Bypass

February 28th, 2014
Comments Off

Application: WordPress
Affected Version: version 1.9.1 and prior versions.
Vendor’s URL: BuddyPress Plugin
Bug Type: Script Insertion and Security Bypass
Risk Level: Critical

Solution:
Update to version 1.9.2.

Access Bypass, Content Management, Cross Site Scripting

Zabbix API User Spoofing and Security Bypass

February 28th, 2014
Comments Off

Application: Zabbix
Affected Version: versions prior to 2.0.11 and 2.2.2.
Vendor’s URL: Zabbix
Bug Type: User Spoofing and Security Bypass
Risk Level: Critical

Solution:
Update to version 2.0.11 or 2.2.2.

Access Bypass

Drupal Services Module Security Bypass

February 28th, 2014
Comments Off

Application: Drupal
Affected Version: 7.x-1.x versions prior to 7.x-3.7.
Vendor’s URL: Drupal Services Module
Bug Type: Security Bypass
Risk Level: Critical

Solution:
Update to version 7.x-3.7.

Access Bypass, Content Management

ImpressCMS “image_path” Arbitrary File Deletion

February 28th, 2014
Comments Off

Application: ImpressCMS
Affected Version: versions 1.3.5, 1.3.6, and 1.3.6.1 and other versions.
Vendor’s URL: ImpressCMS
Bug Type: File Deletion
Risk Level: Critical

Solution:
The vendor has released a fix in version 1.3.6, however, the fix is only partially effective. No official solution is currently available.

Access Bypass, Content Management

Drupal Taxonomy Security Bypass and OpenID Account Hijacking

January 29th, 2014
Comments Off

Application: Drupal
Affected Version: 6.x versions prior to 6.30 and 7.x versions prior to 7.26.
Vendor’s URL: Drupal
Bug Type: Security Bypass
Risk Level: Critical

Solution:
Update to a fixed version.

Access Bypass, Content Management

WordPress Advanced Dewplayer Plugin download-file.php Access Bypass

December 30th, 2013
Comments Off

Application: WordPress
Affected Version: version 1.2 and other versions.
Vendor’s URL: Advanced Dewplayer Plugin
Bug Type: Access Bypass
Risk Level: Critical

Solution:
No official solution is currently available.

Access Bypass, Content Management

WHMCS “unserialize()” PHP Code Execution and Multiple Unspecified Vulnerabilities

November 29th, 2013
Comments Off

Application: WHMCS
Affected Version: versions prior to 5.1.14 and 5.2.13.
Vendor’s URL: WHMCS
Bug Type: Code Execution
Risk Level: Critical

Solution:
Update to version 5.1.14 and 5.2.13.

Access Bypass

Simple Machines Forum Multiple Vulnerabilities

October 31st, 2013
Comments Off

Application: Simple Machines Forum
Affected Version: versions prior to 2.0.6 and 1.1.19.
Vendor’s URL: Simple Machines Forum
Bug Type: System access
Risk Level: Critical

Solution:
Update to version 2.0.6 or 1.1.19.

Access Bypass, Discussion Boards

WordPress SEO Watcher Plugin Open Flash Chart Arbitrary File Creation

October 31st, 2013
Comments Off

Application: WordPress
Affected Version: version 1.4 and other versions.
Vendor’s URL: SEO Watcher Plugin
Bug Type: File Creation
Risk Level: Critical

Solution:
No official solution is currently available.

Access Bypass, Content Management

WordPress WP-SlimStat-Ex Plugin Open Flash Chart Arbitrary File Creation

October 31st, 2013
Comments Off

Application: WordPress
Affected Version: version 2.1.2
Vendor’s URL: WP-SlimStat-Ex Plugin
Bug Type: System Access
Risk Level: Critical

Solution:
No official solution is currently available.

Access Bypass, Content Management

MediaWiki CentralAuth Extension Authentication Bypass

September 30th, 2013
Comments Off

Application: MediaWiki
Affected Version: versions prior to 11.38.2.6 and 11.39.0.15.
Vendor’s URL: CentralAuth Extension
Bug Type: Security Bypass
Risk Level: Critical

Solution:
Update to a fixed version.

Access Bypass, Content Management

WordPress Multiple Vulnerabilities

September 30th, 2013
Comments Off

Application: WordPress
Affected Version: version 3.6 and prior versions.
Vendor’s URL: WordPress
Bug Type: Security Bypass, Cross Site Scripting, Spoofing, System access
Risk Level: Critical

Solution:
Update to version 3.6.1.

Access Bypass, Content Management, Cross Site Scripting

Drupal RESTful Web Services Module Two Security Bypass

August 26th, 2013
Comments Off

Application: Drupal
Affected Version: 7.x-1.x versions prior to 7.x-1.4 and the 7.x-2.x versions prior to 7.x-2.1.
Vendor’s URL: RESTful Web Services Module
Bug Type: Security Bypass
Risk Level: Critical

Solution:
Update to a fixed version.

Access Bypass, Content Management

WordPress Multiple Vulnerabilities

June 28th, 2013
Comments Off

Application: WordPress
Affected Version: version 3.5.1 and prior versions.
Vendor’s URL: WordPress
Bug Type: Security Bypass, Cross Site Scripting, Spoofing, Exposure of system information, DoS
Risk Level: Critical

Solution:
Update to version 3.5.2.

Access Bypass, Content Management, Cross Site Scripting, Information Disclosure