Application: CMSQLite
Affected Version: version 1.3.1 and other versions.
Vendor’s URL: CMSQLite
Bug Type: File Upload and Security Bypass
Risk Level: Critical
Solution:
Restrict access to the “admin” directory (e.g. via a “.htaccess” file).
Access Bypass, Content Management, File Inclusion
Application: Ultimate PHP Board
Affected Version: version 2.2.6 and other versions.
Vendor’s URL: Ultimate PHP Board
Bug Type: Security Bypass and File Disclosure
Risk Level: Medium
Solution:
Restrict access to the admin_restore.php script (e.g. via .htaccess). Edit the source code to ensure that input is properly verified.
Access Bypass, Discussion Boards, Information Disclosure
Application: Drupal
Affected Version: versions prior to 6.x-1.2.
Vendor’s URL: Ubercart MIGS Module
Bug Type: Security Bypass
Risk Level: Critical
Solution:
Update to version 6.x-1.2 or later.
Access Bypass, Content Management
Application: Drupal
Affected Version: versions prior to 5.x-1.6 and 6.x-1.5.
Vendor’s URL: Ogone | Ubercart Module
Bug Type: Security Bypass
Risk Level: Critical
Solution:
Update to version 5.x-1.6 or later, or 6.x-1.5 or later.
Access Bypass, Content Management
Application: Drupal
Affected Version: versions prior to 6.x-1.2.
Vendor’s URL: AddonChat Module
Bug Type: Security Bypass and Cross Site Scripting
Risk Level: Critical
Solution:
Update to version 6.x-1.2.
Access Bypass, Content Management, Cross Site Scripting
Application: WordPress
Affected Version: versions prior to 4.1.3.
Vendor’s URL: Simple:Press Plugin
Bug Type: Security Bypass and System access
Risk Level: Critical
Solution:
Update to version 4.1.3 or later.
Access Bypass, Content Management
Application: Drupal Views Module Arbitrary Code Execution
Affected Version: versions prior to 6.x-2.9 and 5.x-1.7.
Vendor’s URL: Views Module
Bug Type: Code Execution
Risk Level: Critical
Solution:
Update to the latest version.
Access Bypass, Content Management
Application: phpBB
Affected Version: version 3.0.7.
Vendor’s URL: phpBB
Bug Type: Security Bypass
Risk Level: version 3.0.7.
Solution:
Update to version 3.0.7PL1 or later.
Access Bypass, Discussion Boards
Application: WordPress
Affected Version:
Vendor’s URL: Woopra Analytics Plugin
Bug Type: System Access
Risk Level: Critical
Solution:
Update to version 1.4.3.2.
Remove ofc_upload_image.php file from the Open Flash Chart directory.
Access Bypass, Content Management
Application: XOOPS
Affected Version: prior to 2.4.1
Vendor’s URL: XOOPS Profile Activation
Bug Type: Security Bypass
Risk Level: Medium
Solution:
Update to version 2.4.1.
Access Bypass, Content Management
Application: WordPress
Affected Version: version 2.8.5
Vendor’s URL: WordPress
Bug Type: File Upload and Script Insertion
Risk Level: Medium
Solution:
Update to version 2.8.6.
Access Bypass, Content Management, Cross Site Scripting
Application: Joomla
Affected Version:
Vendor’s URL: Jumi Component
Bug Type: Access Bypass
Risk Level: Critical
Solution:
The vendor has released clean installation files.
Access Bypass, Content Management
Application: Joomla
Affected Version: version 1.4.2.31 and other versions.
Vendor’s URL: iCRM Basic Component
Bug Type: Security Bypass
Risk Level: Critical
Solution:
Edit the source code to ensure that input is properly sanitised.
Access Bypass, Content Management
Application: Drupal Go
Affected Version:
Vendor’s URL: url redirects Module
Bug Type: SQL Injection, Cross Site Scripting, Security Bypass
Risk Level: Critical
Solution:
Update to version 5.x-1.4 or 6.x-1.1.
Access Bypass, Content Management, Cross Site Scripting, SQL Injection
Application: Zen Cart
Affected Version: version 1.3.8a (full fileset 12112007) and other versions.
Vendor’s URL: Zen Cart
Bug Type: Security Bypass
Risk Level: Critical
Solution:
Apply patch.
http://www.zen-cart.com/forum/attachment.php?attachmentid=5943&d=1245789282
Access Bypass, E-Commerce
Application: Movable Type
Affected Version: versions prior to 4.26.
Vendor’s URL: Movable Type
Bug Type: Security Bypass and Cross Site Scripting
Risk Level: Critical
Solution:
Update to version 4.26 or later.
Access Bypass, Blogs, Cross Site Scripting
Application: Drupal
Affected Version: versions prior to 6.x-2.6.
Vendor’s URL: Drupal Views Module
Bug Type: Cross Site Scripting and Security Bypass
Risk Level: Critical
Solution:
Update to version 6.x-2.6.
http://drupal.org/node/488082
Access Bypass, Content Management, Cross Site Scripting
Application: Drupal
Affected Version: versions prior to 6.x-0.14.
Vendor’s URL: Drupal Services Module
Bug Type: Security Bypass
Risk Level: Critical
Solution:
Update to version 6.x-0.14.
http://drupal.org/node/487784
Access Bypass, Content Management
Application: osCommerce Finnish Bank Payment Module
Affected Version:
Vendor’s URL: osCommerce Finnish Bank Payment Module
Bug Type: Security Bypass
Risk Level: Critical
Solution:
Apply vendor patch
Access Bypass, E-Commerce
Application: osCommerce Luottokunta Module
Affected Version: versions prior to 1.3.
Vendor’s URL: osCommerce Luottokunta Module
Bug Type: Security Bypass
Risk Level: Critical
Solution:
Update to version 1.3.
http://addons.oscommerce.com/info/3698
Access Bypass, E-Commerce