Archive

Archive for the ‘Access Bypass’ Category

Drupal Node Access User Reference Module Security Bypass Security Issue

June 28th, 2013
Comments Off

Application: Drupal
Affected Version: 6.x-3.x versions prior to 6.x-3.5 and in 7.x-3.x versions prior to 7.x-3.10
Vendor’s URL: Node Access User Reference Module
Bug Type: Security Bypass
Risk Level: Critical

Solution:
Update to version 6.x-3.5 or 7.x-3.10.

Access Bypass, Content Management

Drupal Edit Limit Module Security Bypass Security Issue

June 28th, 2013
Comments Off

Application: Drupal
Affected Version: 7.x-1.x versions prior to 7.x-1.3.
Vendor’s URL: Edit Limit Module
Bug Type: Security Bypass
Risk Level: Critical

Solution:
Update to version 7.x-1.3.

Access Bypass, Content Management

WordPress Frontier Post Plugin Publishing Posts Security Bypass

May 27th, 2013
Comments Off

Application: WordPress
Affected Version: version 1.3.3 and other versions.
Vendor’s URL: Frontier Post Plugin
Bug Type: Security Bypass
Risk Level: Critical

Solution:
The vendor has released a fix. However, the fix is not effective. No official solution is currently available.

Access Bypass, Content Management

WordPress WP Print Friendly Plugin Security Bypass

May 27th, 2013
Comments Off

Application: WordPress
Affected Version: versions prior to 0.5.3.
Vendor’s URL: WP Print Friendly Plugin
Bug Type: Security Bypass
Risk Level: Critical

Solution:
Update to version 0.5.3.

Access Bypass, Content Management

WordPress open-flash-chart-core Plugin Open Flash Chart Arbitrary File Creation

May 27th, 2013
Comments Off

Application: WordPress
Affected Version: versions prior to 0.5.
Vendor’s URL: open-flash-chart-core Plugin
Bug Type: Access Bypass
Risk Level: Critical

Solution:
Update to version 0.5.

Access Bypass, Content Management

MediaWiki Two XML External Entities Vulnerabilities

April 26th, 2013
Comments Off

Application: MediaWiki
Affected Version: versions prior to 1.20.4 and 1.19.5.
Vendor’s URL: MediaWiki
Bug Type: System Access
Risk Level: Critical

Solution:
Update to version 1.20.4 or 1.19.5.

Access Bypass, Content Management

WordPress LeagueManager Plugin Security Bypass and SQL Injection

March 28th, 2013
Comments Off

Application: WordPress
Affected Version: version 3.8 and prior versions.
Vendor’s URL: LeagueManager Plugin
Bug Type: Security Bypass and SQL Injection
Risk Level: Critical

Solution:
Update to version 3.8.1.

Access Bypass, Content Management, SQL Injection

WordPress MailUp Plugin Ajax Functions Security Bypass

March 28th, 2013
Comments Off

Application: WordPress
Affected Version: version 1.3.2 and other versions.
Vendor’s URL: MailUp Plugin
Bug Type: Security Bypass
Risk Level: Critical

Solution:
Update to version 1.3.3.

Access Bypass, Content Management

WordPress Comment Rating Plugin Security Bypass Weakness and SQL Injection

March 28th, 2013
Comments Off

Application: WordPress
Affected Version: version 2.9.32 and other versions.
Vendor’s URL: Comment Rating Plugin
Bug Type: Security Bypass & SQL Injection
Risk Level: Critical

Solution:
No official solution is currently available.

Access Bypass, Content Management, SQL Injection

CubeCart “unserialize()” Configuration Manipulation Vulnerability

February 26th, 2013
Comments Off

Application: CubeCart
Affected Version: version 5.2.0 and prior versions.
Vendor’s URL: CubeCart
Bug Type: Security Bypass
Risk Level: Critical

Solution:
Update to version 5.2.1.

Access Bypass, E-Commerce

WordPress Portable phpMyAdmin Plugin Security Bypass

December 24th, 2012
Comments Off

Application: WordPress
Affected Version: versions prior to 1.3.1.
Vendor’s URL: Portable phpMyAdmin Plugin
Bug Type: Security Bypass
Risk Level: Critical

Solution:
Update to version 1.3.1.

Access Bypass, Content Management

Joomla! jNews Component Open Flash Chart Arbitrary File Creation

November 26th, 2012
Comments Off

Application: Joomla!
Affected Version: versions prior to 7.9.1.
Vendor’s URL: jNews Component Open Flash Chart
Bug Type: System Bypass
Risk Level: Critical

Solution:
Update to version 7.9.1.

Access Bypass, Content Management

DotNetNuke Multiple Vulnerabilities

November 26th, 2012
Comments Off

Application: DotNetNuke
Affected Version: versions prior to 6.2.5.
Vendor’s URL: DotNetNuke
Bug Type: Security Bypass, Cross Site Scripting
Risk Level:

Solution:
Update to version 6.2.5.

Access Bypass, Content Management, Cross Site Scripting

Drupal User Read-Only Module Security Bypass Security

November 26th, 2012
Comments Off

Application: Drupal
Affected Version: 6.x-1.x versions prior to 6.x-1.4 and 7.x-1.x versions prior to 7.x-1.4.
Vendor’s URL: User Read-Only Module
Bug Type: Security Bypass
Risk Level: Critical

Solution:
Update to a fixed version.

Access Bypass, Content Management

Moodle Multiple Vulnerabilities

November 26th, 2012
Comments Off

Application: Moodle
Affected Version: versions prior to 2.3.3, 2.2.6, and 2.1.9.
Vendor’s URL: Moodle
Bug Type: Security Bypass, Cross Site Scripting, SQL Injection
Risk Level: Critical

Solution:
Update to version 2.3.3, 2.2.6, or 2.1.9.

Access Bypass, Content Management, Cross Site Scripting, SQL Injection

Plone Multiple Vulnerabilities

November 26th, 2012
Comments Off

Application: Plone
Affected Version: Plone 2.x, 3.x, 4.x.
Vendor’s URL: Plone
Bug Type: Security Bypass, Cross Site Scripting, DOS, Brute force, System Access
Risk Level: Critical

Solution:
Apply patches.

Access Bypass, Content Management, Cross Site Scripting, Denial Of Service

WordPress GRAND FlAGallery Plugin Multipe Vulnerabilities

October 30th, 2012
Comments Off

Application: WordPress
Affected Version: version 2.00 and other versions.
Vendor’s URL: GRAND FlAGallery Plugin
Bug Type: SQL Injection, System Access
Risk Level: Critical

Solution:
No official solution is currently available.

Access Bypass, Content Management, SQL Injection

WordPress UnGallery Plugin “search” Arbitrary Command Execution

October 30th, 2012
Comments Off

Application: WordPress
Affected Version: version 2.1.5 and other versions.
Vendor’s URL: UnGallery Plugin
Bug Type: System access
Risk Level: Critical

Solution:
Update to version 2.1.6 or later.

Access Bypass, Content Management

Joomla! MijoFTP Component Unspecified Vulnerability

October 30th, 2012
Comments Off

Application: Joomla!
Affected Version: versions prior to 1.1.0.
Vendor’s URL: MijoFTP Component
Bug Type: System Access
Risk Level: Critical

Solution:
Update to version 1.1.0.

Access Bypass, Content Management

Drupal PDFThumb Module Command Injection

September 30th, 2012
Comments Off

Application: Drupal
Affected Version: versions prior to 7.x-1.1.
Vendor’s URL: PDFThumb Module
Bug Type: System Access
Risk Level: Critical

Solution:
Update to version 7.x-1.1.

Access Bypass, Content Management