Archive

Archive for the ‘Information Disclosure’ Category

Drupal Revisioning Information Disclosure Security Issue

April 29th, 2014
Comments Off

Application: Drupal
Affected Version: version 7.x-1.7.
Vendor’s URL: Drupal Revisioning
Bug Type: Information Disclosure
Risk Level:

Solution:
Update to version 7.x-1.8.

Content Management, Information Disclosure

WordPress Linenity Theme “imgurl” Arbitrary File Disclosure

April 29th, 2014
Comments Off

Application: WordPress
Affected Version: version 1.2.0 and other versions.
Vendor’s URL: Linenity Theme
Bug Type: File Disclosure
Risk Level: Critical

Solution:
No official solution is currently available.

Content Management, Information Disclosure

WordPress Search ‘N Save Plugin Path Disclosure and Cross-Site Scripting Vulnerabilities

July 29th, 2013
Comments Off

Application: WordPress
Affected Version:
Vendor’s URL: Search ‘N Save Plugin
Bug Type: Path Disclosure and Cross-Site Scripting
Risk Level: Medium

Solution:
No official solution is currently available.

Content Management, Cross Site Scripting, Information Disclosure

WordPress Multiple Vulnerabilities

June 28th, 2013
Comments Off

Application: WordPress
Affected Version: version 3.5.1 and prior versions.
Vendor’s URL: WordPress
Bug Type: Security Bypass, Cross Site Scripting, Spoofing, Exposure of system information, DoS
Risk Level: Critical

Solution:
Update to version 3.5.2.

Access Bypass, Content Management, Cross Site Scripting, Information Disclosure

Joomla! Multiple Information Disclosure Vulnerabilities

February 26th, 2013
Comments Off

Application: Joomla!
Affected Version: 3.0.x versions prior to 3.0.3.
Vendor’s URL: Joomla!
Bug Type: Information Disclosure
Risk Level: Critical

Solution:
Update to version 2.5.9 or 3.0.3.

Content Management, Information Disclosure

JSUpload “writeItemContent()” Arbitrary File Disclosure Vulnerability

December 24th, 2012
Comments Off

Application: JSUpload
Affected Version: versions prior to 0.6.5.
Vendor’s URL: JSUpload
Bug Type: File Disclosure
Risk Level: Critical

Solution:
Update to version 0.6.5.

Information Disclosure

WordPress Cimy User Manager Plugin “cimy_um_filename” Arbitrary File Disclosure

October 30th, 2012
Comments Off

Application: WordPress
Affected Version: version 1.4.2 and other versions.
Vendor’s URL: Cimy User Manager Plugin
Bug Type: File Disclosure
Risk Level: Critical

Solution:
No official solution is currently available.

Content Management, Information Disclosure

WordPress Download Shortcode Plugin “file” Arbitrary File Disclosure

October 30th, 2012
Comments Off

Application: WordPress
Affected Version: version 0.1.
Vendor’s URL: Download Shortcode Plugin
Bug Type: File Disclosure
Risk Level: Critical

Solution:
Update to version 0.2.1.

Content Management, Information Disclosure

WordPress eShop Magic Plugin “file” Arbitrary File Disclosure Vulnerability

October 30th, 2012
Comments Off

Application: WordPress
Affected Version: version 0.1.
Vendor’s URL: eShop Magic Plugin
Bug Type: File Disclosure
Risk Level: Critical

Solution:
Update to version 0.2.

Content Management, Information Disclosure

WordPress Vitamin Plugin Two Arbitrary File Disclosure

August 30th, 2012
Comments Off

Application: WordPress
Affected Version: version 1.0.
Vendor’s URL: Vitamin Plugin
Bug Type: File Disclosure
Risk Level: Critical

Solution:
Update to version 1.1.

Content Management, Information Disclosure

WordPress Backup Plugin Backup Disclosure

July 26th, 2012
Comments Off

Application: WordPress
Affected Version: versions prior to 2.1.
Vendor’s URL: Backup Plugin
Bug Type: information disclosure
Risk Level: Critical

Solution:
Update to version 2.1.

Content Management, Information Disclosure

WordPress Google Maps Via Store Locator Plus Plugin Path Disclosure and SQL Injection

June 30th, 2012
Comments Off

Application: WordPress
Affected Version: version 3.0.1 and other versions.
Vendor’s URL: Google Maps Via Store Locator Plus Plugin
Bug Type: SQL Injection & Path Disclosure
Risk Level: Critical

Solution:
Restrict access to the wp-content/plugins/store-locator-le/core/load_wp_config.php file (e.g. via .htaccess). Edit the source code to ensure that input is properly sanitised.

Content Management, Information Disclosure, SQL Injection

WordPress Simple Download Button Shortcode Plugin Arbitrary File Disclosure

June 30th, 2012
Comments Off

Application: WordPress
Affected Version: version 1.0 and other versions.
Vendor’s URL: Simple Download Button Shortcode Plugin
Bug Type: File Disclosure
Risk Level: Critical

Solution:
Edit the source code to ensure that input is properly verified.

Content Management, Information Disclosure

WordPress Easy Contact Forms Export Plugin File Disclosure

June 30th, 2012
Comments Off

Application: WordPress
Affected Version: version 1.1.0 and other versions.
Vendor’s URL: Easy Contact Forms Export Plugin
Bug Type: File Disclosure
Risk Level: Critical

Solution:
Edit the source code to ensure that input is properly verified.

Content Management, Information Disclosure

Drupal Linkit Module Information Disclosure Security Issue

April 30th, 2012
Comments Off

Application: Drupal
Affected Version: versions prior to 7.x-2.2.
Vendor’s URL: Linkit Module
Bug Type: Information Disclosure
Risk Level: Critical

Solution:
Update to version 7.x-2.3.

Content Management, Information Disclosure

WordPress myEASYbackup Plugin “dwn_file” File Disclosure

February 1st, 2012
Comments Off

Application: WordPress
Affected Version: version 1.0.8.1 and other versions.
Vendor’s URL: myEASYbackup Plugin
Bug Type: File Disclosure
Risk Level: Critical

Solution:
Update to version 1.0.9.

Content Management, Information Disclosure

WordPress Count Per Day Plugin Cross-Site Scripting and File Disclosure

February 1st, 2012
Comments Off

Application: WordPress
Affected Version: version 3.1 and prior versions
Vendor’s URL: Count Per Day Plugin
Bug Type: Cross-Site Scripting and File Disclosure
Risk Level: Critical

Solution:
Update to version 3.1.1.

Content Management, Cross Site Scripting, Information Disclosure

WordPress Mailing List Plugin Arbitrary File Download

December 29th, 2011
Comments Off

Application: WordPress
Affected Version: version 1.4.1 and prior versions
Vendor’s URL: Mailing List Plugin
Bug Type: File Download
Risk Level: Critical

Solution:
Update to version 1.4.2.

Content Management, Information Disclosure

WordPress Filedownload Plugin “path” File Disclosure

September 30th, 2011
Comments Off

Application: WordPress
Affected Version: version 0.1 and other versions.
Vendor’s URL: Filedownload Plugin
Bug Type: File Disclosure
Risk Level: Critical

Solution:
Edit the source code to ensure that input is properly verified.

Content Management, Information Disclosure

WordPress s2Member Plugin “s2member_file_download” File Disclosure

September 29th, 2011
Comments Off

Application: WordPress
Affected Version: versions prior to 110812.
Vendor’s URL: s2Member Plugin
Bug Type: File Disclosure
Risk Level: Critical

Solution:
Update to version 110812 or later.

Content Management, Information Disclosure