Archive

Archive for the ‘Information Disclosure’ Category

WordPress UnGallery Plugin “pic”, “zip”, and “movie” File Disclosure

August 24th, 2011
Comments Off

Application: WordPress
Affected Version: version 1.5.8 and prior versions.
Vendor’s URL: UnGallery Plugin
Bug Type: File Disclosure
Risk Level: Critical

Solution:
Update to version 1.5.9.

Blogs, Information Disclosure

MyBB Information Disclosure and SQL Injection

April 27th, 2011
Comments Off

Application: MyBB
Affected Version: version 1.6.2 and version 1.4.15 and other versions.
Vendor’s URL: MyBB
Bug Type: Information Disclosure and SQL Injection
Risk Level: Critical

Solution:
Update to version 1.6.3 or 1.4.16.

Discussion Boards, Information Disclosure, SQL Injection

WordPress WP Custom Pages “url” File Disclosure

April 27th, 2011
Comments Off

Application: WordPress
Affected Version: version 0.5.0.1 and other versions.
Vendor’s URL: WP Custom Pages
Bug Type: File Disclosure
Risk Level: Critical

Solution:
Edit the source code to ensure that input is properly verified.

Content Management, Information Disclosure

WordPress jQuery Mega Menu Widget Plugin “skin” File Disclosure

March 28th, 2011
Comments Off

Application: WordPress
Affected Version: version 1.0 and other versions.
Vendor’s URL: jQuery Mega Menu Widget Plugin
Bug Type: File Disclosure
Risk Level: Critical

Solution:
Update to version 1.1.

Content Management, Information Disclosure

WordPress OPS Old Post Spinner Plugin “ops_file” File Disclosure

March 28th, 2011
Comments Off

Application: WordPress
Affected Version: version 2.2.1 and other version
Vendor’s URL: OPS Old Post Spinner Plugin
Bug Type: File Disclosure
Risk Level: Critical

Solution:
Edit the source code to ensure that input is properly verified.

Content Management, Information Disclosure

WordPress WP Publication Archive Plugin “file” Information Disclosure

January 28th, 2011
Comments Off

Application: WordPress
Affected Version: version 2.0.1 and other versions.
Vendor’s URL: WP Publication Archive Plugin
Bug Type: Information Disclosure
Risk Level: Critical

Solution:
Edit the source code to ensure that input is properly verified.

Content Management, Information Disclosure

Joomla! Joomla Captcha Plugin “lng” Information Disclosure

January 28th, 2011
Comments Off

Application: Joomla!
Affected Version: version 4.5.1
Vendor’s URL: Joomla Captcha Plugin
Bug Type: Information Disclosure
Risk Level: Critical

Solution:
Edit the source code to ensure that input is properly verified.

Content Management, Information Disclosure

ASP.NET Security Vulnerability

September 30th, 2010
Comments Off

Application: ASP.NET
Affected Version: All Microsoft .NET Framework
Vendor’s URL: Microsoft .NET Framework
Bug Type: Information Disclosure
Risk Level: Critical

Solution:
Windows Update or Download Patch
http://www.microsoft.com/technet/security/bulletin/MS10-070.mspx

Information Disclosure

Joomla! PicSell Component “dflink” File Disclosure

September 30th, 2010
Comments Off

Application: Joomla!
Affected Version: version 1.0 and other versions.
Vendor’s URL: PicSell Component
Bug Type: File Disclosure
Risk Level: Critical

Solution:
Edit the source code to ensure that input is properly verified.

Content Management, Information Disclosure

Joomla JoomDOC Component File Disclosure

July 29th, 2010
Comments Off

Application: Joomla
Affected Version: version 2.0.2 and other versions
Vendor’s URL: JoomDOC Component
Bug Type: File Disclosure
Risk Level: Medium

Solution:
Restrict access for accounts with “upload” and “edit” permissions to trusted users only.

Content Management, Information Disclosure

Ultimate PHP Board Security Bypass and File Disclosure

July 29th, 2010
Comments Off

Application: Ultimate PHP Board
Affected Version: version 2.2.6 and other versions.
Vendor’s URL: Ultimate PHP Board
Bug Type: Security Bypass and File Disclosure
Risk Level: Medium

Solution:
Restrict access to the admin_restore.php script (e.g. via .htaccess). Edit the source code to ensure that input is properly verified.

Access Bypass, Discussion Boards, Information Disclosure

Invision Power Board Image Disclosure

May 26th, 2010
Comments Off

Application: Invision Power Board
Affected Version: version 3.0.5
Vendor’s URL: Invision Power Board
Bug Type: Information Disclosure
Risk Level: Critical

Solution:
Apply the patch.

Discussion Boards, Information Disclosure

Joomla AllVideos Plugin “file” Information Disclosure

February 23rd, 2010
Comments Off

Application: Joomla
Affected Version: version 3.1
Vendor’s URL: AllVideos Plugin
Bug Type: Information Disclosure
Risk Level: Critical

Solution:
Update to version 3.3 or later.

Content Management, Information Disclosure

Joomla! Information Disclosure and File Upload

July 29th, 2009
Comments Off

Application: Joomla!
Affected Version: version 1.5.1 and other versions.
Vendor’s URL: Joomla!
Bug Type: Information Disclosure and File Upload
Risk Level: Critical

Solution:
Update to version 1.5.13.

Content Management, File Inclusion, Information Disclosure

Joomla! Cross-Site Scripting and Information Disclosure

July 29th, 2009
Comments Off

Application: Joomla!
Affected Version: versions prior to 1.5.12.
Vendor’s URL: Joomla!
Bug Type: Cross-Site Scripting and Information Disclosure
Risk Level: Medium

Solution:
Update to version 1.5.13.

Content Management, Cross Site Scripting, Information Disclosure

Drupal Script Insertion and Information Disclosure

May 22nd, 2009
Comments Off

Application: Drupal
Affected Version: prior to version 5.17 and Drupal 6.x prior to version 6.11.
Vendor’s URL: Drupal
Bug Type: Cross Site Scripting and Information Disclosure
Risk Level: Medium

Solution:
Update to Drupal 6.11 or Drupal 5.17, or apply the patches.

http://ftp.drupal.org/files/projects/drupal-6.11.tar.gz
http://ftp.drupal.org/files/projects/drupal-5.17.tar.gz

http://drupal.org/files/sa-core-2009-005/SA-CORE-2009-005-6.10.patch
http://drupal.org/files/sa-core-2009-005/SA-CORE-2009-005-5.16.patch

Content Management, Cross Site Scripting, Information Disclosure

Joomla! “X_CMS_LIBRARY_PATH” Directory Traversal

January 19th, 2009
Comments Off

Application: Joomla
Affected Version: version 1.5.8 and other versions.
Vendor’s URL: Joomla
Bug Type: Directory Traversal
Risk Level: Medium

Solution:
Update to version 1.5.9.

Content Management, Information Disclosure

Simple Machines Forum Multiple Vulnerabilities

November 24th, 2008
Comments Off

Application: Simple Machines Forum
Affected Version: version 1.1.6 and other versions.
Vendor’s URL: Simple Machines Forum
Bug Type: Cross Site Scripting
Risk Level: Critical

Solution:
Update to version 1.0.15 or 1.1.7.

Cross Site Scripting, Discussion Boards, Information Disclosure

PHP-Nuke BookCatalog Module “catid” SQLi

November 24th, 2008
Comments Off

Application: PHP-Nuke
Affected Version: -
Vendor’s URL: BookCatalog Module
Bug Type: SQL Injection
Risk Level: Critical

Solution:
Edit the source code to ensure that input is properly sanitised.

Content Management, Information Disclosure

Joomla RWCards Component “img” File Disclosure

November 24th, 2008
Comments Off

Application: Joomla
Affected Version: version 3.0.11 and other versions.
Vendor’s URL: RWCards Component
Bug Type: File Disclosure
Risk Level: Critical

Solution:
Edit the source code to ensure that input is properly sanitised.

Content Management, Information Disclosure