Drupal Panels Module PHP Code Execution
Application: Drupal
Affected Version: versions prior to 6.x-3.4.
Vendor’s URL: Panels Module
Bug Type: Code Execution
Risk Level: Critical
Solution:
Update to version 6.x-3.4.
Application: Drupal
Affected Version: versions prior to 6.x-3.4.
Vendor’s URL: Panels Module
Bug Type: Code Execution
Risk Level: Critical
Solution:
Update to version 6.x-3.4.
Application: Joomla
Affected Version: version 1.1 and other versions.
Vendor’s URL: Camp26 VisitorData Module
Bug Type: Command Injection
Risk Level: Critical
Solution:
Edit the source code to ensure that input is properly sanitised.
Application: Drupal
Affected Version: versions prior to 5.x-1.1.
Vendor’s URL: Mime Mail Module
Bug Type: Code Execution
Risk Level: Critical
Solution:
Update to version 5.x-1.1.
http://drupal.org/node/752166
Application: Drupal
Affected Version: versions prior to 6.x-1.1.
Vendor’s URL: Email Input Filter Module
Bug Type: Code Execution
Risk Level: Critical
Solution:
Update to version 6.x-1.1 or later.
Application: Drupal
Affected Version: versions prior to 6.x-1.3 and 5.x-2.6.
Vendor’s URL: Internationalization Module
Bug Type: Code Execution
Risk Level: Critical
Solution:
Internationalization 6.x:
http://drupal.org/node/731590
Internationalization 5.x:
http://drupal.org/node/731586
Application: Drupal
Affected Version: versions prior to 6.x-1.6 and 5.x-1.3.
Vendor’s URL: Graphviz Filter Module
Bug Type: Command Execution
Risk Level: Critical
Solution:
If you use Graphviz Filter 6.x-1.x, upgrade to Graphviz Filter 6.x-1.6.
If you use Graphviz Filter 5.x-1.x, upgrade to Graphviz Filter 5.x-1.3.
Application: WordPress
Affected Version: version 0.9.8 and other versions.
Vendor’s URL: WP-Syntax Plugin
Bug Type: Code Execution
Risk Level: Critical
Solution:
Remove the “wp-syntax/test” directory.
Application: TWiki
Affected Version:
Vendor’s URL: TWiki
Bug Type: Cross Site Scripting and Command Injection
Risk Level: Critical
Solution:
Update to version 4.2.4.
Content Management, Cross Site Scripting, Remote Command Execution
Application: TWiki
Affected Version: versions prior to 4.2.3.
Vendor’s URL: TWiki
Bug Type: Command Execution
Risk Level: Critical
Solution:
Update to version 4.2.3.
Application: PunBB
Affected Version: prior to 1.2.19
Vendor’s URL: PunBB
Bug Type: Command Injection and Cross Site Scripting
Risk Level: Critical
Solution:
Update to version 1.2.19.
http://punbb.informer.com/downloads.php
Cross Site Scripting, Discussion Boards, Remote Command Execution
Application: Drupal
Affected Version: prior to 5.x-1.1
Vendor’s URL: Magic Tabs Module
Bug Type: Code Execution
Risk Level: Critical
Solution:
Update to 5.x-1.1.
http://drupal.org/project/magic_tabs
Application: 1Book
Affected Version: version 1.0.1 and other versions.
Vendor’s URL: http://1scripts.net/php-scripts/index.php?p=16
Bug Type: Code Execution
Risk Level: Critical
Solution:
Update to version 1.0.2.
Application: ITCms
Affected Version: version 1.9 and other versions.
Vendor’s URL: ITCms
Bug Type: Code execution
Risk Level: Critical
Solution:
Restrict access to trusted users only.
Application: KwsPHP
Affected Version: Version 1.3.456 downloaded before 2008-04-16 and other versions.
Vendor’s URL: KwsPHP
Bug Type: File Inclusion and Code Execution
Risk Level: Critical
Solution:
Update to version 1.3.456 downloaded on or after 2008-04-16 and apply official patch.
Application: PacerCMS
Affected Version: 0.6.2 and other versions.
Vendor’s URL: http://pacercms.sourceforge.net/
Bug Type: Remote Code Execution
Risk Level: Critical
Solution:
Edit the source code to ensure that input is properly sanitized.
Application: Coppermine Photo Gallery
Affected Version: 1.4.14 and other versions.
Vendor’s URL: http://coppermine-gallery.net/
Bug Type: Cross Site Scripting and System Access
Risk Level: Critical
Solution:
Update to version 1.4.15.
Cross Site Scripting, Image Galleries, Remote Command Execution
Application: MyBB
Affected Version: 1.2.10 and prior versions.
Vendor’s URL: http://www.mybboard.net/
Bug Type: System access, SQL Injection
Risk Level: Critical
Solution:
Update to version 1.2.11.
Application: Drupal Meta Tags Module
Affected Version: 5.x-1.6.
Vendor’s URL: http://drupal.org/project/nodewords
Bug Type: System access
Risk Level: Critical
Solution:
Update to version 5.x-1.7.
Application: Xcms
Affected Version: prior to 1.84.
Vendor’s URL: http://www.xcms.it/
Bug Type: Security Bypass, System Access
Risk Level: Critical
Solution:
Update to version 1.84.
Content Management, File Inclusion, Remote Command Execution
Application: SyndeoCMS
Affected Version: SyndeoCMS 2.x
Vendor’s URL: Application site
Bug Type: Access Bypass
Risk Level: Low
Solution:
Update to version 2.5.01.