Application: Drupal
Affected Version: versions prior to 6.x-3.4.
Vendor’s URL: Panels Module
Bug Type: Code Execution
Risk Level: Critical

Solution:
Update to version 6.x-3.4.

Content Management, Remote Command Execution

Application: Joomla
Affected Version: version 1.1 and other versions.
Vendor’s URL: Camp26 VisitorData Module
Bug Type: Command Injection
Risk Level: Critical

Solution:
Edit the source code to ensure that input is properly sanitised.

Content Management, Remote Command Execution

Application: Drupal
Affected Version: versions prior to 5.x-1.1.
Vendor’s URL: Mime Mail Module
Bug Type: Code Execution
Risk Level: Critical

Solution:
Update to version 5.x-1.1.
http://drupal.org/node/752166

Content Management, Remote Command Execution

Application: Drupal
Affected Version: versions prior to 6.x-1.1.
Vendor’s URL: Email Input Filter Module
Bug Type: Code Execution
Risk Level: Critical

Solution:
Update to version 6.x-1.1 or later.

Content Management, Remote Command Execution

Application: Drupal
Affected Version: versions prior to 6.x-1.3 and 5.x-2.6.
Vendor’s URL: Internationalization Module
Bug Type: Code Execution
Risk Level: Critical

Solution:
Internationalization 6.x:
http://drupal.org/node/731590

Internationalization 5.x:
http://drupal.org/node/731586

Content Management, Remote Command Execution

Application: Drupal
Affected Version: versions prior to 6.x-1.6 and 5.x-1.3.
Vendor’s URL: Graphviz Filter Module
Bug Type: Command Execution
Risk Level: Critical

Solution:
If you use Graphviz Filter 6.x-1.x, upgrade to Graphviz Filter 6.x-1.6.
If you use Graphviz Filter 5.x-1.x, upgrade to Graphviz Filter 5.x-1.3.

Content Management, Remote Command Execution

Application: WordPress
Affected Version: version 0.9.8 and other versions.
Vendor’s URL: WP-Syntax Plugin
Bug Type: Code Execution
Risk Level: Critical

Solution:
Remove the “wp-syntax/test” directory.

Content Management, Remote Command Execution

Application: TWiki
Affected Version:
Vendor’s URL: TWiki
Bug Type: Cross Site Scripting and Command Injection
Risk Level: Critical

Solution:
Update to version 4.2.4.

Content Management, Cross Site Scripting, Remote Command Execution

Application: TWiki
Affected Version: versions prior to 4.2.3.
Vendor’s URL: TWiki
Bug Type: Command Execution
Risk Level: Critical

Solution:
Update to version 4.2.3.

Content Management, Remote Command Execution

Application: PunBB
Affected Version: prior to 1.2.19
Vendor’s URL: PunBB
Bug Type: Command Injection and Cross Site Scripting
Risk Level: Critical

Solution:
Update to version 1.2.19.
http://punbb.informer.com/downloads.php

Cross Site Scripting, Discussion Boards, Remote Command Execution

Application: Drupal
Affected Version: prior to 5.x-1.1
Vendor’s URL: Magic Tabs Module
Bug Type: Code Execution
Risk Level: Critical

Solution:
Update to 5.x-1.1.
http://drupal.org/project/magic_tabs

Content Management, Remote Command Execution

Application: 1Book
Affected Version: version 1.0.1 and other versions.
Vendor’s URL: http://1scripts.net/php-scripts/index.php?p=16
Bug Type: Code Execution
Risk Level: Critical

Solution:
Update to version 1.0.2.

Remote Command Execution

Application: ITCms
Affected Version: version 1.9 and other versions.
Vendor’s URL: ITCms
Bug Type: Code execution
Risk Level: Critical

Solution:
Restrict access to trusted users only.

Content Management, Remote Command Execution

Application: KwsPHP
Affected Version: Version 1.3.456 downloaded before 2008-04-16 and other versions.
Vendor’s URL: KwsPHP
Bug Type: File Inclusion and Code Execution
Risk Level: Critical

Solution:
Update to version 1.3.456 downloaded on or after 2008-04-16 and apply official patch.

File Inclusion, Remote Command Execution

Application: PacerCMS
Affected Version: 0.6.2 and other versions.
Vendor’s URL: http://pacercms.sourceforge.net/
Bug Type: Remote Code Execution
Risk Level: Critical

Solution:
Edit the source code to ensure that input is properly sanitized.

Content Management, Remote Command Execution

Application: Coppermine Photo Gallery
Affected Version: 1.4.14 and other versions.
Vendor’s URL: http://coppermine-gallery.net/
Bug Type: Cross Site Scripting and System Access
Risk Level: Critical

Solution:
Update to version 1.4.15.

Cross Site Scripting, Image Galleries, Remote Command Execution

Application: MyBB
Affected Version: 1.2.10 and prior versions.
Vendor’s URL: http://www.mybboard.net/
Bug Type: System access, SQL Injection
Risk Level: Critical

Solution:
Update to version 1.2.11.

Discussion Boards, Remote Command Execution, SQL Injection

Application: Drupal Meta Tags Module
Affected Version: 5.x-1.6.
Vendor’s URL: http://drupal.org/project/nodewords
Bug Type: System access
Risk Level: Critical

Solution:
Update to version 5.x-1.7.

Content Management, Remote Command Execution

Application: Xcms
Affected Version: prior to 1.84.
Vendor’s URL: http://www.xcms.it/
Bug Type: Security Bypass, System Access
Risk Level: Critical

Solution:
Update to version 1.84.

Content Management, File Inclusion, Remote Command Execution

Application: SyndeoCMS
Affected Version: SyndeoCMS 2.x
Vendor’s URL: Application site
Bug Type: Access Bypass
Risk Level: Low

Solution:
Update to version 2.5.01.

Access Bypass, Remote Command Execution