Exabytes Security Portal

Joomla! Zoom Portfolio Component “id” SQL Injection

TL Guan — Wed, 25 Aug 2010 06:20:41 +0000

Application: Joomla!
Affected Version: version 1.5 and other versions.
Vendor’s URL: Zoom Portfolio Component
Bug Type: SQL Injection
Risk Level: Critical

Solution:
Edit the source code to ensure that input is properly sanitised.

Joomla JGrid Component File Inclusion and SQL Injection

TL Guan — Wed, 25 Aug 2010 06:19:26 +0000

Application: Joomla
Affected Version: Version 1.0 and other versions.
Vendor’s URL: JGrid Component
Bug Type: File Inclusion and SQL Injection
Risk Level: Critical

Solution:
Update to version 1.1.

Free Simple CMS Remote File Inclusion

TL Guan — Wed, 25 Aug 2010 06:17:28 +0000

Application: Free Simple CMS
Affected Version: version 1.0 and other versions.
Vendor’s URL: Free Simple CMS
Bug Type: File Inclusion
Risk Level: Critical

Solution:
Edit the source code to ensure that input is properly verified.

CMSQLite Arbitrary File Upload and Security Bypass

TL Guan — Wed, 25 Aug 2010 06:15:42 +0000

Application: CMSQLite
Affected Version: version 1.3.1 and other versions.
Vendor’s URL: CMSQLite
Bug Type: File Upload and Security Bypass
Risk Level: Critical

Solution:
Restrict access to the “admin” directory (e.g. via a “.htaccess” file).

Joomla onGallery Component “id” SQLi

TL Guan — Wed, 25 Aug 2010 06:13:51 +0000

Application: Joomla
Affected Version: version 2.0.1 and other versions.
Vendor’s URL: onGallery Component
Bug Type: SQL Injection
Risk Level: Critical

Solution:
Edit the source code to ensure that input is properly sanitised.

CMS Source Multiple Vulnerabilities

TL Guan — Wed, 25 Aug 2010 06:09:38 +0000

Application: CMS Source
Affected Version: version 3.0 and other versions.
Vendor’s URL: CMS Source
Bug Type: Cross Site Scripting and SQL Injection
Risk Level: Medium

Solution:
Edit the source code to ensure that input is properly sanitised and verified.

Pligg Multiple SQLi

TL Guan — Wed, 25 Aug 2010 06:07:56 +0000

Application: Pligg
Affected Version: version 1.1.0 and other versions.
Vendor’s URL: Pligg
Bug Type: SQL Injection
Risk Level: Critical

Solution:
Update to version 1.1.1.

Joomla! Teams Component “PlayerID” SQLi

TL Guan — Wed, 25 Aug 2010 06:05:54 +0000

Application: Joomla!
Affected Version: Version 1 and other versions.
Vendor’s URL: Teams Component
Bug Type: SQL Injection
Risk Level: Critical

Solution:
Edit the source code to ensure that input is properly sanitised.

Joomla! Amblog Component “catid” and “articleid” SQLi

TL Guan — Wed, 25 Aug 2010 05:58:00 +0000

Application: Joomla!
Affected Version: version 1.0 and other versions.
Vendor’s URL: Amblog Component
Bug Type: SQL Injection
Risk Level: Critical

Solution:
Edit the source code to ensure that input is properly sanitised.

Joomla! cgTestimonial Component Cross-Site Scripting and Arbitrary File Upload

TL Guan — Wed, 25 Aug 2010 05:54:03 +0000

Application: Joomla!
Affected Version: version 1.0 and other versions.
Vendor’s URL: cgTestimonial Component
Bug Type: Cross Site Scripting and File Upload
Risk Level: Critical

Solution:
Edit the source code to ensure that input is properly sanitised. Restrict access to the components/com_cgtestimonial/user_images directory (e.g. via .htaccess)

WordPress NextGEN Smooth Gallery Plugin “galleryID” SQLi

TL Guan — Wed, 25 Aug 2010 04:12:52 +0000

Application: WordPress
Affected Version: version 1.2 and other versions.
Vendor’s URL: NextGEN Smooth Gallery Plugin
Bug Type: SQL Injection
Risk Level: Critical

Solution:
Edit the source code to ensure that input is properly sanitised.

Joomla! Spielothek Component Multiple SQLi

TL Guan — Wed, 25 Aug 2010 04:08:07 +0000

Application: Joomla!
Affected Version: version 1.6.9 and other versions.
Vendor’s URL: Spielothek Component
Bug Type: SQL Injection
Risk Level: Critical

Solution:
Edit the source code to ensure that input is properly sanitised.

EasyManage CMS “id” Two SQL Injections

TL Guan — Wed, 25 Aug 2010 04:06:09 +0000

Application: EasyManage CMS
Affected Version:
Vendor’s URL: EasyManage CMS
Bug Type: SQL Injection
Risk Level: Critical

Solution:
Reportedly a patch has been released. Contact the vendor for further information.

Joomla! TTVideo Component “cid” SQLi

TL Guan — Thu, 29 Jul 2010 08:23:25 +0000

Application: Joomla!
Affected Version: version 1.0 and other versions.
Vendor’s URL: TTVideo Component
Bug Type: SQL Injection
Risk Level: Critical

Solution:

Joomla! IT Armory Component Multiple SQLi

TL Guan — Thu, 29 Jul 2010 08:21:03 +0000

Application: Joomla!
Affected Version: version 0.1.4 and other versions.
Vendor’s URL: IT Armory Component
Bug Type: SQL Injection
Risk Level: Critical

Solution:
Edit the source code to ensure that input is properly sanitised.

Joomla Frei-Chat Component One Script Insertion

TL Guan — Thu, 29 Jul 2010 08:07:50 +0000

Application: Joomla
Affected Version: versions prior to 2.1.2.
Vendor’s URL: Frei-Chat Component
Bug Type: Cross Site Scripting
Risk Level: Medium

Solution:
Update to version 2.1.2.

WordPress myLinksDump Plugin “url” SQLi

TL Guan — Thu, 29 Jul 2010 08:05:50 +0000

Application: WordPress
Affected Version:
Vendor’s URL: myLinksDump Plugin
Bug Type: SQL Injection
Risk Level: Critical

Solution:
Edit the source code to ensure that input is properly sanitised.

Joomla InstantPhp Jobs Component “detailed_results” SQLi

TL Guan — Thu, 29 Jul 2010 08:03:03 +0000

Application: Joomla
Affected Version: version 1.3.2 and other versions
Vendor’s URL: InstantPhp Jobs Component
Bug Type: SQL Injection
Risk Level: Critical

Solution:
Update to version 1.3.3.

CMS Made Simple Download Manager Module Arbitrary File Upload

TL Guan — Thu, 29 Jul 2010 07:53:11 +0000

Application: CMS Made Simple
Affected Version: version 1.4.1 and other versions.
Vendor’s URL: Download Manager Module
Bug Type: File Upload
Risk Level: Critical

Solution:
Restrict access to the “modules/DownloadManager/lib/simple-upload/example.php” script (e.g. via .htaccess)

Joomla AutarTimonial Component “limit” SQLi

TL Guan — Thu, 29 Jul 2010 07:47:49 +0000

Application: Joomla
Affected Version: version 1.0.8 and other versions.
Vendor’s URL: AutarTimonial Component
Bug Type: SQL Injection
Risk Level: Critical

Solution:
Edit the source code to ensure that input is properly sanitised.

WordPress Simple:Press Plugin “value” SQLi

TL Guan — Thu, 29 Jul 2010 07:42:46 +0000

Application: WordPress
Affected Version: version 4.3.1 and other versions.
Vendor’s URL: Simple:Press Plugin
Bug Type: SQL Injection
Risk Level: Critical

Solution:
Edit the source code to ensure that input is properly sanitised.

WordPress WP-UserOnline Plugin Script Insertion

TL Guan — Thu, 29 Jul 2010 07:39:11 +0000

Application: WordPress
Affected Version: Version 2.62 and other versions
Vendor’s URL: WP-UserOnline Plugin
Bug Type: Cross Site Scripting
Risk Level: Medium

Solution:
Update to version 2.70 or later.

Joomla BookLibrary From Same Author Module “id” SQLi

TL Guan — Thu, 29 Jul 2010 07:36:03 +0000

Application: Joomla
Affected Version: version 1.5 and other versions.
Vendor’s URL: BookLibrary From Same Author Module
Bug Type: SQL Injection
Risk Level: Critical

Solution:
Update to version 1.5_2010_06_25.

phpaaCMS “id” SQLi

TL Guan — Thu, 29 Jul 2010 07:21:09 +0000

Application: phpaaCMS
Affected Version: version 0.3.1 UTF-8 and other versions
Vendor’s URL: phpaaCMS
Bug Type: SQL Injection
Risk Level: Critical

Solution:
Edit the source code to ensure that input is properly sanitised.

Joomla JoomDOC Component File Disclosure

TL Guan — Thu, 29 Jul 2010 07:19:53 +0000

Application: Joomla
Affected Version: version 2.0.2 and other versions
Vendor’s URL: JoomDOC Component
Bug Type: File Disclosure
Risk Level: Medium

Solution:
Restrict access for accounts with “upload” and “edit” permissions to trusted users only.

Joomla CKForms Component Multiple Vulnerabilities

TL Guan — Thu, 29 Jul 2010 07:17:28 +0000

Application: Joomla
Affected Version: version 1.3.4 and other versions
Vendor’s URL: CKForms Component
Bug Type: SQL Injection
Risk Level: Critical

Solution:
Edit the source code to ensure that input is properly sanitised. Change the “Uploaded files path” setting to a directory outside of the web root.

Joomla BookLibrary Component Multiple SQLi

TL Guan — Thu, 29 Jul 2010 07:15:52 +0000

Application: Joomla
Affected Version: version 1.5.3 Basic and other versions.
Vendor’s URL: BookLibrary Component
Bug Type: SQL Injection
Risk Level: Critical

Solution:
Update to version 1.5.3_2010_06_20.

Bigforum SQL Injection and Arbitrary File Upload

TL Guan — Thu, 29 Jul 2010 07:14:34 +0000

Application: Bigforum
Affected Version: version 5.2 and other versions.
Vendor’s URL: Bigforum
Bug Type: SQL Injection and Arbitrary File Upload
Risk Level:

Solution:
Edit the source code to ensure that input is properly sanitised. Restrict access to the “images/avatar/” directory (e.g. via .htaccess).

Joomla E-portfolio Component Arbitrary File Upload

TL Guan — Thu, 29 Jul 2010 07:13:15 +0000

Application: Joomla
Affected Version: version 1.5.0 and other versions.
Vendor’s URL: E-portfolio Component
Bug Type: File Inclusion
Risk Level: Critical

Solution:
Edit the source code to ensure that input is properly verified.

Ultimate PHP Board Security Bypass and File Disclosure

TL Guan — Thu, 29 Jul 2010 07:11:57 +0000

Application: Ultimate PHP Board
Affected Version: version 2.2.6 and other versions.
Vendor’s URL: Ultimate PHP Board
Bug Type: Security Bypass and File Disclosure
Risk Level: Medium

Solution:
Restrict access to the admin_restore.php script (e.g. via .htaccess). Edit the source code to ensure that input is properly verified.