Exabytes Security Portal

Exabytes Security Portal http://security.exabytes.com Exabytes Security Portal Mon, 05 May 2008 00:11:28 +0000 http://backend.userland.com/rss092 en eGroupWare File Upload Application: eGroupWare Affected Version: prior to 1.4.004. Vendor’s URL: eGroupWare Bug Type: File Inclusion Risk Level: Critical Solution: Update to version 1.4.004. http://security.exabytes.com/2008/04/egroupware-file-upload.html Joomla Jom Comment Component Unspecified SQL Injection Application: Joomla Jom Comment Component Affected Version: version 2.0 and other versions. Vendor’s URL: Joomla Jom Comment Component Bug Type: SQL Injection Risk Level: Critical Solution: Update to version 2.2. http://security.exabytes.com/2008/04/joomla-jom-comment-component-unspecified-sql-injection.html WordPress WP-Download Plugin SQL Injection Application: WordPress WP-Download Plugin Affected Version: 1.2 and other versions. Vendor’s URL: WordPress WP-Download Plugin Bug Type: SQL Injection Risk Level: Critical Solution: Update to version 1.2.1. http://security.exabytes.com/2008/04/wordpress-wp-download-plugin-sql-injection.html AuraCMS SQL Injection Application: AuraCMS Affected Version: 2.2.1 and other versions. Vendor’s URL: AuraCMS Bug Type: SQL Injection Risk Level: Critical Solution: Edit the source code to ensure that input is properly sanitized. http://security.exabytes.com/2008/04/auracms-sql-injection.html Simple Gallery XSS Application: Simple Gallery Affected Version: 2.2 and other versions. Vendor’s URL: Simple Gallery Bug Type: Cross Site Scripting Risk Level: Medium Solution: Edit the source code to ensure that input is properly sanitized. http://security.exabytes.com/2008/04/simple-gallery-xss.html Drupal Webform Module Unspecified Script Insertion Application: Drupal Webform Module Affected Version: prior to version 5.x-1.10. Vendor’s URL: Drupal Webform Module Bug Type: Script Insertion Risk Level: Critical Solution: Update to version 5.x-1.10. http://security.exabytes.com/2008/04/drupal-webform-module-unspecified-script-insertion.html PHP Photo Gallery SQL Injection Application: PHP Photo Gallery Affected Version: Vendor’s URL: PHP Photo Gallery Bug Type: SQL Injection Risk Level: Critical Solution: Edit the source code to ensure that input is properly sanitized. http://security.exabytes.com/2008/04/php-photo-gallery-sql-injection.html Wikepage Information Disclosure Application: Wikepage Affected Version: version Opus 13 2007.2 and other versions. Vendor’s URL: Wikepage Bug Type: Information Disclosure Risk Level: Medium Solution: Edit the source code to ensure that input is properly sanitized. http://security.exabytes.com/2008/04/wikepage-information-disclosure.html Drupal Menu System Security Bypass Application: Drupal Menu System Affected Version: 6.2 and prior versions. Vendor’s URL: Drupal Menu System Bug Type: Security Bypass Risk Level: Critical Solution: Update to Drupal 6.2 or apply patch. http://security.exabytes.com/2008/04/drupal-menu-system-security-bypass.html Gallery Script Lite Information Disclosure Application: Gallery Script Lite Affected Version: Vendor’s URL: Gallery Script Lite Bug Type: Information Disclosure Risk Level: Critical Solution: Edit the source code to ensure that input is properly sanitized. http://security.exabytes.com/2008/04/gallery-script-lite-information-disclosure.html KnowledgeQuest SQL Injection and Security Bypass Application: KnowledgeQuest Affected Version: 2.6 and other versions. Vendor’s URL: KnowledgeQuest Bug Type: Security Bypass Risk Level: Critical Solution: Edit the source code to ensure that input is properly sanitized. Restrict access to the admincheck.php http://security.exabytes.com/2008/04/knowledgequest-sql-injection-and-security-bypass.html Drupal Simple Access Module Security Bypass Application: Drupal Simple Access Module Affected Version: 5.x-1.2-2 and prior versions. Vendor’s URL: Drupal Simple Access Module Bug Type: Access bypass Risk Level: Critical Solution: Update to version 5.x-1.3. http://security.exabytes.com/2008/04/drupal-simple-access-module-security-bypass.html LiveCart SQL Injection Vulnerability Application: LiveCart Affected Version: 1.1.1 trial version and other versions. Vendor’s URL: LiveCart Bug Type: SQL Injection Risk Level: Critical Solution: Edit the source code to ensure that input is properly sanitized. http://security.exabytes.com/2008/04/livecart-sql-injection-vulnerability.html KwsPHP ConcoursPhoto Module SQL Injection Application: KwsPHP ConcoursPhoto Module Affected Version: 2.0 and prior version. Vendor’s URL: KwsPHP ConcoursPhoto Module Bug Type: SQL Injection Risk Level: Critical Solution: Update to version 2.1. http://security.exabytes.com/2008/04/kwsphp-concoursphoto-module-sql-injection.html Coppermine Photo Gallery SQL Injection Application: Coppermine Photo Gallery Affected Version: 1.4.16 and other versions. Vendor’s URL: Coppermine Photo Gallery Bug Type: SQL Injection Risk Level: Critical Solution: Update to version 1.4.17. http://security.exabytes.com/2008/04/coppermine-photo-gallery-sql-injection-2.html NewsOffice File Inclusion Vulnerability Application: NewsOffice Affected Version: 1.1 and prior versions. Vendor’s URL: NewsOffice Bug Type: File Inclusion Risk Level: Critical Solution: Update to version 1.1.1. http://security.exabytes.com/2008/04/newsoffice-file-inclusion-vulnerability.html phpkb Knowledge Base SQL Injection Application: phpkb Knowledge Base Affected Version: 1.5 and 2.0 and other versions. Vendor’s URL: phpkb Knowledge Base Bug Type: SQL Injection Risk Level: Critical Solution: Edit the source code to ensure that input is properly sanitized. http://security.exabytes.com/2008/04/phpkb-knowledge-base-sql-injection.html 1024 CMS SQL Injection and File Inclusion Application: 1024 CMS Affected Version: 1.4.1 and other versions. Vendor’s URL: 1024 CMS Bug Type: SQL Injection, File Inclusion Risk Level: Critical Solution: Edit the source code to ensure that input is properly sanitized and verified. http://security.exabytes.com/2008/04/1024-cms-sql-injection-and-file-inclusion.html cpCommerce Multiple Vulnerabilities Application: cpCommerce Affected Version: 1.1.0 and other versions. Vendor’s URL: cpCommerce Bug Type: Cross Site Scripting and SQL injection Risk Level: Critical Solution: Edit the source code to ensure that input is properly sanitized and verified. http://security.exabytes.com/2008/04/cpcommerce-multiple-vulnerabilities.html Coppermine Photo Gallery SQL Injection Application: Coppermine Photo Gallery Affected Version: 1.4.17 and other versions. Vendor’s URL: Coppermine Photo Gallery Bug Type: SQL Injection Risk Level: Critical Solution: Update to version 1.4.18. http://security.exabytes.com/2008/04/coppermine-photo-gallery-sql-injection.html phpBB Security Bypass Vulnerabilities Application: phpBB Affected Version: 3.0.0. Vendor’s URL: phpBB Bug Type: Access Bypass Risk Level: Critical Solution: Update to version 3.0.1. http://security.exabytes.com/2008/04/phpbb-security-bypass-vulnerabilities.html OSI Affiliate XSS Application: OSI Affiliate Affected Version: Vendor’s URL: OSI Affiliate Bug Type: Cross Site Scripting Risk Level: Medium Solution: Edit the source code to ensure that input is properly sanitized. http://security.exabytes.com/2008/04/osi-affiliate-xss.html CubeCart Two XSS Application: CubeCart Affected Version: 4.2.1 and other versions. Vendor’s URL: CubeCart Bug Type: Cross Site Scripting Risk Level: Medium Solution: Edit the source code to ensure that input is properly sanitized. http://security.exabytes.com/2008/04/cubecart-two-xss.html RunCMS Photo Module SQL Injection Application: RunCMS Photo Module Affected Version: 3.02 and other versions. Vendor’s URL: RunCMS Photo Module Bug Type: SQL Injection Risk Level: Critical Solution: Edit the source code to ensure that input is properly sanitized. http://security.exabytes.com/2008/04/runcms-photo-module-sql-injection.html e107 my_gallery Plugin Information Disclosure Application: e107 my_gallery Plugin Affected Version: 2.3 and other versions. Vendor’s URL: e107 my_gallery Bug Type: Information Disclosure Risk Level: Critical Solution: Edit the source code to ensure that input is properly sanitized. http://security.exabytes.com/2008/04/e107-my_gallery-plugin-information-disclosure.html Photo Cart “amessage” XSS Application: Photo Cart Affected Version: 4.1 and other versions. Vendor’s URL: Photo Cart Bug Type: Cross Site Scripting Risk Level: Medium Solution: Apply patch. http://www.picturespro.com/sp/ http://security.exabytes.com/2008/04/photo-cart-amessage-xss.html Joomla rekry!Joom Component SQL Injection Application: Joomla rekry!Joom Component Affected Version: 1.0.0 and other versions. Vendor’s URL: Joomla rekry!Joom Component Bug Type: SQL Injection Risk Level: Critical Solution: Edit the source code to ensure that input is properly sanitized. http://security.exabytes.com/2008/04/joomla-rekryjoom-component-sql-injection.html Joomla Custompages Component File Inclusion Application: Joomla Affected Version: 1.1 and other versions. Vendor’s URL: Joomla Custompages Component Bug Type: access bypass, file inclusion Risk Level: Critical Solution: Edit the source code to ensure that input is properly verified. http://security.exabytes.com/2008/04/joomla-custompages-component-file-inclusion.html DotNetNuke Multiple Vulnerabilities Application: DotNetNuke Affected Version: version prior to 4.8.2. Vendor’s URL: http://www.dotnetnuke.com/ Bug Type: Privilege escalation, access bypass Risk Level: Critical Solution: Update to version 4.8.2. http://www.dotnetnuke.com/tabid/125/default.aspx http://security.exabytes.com/2008/04/dotnetnuke-multiple-vulnerabilities.html phpAddressBook Multiple Vulnerabilities Application: phpAddressBook Affected Version: 2.11 and other versions. Vendor’s URL: phpAddressBook Bug Type: Cross Site Scripting and file inclusion Risk Level: Critical Solution: Edit the source code to ensure that input is properly verified and sanitized. http://security.exabytes.com/2008/04/phpaddressbook-multiple-vulnerabilities.html