Application: Joomla Jumi Component
Affected Version: version 2.0.3 and other versions.
Vendor’s URL: Joomla Jumi Component
Bug Type: SQL Injection
Risk Level: Critical
Solution:
Edit the source code to ensure that input is properly sanitised.
Application: MyBB
Affected Version: versions prior to 1.4.8.
Vendor’s URL: MyBB
Bug Type: Cross Site Scripting
Risk Level: Medium
Solution:
Update to version 1.4.8.
Application: Drupal
Affected Version: versions prior to version 5.x-1.13 and 6.x-1.2.
Vendor’s URL: Drupal Links Package
Bug Type: Cross Site Scripting
Risk Level: Medium
Solution:
Update to version 5.x-1.13 or 6.x-1.2.
Application: Zen Cart
Affected Version: version 1.3.8a (full fileset 12112007) and other versions.
Vendor’s URL: Zen Cart
Bug Type: Security Bypass
Risk Level: Critical
Solution:
Apply patch.
http://www.zen-cart.com/forum/attachment.php?attachmentid=5943&d=1245789282
Application: Movable Type
Affected Version: versions prior to 4.26.
Vendor’s URL: Movable Type
Bug Type: Security Bypass and Cross Site Scripting
Risk Level: Critical
Solution:
Update to version 4.26 or later.
Application: MyBB
Affected Version: MyBB 1.4.x versions prior to 1.4.7.
Vendor’s URL: MyBB
Bug Type: SQL Injection
Risk Level: Critical
Solution:
Update to version 1.4.7 or apply patches.
http://www.mybboard.net/downloads
Changed files:
http://mybboard.net/download/103
Manual patch instructions:
http://mybboard.net/download/104
Application: TYPO3
Affected Version: prior to 0.1.2.
Vendor’s URL: TYPO3 References Database
Bug Type: SQL Injection
Risk Level: Critical
Solution:
Update to version 0.1.2.
http://typo3.org/extensions/repository/view/t3references/0.1.2/
Application: SugarCRM
Affected Version:
Vendor’s URL: SugarCRM Emails Module
Bug Type: File Upload
Risk Level: Critical
Solution:
Update to version 5.2f.
Application: Drupal
Affected Version: versions prior to 6.x-2.6.
Vendor’s URL: Drupal Views Module
Bug Type: Cross Site Scripting and Security Bypass
Risk Level: Critical
Solution:
Update to version 6.x-2.6.
http://drupal.org/node/488082
Application: Drupal
Affected Version: versions prior to 5.x-7.3 and 6.x-1.1.
Vendor’s URL: Drupal Booktree Module
Bug Type: Cross Site Scripting
Risk Level: Low
Solution:
Update to version 5.x-7.3 or 6.x-1.1.
Application: Drupal
Affected Version: versions prior to 6.x-1.1 or 5.x-1.2.
Vendor’s URL: Drupal Taxonomy Manager Module
Bug Type: Cross Site Scripting
Risk Level: Medium
Solution:
Update to version 6.x-1.1 or 5.x-1.2.
Application: Drupal
Affected Version: versions prior to 6.x-0.14.
Vendor’s URL: Drupal Services Module
Bug Type: Security Bypass
Risk Level: Critical
Solution:
Update to version 6.x-0.14.
http://drupal.org/node/487784
Application: Joomla! MooFAQ Component
Affected Version:
Vendor’s URL: Joomla! MooFAQ Component
Bug Type: Local File Disclosure
Risk Level: Critical
Solution:
Edit the source code to ensure that input is properly verified.
Application: osCommerce Finnish Bank Payment Module
Affected Version:
Vendor’s URL: osCommerce Finnish Bank Payment Module
Bug Type: Security Bypass
Risk Level: Critical
Solution:
Apply vendor patch
Application: Drupal
Affected Version: all versions of Quiz for Drupal 5.x, Quiz 6.x-2.x prior to 6.x-2.2, and Quiz 6.x-3.x prior to 6.x-3.0.
Vendor’s URL: Drupal Quiz Module
Bug Type: Script Insertion
Risk Level: Medium
Solution:
Update to Quiz 6.x-2.2 or Quiz 6.x-3.0.
Application: Joomla!
Affected Version: 1.5.10 and all prior 1.5.x releases.
Vendor’s URL: Joomla!
Bug Type: Script Insertion and Cross Site Scripting
Risk Level: Medium
Solution:
Update to version 1.5.11.
http://www.joomla.org/download.html
Application: osCommerce Luottokunta Module
Affected Version: versions prior to 1.3.
Vendor’s URL: osCommerce Luottokunta Module
Bug Type: Security Bypass
Risk Level: Critical
Solution:
Update to version 1.3.
http://addons.oscommerce.com/info/3698
Application: Simple Machines Forum
Affected Version: version 1.1.18 and other versions.
Vendor’s URL: Simple Machines Forum
Bug Type: Cross Site Scripting
Risk Level: Medium
Solution:
Update to version 1.1.19.
Application: Vanilla
Affected Version: versions prior to 1.0.8.
Vendor’s URL: Vanilla
Bug Type: Cross Site Scripting
Risk Level: Medium
Solution:
Update to version 1.0.8.
http://lussumo.com/download.php?Get=Vanilla
Application: Drupal
Affected Version: version 5.x-1.0 and other versions.
Vendor’s URL: Drupal Ajax Session Module
Bug Type: Cross Site Scripting
Risk Level: Medium
Solution:
Edit the source code to ensure that input is properly sanitised and requests are properly verified.
The Drupal Security Team recommends to remove the plugin.