Joomla Joomla!12Pictures Component File Inclusion

September 25, 2007 in Content Management, File Inclusions, vulnerabilities with Leave a Comment
Tags: Access Bypass, joomla, Joomla 1.0.x

• Application: Joomla
• Affected Version: Joomla!12Pictures 1.x
• URL: http://www.renevanasten.net/components.html
• Bug Type: Malicious Access
• Risk Level: High
• Solution: Edit the source code or look for patch file.

Joomla!FlashFun Component File Inclusion – Joomla 1.0.x

September 20, 2007 in Content Management, File Inclusions with Leave a Comment
Tags: joomla, Joomla 1.0.x

• Application: Joomla
• Affected Version: Joomla!FlashFun 1.x
• URL: http://webscripts.softpedia.com
• Bug Type: File Inclusion
• Risk Level: High
• Solution: Edit the source code & contact to component developer.

Joomla Nice Talk Component SQL Injection

September 19, 2007 in Content Management, SQL Injection with Leave a Comment
Tags: joomla, Joomla 1.0.x

• Application: Joomla
• Affected Version: Nice Talk 0.x.
• URL: Nice Talk
• Bug Type: SQL Injection Attacks
• Risk Level: Critical
• Solution: Edit the source code and ensure the input is sanitised.

Joomla NeoRecruit Component SQL Injection – Joomla 1.0x

September 19, 2007 in Content Management, SQL Injection with Leave a Comment
Tags: joomla, Joomla 1.0.x

• Application: Joomla
• Affected Version: NeoRecruit 1.x
• URL: http://www.neojoomla.com/
• Bug Type: SQL Injection Attack
• Risk Level: Critical
• Solution: Update to version 1.4.1.

phpBB Styles Demo Module Multiples Vulnerability

September 19, 2007 in Cross Site SCripting, Discussion Boards, SQL Injection with Leave a Comment
Tags: PhpBB, SQL, XSS

• Application: PhpBB
• Affected Version: Styles Demo Module 1.x
• Vendor’s URL: http://www.phpbb.com/
• Bug Type: SQL Injection & Cross Site Scripting
• Risk Level: Critical
• Solution: Edit the source code & contact to developer.

Invision Power Board Multiple Vulnerabilities – IPB 2.x

September 19, 2007 in Cross Site SCripting, Discussion Boards with Leave a Comment
Tags: Access Bypass, invision power board, IPB 2.x

• Application: Invision Power Board
• Affected Version: 2.x
• URL: http://www.invisionpower.com/community/board/
• Bug Type: Security bypass & Cross site scripting
• Risk Level: Medium
• Solution: Download the latest version. Apply the patch from vendor by refer instruction given.

Coppermine Photo Gallery Remote File Include Vulnerability – YABBSE.INC.PHP

August 29, 2007 in File Inclusions, Image Galleries, vulnerabilities with Leave a Comment
Tags: Coppermine Gallery

• Application Affected :
  • Coppermine Photo Gallery 1.4
  • Coppermine Photo Gallery 1.3.4
  • Coppermine Photo Gallery 1.3.3
  • Coppermine Photo Gallery 1.3.2
  • Coppermine Photo Gallery 1.3.1
• URL: http://coppermine-gallery.net/
• Bug Type: Input Validation
• Risk Level: Medium
• Solution: The fix will be included in newer version of Coppermine Photo Gallery 1.4.2