Open Source Security Buzz

Open Source Security Buzz http://securityupdates.wordpress.com Recent Known Vulnerabilities Sun, 09 Jan 2011 07:25:55 +0000 en hourly 1 http://wordpress.com/ http://s2.wp.com/i/buttonw-com.png Open Source Security Buzz http://securityupdates.wordpress.com Joomla Joomla!12Pictures Component File Inclusion http://securityupdates.wordpress.com/2007/09/25/joomla-joomla12pictures-component-file-inclusion/ http://securityupdates.wordpress.com/2007/09/25/joomla-joomla12pictures-component-file-inclusion/#comments Tue, 25 Sep 2007 04:09:37 +0000 kakkoi http://securityupdates.wordpress.com/2007/09/28/joomla-joomla12pictures-component-file-inclusion/

Application: Joomla

Affected Version: Joomla!12Pictures 1.x

URL: http://www.renevanasten.net/components.html

Bug Type: Malicious Access

Risk Level: High

Solution: Edit the source code or look for patch file.

]]> http://securityupdates.wordpress.com/2007/09/25/joomla-joomla12pictures-component-file-inclusion/feed/ 0 Neko Kaneko Joomla!FlashFun Component File Inclusion – Joomla 1.0.x http://securityupdates.wordpress.com/2007/09/20/joomlaflashfun-component-file-inclusion-joomla-10x/ http://securityupdates.wordpress.com/2007/09/20/joomlaflashfun-component-file-inclusion-joomla-10x/#comments Thu, 20 Sep 2007 04:31:52 +0000 kakkoi http://securityupdates.wordpress.com/2007/09/20/joomlaflashfun-component-file-inclusion-joomla-10x/

Application: Joomla

Affected Version: Joomla!FlashFun 1.x

URL: http://webscripts.softpedia.com

Bug Type: File Inclusion

Risk Level: High

Solution: Edit the source code & contact to component developer.

]]> http://securityupdates.wordpress.com/2007/09/20/joomlaflashfun-component-file-inclusion-joomla-10x/feed/ 0 Neko Kaneko Joomla Nice Talk Component SQL Injection http://securityupdates.wordpress.com/2007/09/19/joomla-nice-talk-component-sql-injection/ http://securityupdates.wordpress.com/2007/09/19/joomla-nice-talk-component-sql-injection/#comments Wed, 19 Sep 2007 05:40:08 +0000 kakkoi http://securityupdates.wordpress.com/2007/09/19/joomla-nice-talk-component-sql-injection/

Application: Joomla

Affected Version: Nice Talk 0.x.

URL: Nice Talk

Bug Type: SQL Injection Attacks

Risk Level: Critical

Solution: Edit the source code and ensure the input is sanitised.

]]> http://securityupdates.wordpress.com/2007/09/19/joomla-nice-talk-component-sql-injection/feed/ 0 Neko Kaneko Joomla NeoRecruit Component SQL Injection – Joomla 1.0x http://securityupdates.wordpress.com/2007/09/19/joomla-neorecruit-component-sql-injection-joomla-10x/ http://securityupdates.wordpress.com/2007/09/19/joomla-neorecruit-component-sql-injection-joomla-10x/#comments Wed, 19 Sep 2007 05:30:29 +0000 kakkoi http://securityupdates.wordpress.com/2007/09/19/joomla-neorecruit-component-sql-injection-joomla-10x/

Application: Joomla

Affected Version: NeoRecruit 1.x

URL: http://www.neojoomla.com/

Bug Type: SQL Injection Attack

Risk Level: Critical

Solution: Update to version 1.4.1.

]]> http://securityupdates.wordpress.com/2007/09/19/joomla-neorecruit-component-sql-injection-joomla-10x/feed/ 0 Neko Kaneko phpBB Styles Demo Module Multiples Vulnerability http://securityupdates.wordpress.com/2007/09/19/phpbb-styles-demo-module-multiples-vulnerability/ http://securityupdates.wordpress.com/2007/09/19/phpbb-styles-demo-module-multiples-vulnerability/#comments Wed, 19 Sep 2007 05:11:35 +0000 kakkoi http://securityupdates.wordpress.com/2007/09/19/phpbb-styles-demo-module-multiples-vulnerability/

Application: PhpBB

Affected Version: Styles Demo Module 1.x

Vendor’s URL: http://www.phpbb.com/

Bug Type: SQL Injection & Cross Site Scripting

Risk Level: Critical

Solution: Edit the source code & contact to developer.

]]> http://securityupdates.wordpress.com/2007/09/19/phpbb-styles-demo-module-multiples-vulnerability/feed/ 0 Neko Kaneko Invision Power Board Multiple Vulnerabilities – IPB 2.x http://securityupdates.wordpress.com/2007/09/19/invision-power-board-multiple-vulnerabilities/ http://securityupdates.wordpress.com/2007/09/19/invision-power-board-multiple-vulnerabilities/#comments Wed, 19 Sep 2007 04:37:43 +0000 kakkoi http://securityupdates.wordpress.com/2007/09/19/invision-power-board-multiple-vulnerabilities/

Application: Invision Power Board

Affected Version: 2.x

URL: http://www.invisionpower.com/community/board/

Bug Type: Security bypass & Cross site scripting

Risk Level: Medium

Solution: Download the latest version. Apply the patch from vendor by refer instruction given.

]]> http://securityupdates.wordpress.com/2007/09/19/invision-power-board-multiple-vulnerabilities/feed/ 0 Neko Kaneko Coppermine Photo Gallery Remote File Include Vulnerability – YABBSE.INC.PHP http://securityupdates.wordpress.com/2007/08/29/coppermine-photo-gallery-remote-file-include-vulnerability-yabbseincphp/ http://securityupdates.wordpress.com/2007/08/29/coppermine-photo-gallery-remote-file-include-vulnerability-yabbseincphp/#comments Wed, 29 Aug 2007 04:33:28 +0000 kakkoi http://securityupdates.wordpress.com/2007/07/29/coppermine-photo-gallery-remote-file-include-vulnerability-yabbseincphp/

Application Affected :

Coppermine Photo Gallery 1.4
Coppermine Photo Gallery 1.3.4
Coppermine Photo Gallery 1.3.3
Coppermine Photo Gallery 1.3.2
Coppermine Photo Gallery 1.3.1

URL: http://coppermine-gallery.net/

Bug Type: Input Validation

Risk Level: Medium

Solution: The fix will be included in newer version of Coppermine Photo Gallery 1.4.2

]]> http://securityupdates.wordpress.com/2007/08/29/coppermine-photo-gallery-remote-file-include-vulnerability-yabbseincphp/feed/ 0 Neko Kaneko