I am Alex.
A system engineer in day time who keep digging solution. After work, Alex keep moving forward to work for what he interest about whatever IT, marketing, SEO, server and walawalawala......
Online Users
Site Map
pupuweb feed- RSS comments
- Comment on Comment without as spam by Allkare
- Comment on Canon EOS 1D Mark IV Power Shooter by Admin
- Comment on Canon EOS 1D Mark IV Power Shooter by payday loans
- Comment on 2 Things to Consider Before Starting Pay Per Click Campaign by prasad
- Comment on Where can find Facebook Chat history? by David James
December 09 Security Updates!
Joomla Joaktree Component “treeId” SQLi
Application: Joomla
Affected Version: version 1.0 and others
Vendor’s URL: Joaktree Component
Bug Type: SQL Injection
Risk Level: High
Solution:
Edit the source code to ensure that input is properly sanitised.
Wordpress Google Analytics Plugin XSS
Application: Wordpress
Affected Version: version 3.2.4 and other versions
Vendor’s URL: Google Analytics Plugin
Bug Type: Cross Site Scripting
Risk Level: Medium
Solution:
Update to version 3.2.5.
Zen Cart “url” Local File Inclusion
Application: Zen Cart
Affected Version: version 1.3.8a (full fileset 12112007) and other versions
Vendor’s URL: Zen Cart
Bug Type: File Inclusion
Risk Level: Critical
Solution:
The vendor recommends to delete the “extras” folder from the webroot.
Invision Power Board Script Insertion and SQLi
Application: Invision Power Board
Affected Version: version 2.3.6 and other versions.
Vendor’s URL: Invision Power Board
Bug Type: Script Insertion and SQL Injection
Risk Level: Medium
Solution:
Upgrade to version 3.0.5 or later.
WP-Forum Multiple SQLi
Application: WP-Forum
Affected Version: versions 2.3 and 2.4 and other versions.
Vendor’s URL: WP-Forum
Bug Type: SQL Injection
Risk Level: Critical
Solution:
Edit the source code to ensure that input is properly sanitised.
Joomla JoomPortfolio Component “secid” SQLi
Application: Joomla
Affected Version: version 1.0.0 and other versions.
Vendor’s URL: JoomPortfolio Component
Bug Type: SQL Injection
Risk Level: Critical
Solution:
Edit the source code to ensure that input is properly sanitised.
Joomla JEEMA Article Collection Component “catid” SQLi
Application: Joomla
Affected Version: version 1.0.0.1 and other versions.
Vendor’s URL: JEEMA Article Collection Component
Bug Type: SQL Injection
Risk Level: Critical
Solution:
Edit the source code to ensure that input is properly sanitised.
WordPress Woopra Analytics Plugin Arbitrary File Creation
Application: WordPress
Affected Version:
Vendor’s URL: Woopra Analytics Plugin
Bug Type: System Access
Risk Level: Critical
Solution:
Update to version 1.4.3.2.
Remove ofc_upload_image.php file from the Open Flash Chart directory.
Related Articles