2015-03 vulnerabilites CMS

Nombre de vulnérabilités détéctées durant le mois de mars 2015

source : OSVDB

Consultez la liste complète ...

DRUPAL - JOOMLA - WORDPRESS

DRUPAL

ID DATE TITRE
119969 25/03/2015 Petition Module for Drupal Unspecified Administration Pages XSS
119970 25/03/2015 Crumbs Module for Drupal Custom HTML Separator Handling XSS
119971 25/03/2015 Webform Multiple File Upload Module for Drupal File Deletion CSRF
119954 25/03/2015 Linear Case Module for Drupal Unspecified XSS
119955 25/03/2015 Invoice Module for Drupal Invoice Manipulation CSRF
119957 25/03/2015 Decisions Module for Drupal Individual Note Removal CSRF
119958 25/03/2015 Ubercart Webform Checkout Pane Module for Drupal Unspecified XSS
119956 25/03/2015 Invoice Module for Drupal Unspecified XSS
119750 18/03/2015 Webform Module for Drupal Component Name Handling XSS
119751 18/03/2015 Chaos tool suite (ctools) Module for Drupal Autocomplete Remote Entity Title Disclosure
119767 18/03/2015 Profile2 Privacy Module for Drupal Unspecified XSS
119763 18/03/2015 Drupal Core Password Reset URL Forgery Unauthorized Password Reset
119762 18/03/2015 Drupal Core destination Parameter Open Redirect Weakness
119749 18/03/2015 Chaos tool suite (ctools) Module for Drupal Confirmation Page Deletion Open Redirect Weakness
119478 11/03/2015 Site Documentation (Sitedoc) Module for Drupal Unspecified XSS
119540 11/03/2015 Perfecto Module for Drupal Unspecified Open Redirect Weakness
119507 11/03/2015 Image Title Module for Drupal Node Text Handling Stored XSS
119473 11/03/2015 OG tabs Module for Drupal Unspecified XSS
119204 04/03/2015 Webform Module for Drupal Webform Results Table XSS
119208 04/03/2015 Ubercart Discount Coupons Module for Drupal Unspecified Administration Pages XSS
119209 04/03/2015 Registration Codes Module for Drupal Unspecified XSS
119211 04/03/2015 Tracking Code Module for Drupal Tracking Code Disable CSRF
119212 04/03/2015 Finder Module for Drupal finder_form_goto() Function Open Redirect Weakness
119213 04/03/2015 Campaign Monitor Module for Drupal List Subscription Manipulation CSRF
119214 04/03/2015 Taxonomy Accordion Module for Drupal Unspecified XSS
119215 04/03/2015 Mover Module for Drupal Unspecified XSS
119216 04/03/2015 Simple Subscription Module for Drupal Block Content Handling XSS
119217 04/03/2015 Commerce Ogone Module for Drupal Unspecified Remote Checkout Bypass
119218 04/03/2015 Trick Question Module for Drupal Unspecified XSS Weakness
119206 04/03/2015 Webform Module for Drupal Webform Node Title XSS
119210 04/03/2015 Registration Codes Module for Drupal Rule Deletion CSRF

JOOMLA

ID DATE TITRE
120066 30/03/2015 Gallery WD Component for Joomla! (com_gallery_wd) index.php Multiple Parameter SQL Injection
120067 30/03/2015 Contact Form Maker Component for Joomla! (contact-form-maker) /index.php id Parameter SQL Injection
119902 24/03/2015 Spider Random Article Component for Joomla! index.php Multiple Parameter SQL Injection
119910 23/03/2015 Spider FAQ Component for Joomla! /index.php Multiple Parameter SQL Injection
119771 18/03/2015 Ecommerce WD Extension for Joomla! /index.php Multiple Parameter SQL Injection
119624 16/03/2015 Simple Photo Gallery Extension for Joomla! /administrator/components/com_simplephotogallery/lib/uploadFile.php File Upload Remote Code Execution
119627 16/03/2015 Simple Photo Gallery Extension for Joomla! /index.php albumid Parameter SQL Injection
119100 03/03/2015 VirtueMart Component for Joomla! Realex / Heidelpay Payment Components Unspecified Reflected XSS
119099 03/03/2015 VirtueMart Component for Joomla! /index.php/search keyword Parameter XSS
119098 03/03/2015 VirtueMart Component for Joomla! Multiple Parameter XSS

WORDPRESS

ID DATE TITRE
120275 31/03/2015 All In One SEO Pack Plugin for WordPress Meta Description Tag Remote Information Disclosure
120123 30/03/2015 90min Plugin for WordPress Unspecified Issue
120124 30/03/2015 WP Ultimate CSV Importer Plugin for WordPress templates/readfile.php Unspecified Issue
120125 30/03/2015 eFront Plugin for WordPress Login Handling Unspecified Issue
120065 30/03/2015 Aspose DOC Exporter Plugin for WordPress aspose_doc_exporter_download.php file Parameter Remote Path Traversal File Access
120277 30/03/2015 The Newsletter Plugin for WordPress newsletter/statistics/link.php Open Redirect Weakness
120136 29/03/2015 MaxButtons Plugin for WordPress Unspecified XSS (2)
120137 29/03/2015 MaxButtons Plugin for WordPress Unspecified XSS (1)
120139 29/03/2015 Aspose Importer & Exporter Plugin for WordPress /aspose_import_export_download file Parameter Remote Path Traversal File Access
120138 29/03/2015 Aspose PDF Exporter Plugin for WordPress /aspose_pdf_exporter_download.php file Parameter Remote Path Traversal File Access
119975 26/03/2015 Auto Affiliate Links Plugin for WordPress aal_settings.php Multiple Parameter XSS
120031 26/03/2015 Aspose Cloud eBook Generator Plugin for WordPress aspose_posts_exporter_download.php file Parameter Remote Path Traversal File Access
120280 26/03/2015 flashy Theme for WordPress Unspecified Reflected XSS
120318 26/03/2015 Ptengine Plugin for WordPress ptengine-for-wordpress.php code Parameter Reflected XSS
119890 24/03/2015 InBoundio Marketing Plugin for WordPress /admin/partials/csv_uploader.php File Upload Remote Code Execution
119979 24/03/2015 Gallery plugin for WordPress /gallery-plugin.php Direct Request Path Disclosure Weakness
120312 24/03/2015 Shortcodes Ultimate Plugin for WordPress inc/core/tools.php Example Previewing CSRF
120314 24/03/2015 Shortcodes Ultimate Plugin for WordPress inc/vendor/sunrise.php Custom CSS Page CSRF
119911 23/03/2015 MP3-jPlayer Plugin for WordPress /download.php mp3 Parameter Remote Path Traversal File Disclosure
119929 23/03/2015 PageBuilderSandwich Plugin for WordPress Multiple Script Direct Request Path Disclosure Weakness
119987 23/03/2015 WP-Donate Plugin for WordPress includes/donate-display.php Multiple Parameter SQL Injection
119926 22/03/2015 Ajax Search Pro Plugin for WordPress ajax-search-pro/backend/settings.php wpdreams-ajaxinput Action Function Invocation Remote Privilege Escalation
119845 22/03/2015 PlusCaptcha Plugin for WordPress library/admin.php CSRF
119846 20/03/2015 Category and Page Icons Plugin for WordPress include/wpdev-flash-uploader.php Direct Access Authentication Bypass
119847 20/03/2015 Category and Page Icons Plugin for WordPress menu-compouser.php Direct Access Authentication Bypass
119848 20/03/2015 Calls to Action Plugin for WordPress Unspecified Issue
119849 20/03/2015 Landing Pages Plugin for WordPress Unspecified Issue
119850 20/03/2015 Leads Plugin for WordPress leads/shared/classes/class.lead-storage.php first_name Parameter Stored XSS
119810 19/03/2015 Google Analytics by Yoast Plugin for Wordpress /admin-post.php Property Name Field Stored XSS
119474 18/03/2015 Live Forms Plugin for WordPress liveforms.php Multiple Parameter SQL Injection
119799 18/03/2015 Easy Coming Soon Plugin for WordPress easy-coming-soon/coming-soon-plugin.php coming_soon_page_settings Function Title Field Stored XSS
119865 18/03/2015 WP-Optimize Plugin for WordPress Unspecified Issue
119901 17/03/2015 WPML Plugin for WordPress Inadequate Nonce Checks Multiple Unauthenticated Ajax Actions
119888 17/03/2015 Gravity Forms Plugin for WordPress form_list.php sort_column Parameter Blind SQL Injection
119889 17/03/2015 Gravity Forms Plugin for WordPress forms_model.php sort_column Parameter Blind SQL Injection
119623 16/03/2015 DesignFolio+ Theme for WordPress upload-file.php File Upload Remote Code Execution
16/03/2015 Pods Plugin for Wordpress classes/PodsUI.php orderby Parameter SQL Injection
120322 16/03/2015 Knews Multilingual Newsletters Plugin for WordPress Unspecified SQL Injection
119637 15/03/2015 Swift Security Lite Plugin for WordPress classes/Settings.class.php Unspecified Issue
119554 13/03/2015 WooCommerce Plugin for WordPress Tax Settings Page tax_rate_country Parameter SQL Injection
119555 13/03/2015 WooCommerce Plugin for WordPress Tooltips Order Handling Stored XSS
119645 13/03/2015 AB Google Map Travel Plugin for WordPress ab-google-map-travel.php Multiple Parameter Stored XSS Weakness
119893 13/03/2015 AB Google Map Travel Plugin for WordPress ab-google-map-travel.php Multiple Action CSRF
119541 12/03/2015 WPML Plugin for WordPress /comments/feed action Parameter HTTP Referer Handling SQL Injection
119500 12/03/2015 WPML Plugin for WordPress menu sync Missing Access Control Remote Content Deletion
119499 12/03/2015 WPML Plugin for WordPress reminder popup Action target Parameter Reflected XSS
119649 12/03/2015 WP All Import Plugin for WordPress Unspecified Reflected XSS
119648 12/03/2015 WP All Import Plugin for WordPress Unspecified SQL Injection
119425 11/03/2015 WordPress SEO by Yoast Plugin for WordPress Multiple Parameter SQL Injection
119426 11/03/2015 WordPress SEO by Yoast Plugin for WordPress Unspecified CSRF
119475 11/03/2015 Spider Event Calendar Plugin for WordPress Multiple Actions CSRF
119414 10/03/2015 Daily Edition Theme for WordPress /fiche-disque.php id Parameter XSS
119415 10/03/2015 Daily Edition Theme for WordPress /thumb.php src Parameter Path Disclosure Weakness
119408 10/03/2015 Fraction Theme for WordPress /fraction-theme/functions/ajax.php ot_save_options() Function Remote Privilege Escalation
119334 09/03/2015 Google Analytics by Yoast Plugin for Wordpress admin/class-admin.php manual_ua_code_field Field Stored XSS Weakness
119515 09/03/2015 Custom Community Theme for WordPress /wp-admin/admin-ajax.php cc2_advanced_settings_save Action settings[custom_css] Form Field Stored XSS
119504 09/03/2015 MiwoFTP Plugin for WordPress miwoftp.php Unspecified Remote Information Disclosure
119505 09/03/2015 Related Posts Lite Plugin for WordPress backend/settings/types.inc.php wpdreams_callback Parameter Unspecified Issue
119472 09/03/2015 Ajax Search Lite Plugin for WordPress Unspecified Issue
119506 07/03/2015 IP Blacklist Cloud Plugin for WordPress importCSVIPCloud Action filename Parameter Remote Path Traversal File Access
119388 07/03/2015 Daily Edition Theme for WordPress /fiche-disque.php id Parameter SQL Injection
119516 07/03/2015 FormGet Contact Form Plugin for WordPress index.php request_response Action value Parameter Stored XSS
119509 06/03/2015 MainWP-Child Plugin for WordPress class/MainWPChild.class.php parse_init() Function Administrator Authentication Bypass
119513 06/03/2015 BBPress Plugin for WordPress Multiple Unspecified Issues
120323 06/03/2015 Another WordPress Classifieds Plugin for WordPress upload_awpcp.php Remote File Upload
119170 05/03/2015 The Newsletter Plugin for WordPress do.php nr Parameter Open Redirect Weakness
119171 05/03/2015 Max Banner Ads Plugin for WordPress info.php zone_id Parameter XSS
119181 05/03/2015 IgnitionDeck Plugin for WordPress idf-functions.php Theme / Extension Activation Missing Capability Check Remote Bypass
119182 05/03/2015 Spider Event Calendar Plugin for WordPress Theme_functions.php Multiple Parameter SQL Injection
119183 05/03/2015 SP Project & Document Manager Plugin for WordPress classes/ajax.php pid Parameter SQL Injection
119184 05/03/2015 Spider Event Calendar Plugin for WordPress calendar.php Multiple Parameter SQL Injection
119185 05/03/2015 Spider Event Calendar Plugin for WordPress calendar_functions.html.php Multiple Parameter XSS
119186 05/03/2015 Spider Event Calendar Plugin for WordPress calendar_functions.php Multiple Parameter SQL Injection
119187 05/03/2015 Spider Event Calendar Plugin for WordPress widget_Theme_functions.php Multiple Parameter SQL Injection
119188 05/03/2015 IgnitionDeck Plugin for WordPress idf-wp.php Unauthorized Media Editing Remote Bypass
119067 04/03/2015 Contact Form To DB Plugin for WordPress /wp-admin/admin.php CF7DBPluginSubmissions Page Stored Form Submission Deletion CSRF
119284 04/03/2015 Ya'arburnee / Dignitas Themes for WordPress df_save_options() Function Missing Restriction Remote Privilege Escalation
119261 04/03/2015 WP Plugin Info Card Plugin for WordPress wp-plugin-info-card-widget.php Multiple Parameter XSS
119262 04/03/2015 WP Plugin Info Card Plugin for WordPress wp-plugin-info-card-shortcode.php Multiple Parameter XSS
119266 03/03/2015 Booking Calendar Contact Form Plugin for WordPress dex_bccf_admin_int_bookings_list.inc.php search Parameter SQL Injection
119267 03/03/2015 WWM Registration Form Plugin for WordPress Unspecified Issue
119268 03/03/2015 CP Polls Plugin for WordPress cp-admin-int-list.inc.php Multiple Parameter SQL Injection
119265 03/03/2015 Booking Calendar Contact Form Plugin for WordPress dex_bccf_admin_int_calendar_list.inc.php Multiple Parameter SQL Injection
119606 03/03/2015 Calculated Fields Form Plugin for WordPress /wp-admin/options-general.php cp_calculated_fields_form Page Multiple Parameter SQL Injection
119270 02/03/2015 Wpshop Plugin for WordPress includes/ajax.php elementCode Parameter File Upload Remote Code Execution
118990 02/03/2015 WordPress Backup to Dropbox Plugin for WordPress /wp-admin/admin.php backup-to-dropbox-premium Page title Parameter Reflected XSS
119269 02/03/2015 Photocrati Theme for WordPress ecomm-sizes.php prod_id Parameter SQL Injection
119275 02/03/2015 Contact Form 7 Get and Show Parameter from URL Plugin for WordPress getparam.php name Parameter Reflected XSS