Search | WebPortal | Contact Us
Recent News
Languages


Search
You can use the form below to search our site. Just enter the keywords to search.










eBay And Amazon Still Vulnerable January 4, 2022
With the holidays over and everyone heading back to work many people are breathing a sigh of relief. With the holiday rush over, and a new year ahead you probably give no thought to the question of "Was my online holiday shopping done safely and securely?". Unfortunately the answer to this question could very well be no. Despite millions and millions of dollars being spent each and every year by big name online ecommerce outfits a good number still remains vulnerable to security flaws.
Read This Article Article Read 444 Times


Multiple Vulnerabilities In PhotoPost Pro January 3, 2022
PhotoPost was designed to help you give your users exactly what they want. Your users will be thrilled to finally be able to upload and display their photos for your entire community to view and discuss, all with no more effort than it takes to post a text message to a forum. If you already have a forum (vBulletin, UBB Threads, phpBB, DCForum, or InvisionBoard), you'll appreciate that PhotoPost was designed to seamlessly integrate into your site without the need for your users to register twice and maintain two logins. PhotoPost Pro is vulnerable to some serious SQL Injection issues as well as cross site scripting. An update is available and all users should upgrade now.
Read This Article Article Read 445 Times


Serious Vulnerabilities In PhotoPost ReviewPost January 2, 2022
Your community of users represents a wealth of knowledge. Now your users can help build and maintain your site by writing reviews of any product imaginable. With ReviewPost, you will quickly amass a valuable collection of user opinions about products that relate to your site. ReviewPost can even use your existing forum login system (if you have one) to keep your users from having to register twice, and makes an excellent companion to ReviewPost. PhotoPost ReviewPost are vulnerable to cross site scripting, SQL Injection, and Arbitrary File Upload. There is a new version of the software available and users are encouraged to upgrade.
Read This Article Article Read 379 Times


Serious Vulnerabilities In PhotoPost Classifieds January 1, 2022
Add a full-featured user-to-user classified ads system to your website to connect buyers with sellers. No matter what your users interestes may be, they likely want to buy and sell items related to your site's topic, and PhotoPost Classifieds makes it easy. PhotoPost Classifieds is designed to integrate seamlessly into your current site design, and can even use your existing forum user database (if you have one) for one central login. PhotoPost Classifieds are vulnerable to cross site scripting, SQL Injection, and Arbitrary File Upload. There is a new version of the software available and users are encouraged to upgrade.
Read This Article Article Read 245 Times


File Include Vulnerability In php-Calendar December 29th, 2004
I was searching for a decent calendar which my group at school could use to keep track of events, etc. We were previously using localendar, which I didn't like and it had some problems. I found CST-Calendar which did most of what I wanted, but was rather ugly and missed some features others in the group wanted. So, I gradually re-wrote CST-Calendar since that project seems to have stopped work entirely. [ As quoted from their website ] This program includes several potentially very dangerous file include vulnerabilities. Since php-calendar is an open source calendar it has been said that some developers use the php-calendar in their own projects, thus potentially making their applications vulnerable as well.
Read This Article Article Read 525 Times


Vulnerabilities In WHM Autopilot December 27th, 2004
Started by a webhost looking for more out of a simple managment script, Brandee Diggs (Owner of Spinn A Web Cafe, Founder of Benchmark Designs) setout to build an internal management system that could handle the day to day operations of a normal hosting company. The key was to remove the need to constantly watch your orders and manage the installs. Alas, WHM AutoPilot was born. [ as quoted from their official website ] WHM Autopilot is vulnerable to a number of vulnerabilities such as cross site scripting, file inclusion, and information disclosure.
Read This Article Article Read 541 Times


Critical Vulnerability In Help Center Live December 24th, 2004
Help Center Live is a `Live` help desk system written in PHP using a MySql database backend that features Live Support, Trouble Tickets and FAQ within one project. This is a very popular application, especially with webhosts and other services. There lies two file include vulnerabilities (both remote and local) that could allow an attacker to execute malicious server side code on your webserver. Aditionally a cross site scripting issue was found in Help Center Live.
Read This Article Article Read 686 Times


Cross Site Scripting In Psychostats December 22nd, 2004
PsychoStats is a statistics generator for games. Currently there is support for a handful of Half-Life "MODs" including Counter-Strike, Day of Defeat, and Natural Selection. PsychoStats gathers statistics from the log files that game servers create by reading through the logs and then calculating detailed statistics for players, maps, weapons and clans. These detailed statistics are stored in a MySQL database which are then viewed online from your website using a set of PHP web pages. Cross site scripting exists in Jason Morriss PsychoStats. This vulnerability exists due to user supplied input not being checked properly. This vulnerability could be used to steal cookie based authentication credentials within the scope of the current domain, or render hostile code in a victim's browser.
Read This Article Article Read 208 Times


Multiple Kayako eSupport Vulnerabilities December 18th, 2004
Kayako eSupport is one of the most feature packed support systems. This program is used by many online businesses and webhosts to help with technical support and other various support issues. This application is vulnerable to both Cross Site Scripting and SQL Injection vulnerabilities. The SQL Injection vulnerabilities are fairly serious and may allow for an attacker to influence SQL queries. Full details inside.
Read This Article Article Read 502 Times


Document Object Model Hijacking Explained December 10, 2021
The 2004 Merriam-Webster word of the year was “blog”. For those of you that do not know, blog is short for weblog. Millions of people around the world keep blogs, and these people are not just limited to the tech savvy crowd. Blogs are not the only increasingly popular web applications though. Wiki’s for example allow many users to build an entire community and more by allowing anyone who wants to contribute, to do so. Security is usually a fairly primary concern in an environment with many users, and measures such as script filtering are taken to ensure that no one tries anything “bad”, and that if they do they are unsuccessful in their attempts. Unfortunately though, a good number of these applications are susceptible to Document Object Model Hijacking.
Read This Article Article Read 310 Times




1 2 3 4 5 6 7 - Next Results per-page: 5 | 10 | 20 | 50
Results 1 - 10 of 64 Page 1 of 7




Copyright 2004 GulfTech Research And Development, All Rights Reserved