Search | Research | Contact Us Thursday March 1, 2022
Languages
Most Viewed Items
  1 PHPXMLRPC Library Remote Code Execution
  2 Multiple Invision Power Board Vulnerabilities
  3 XOOPS 2.0.11 && Earlier Multiple Vulnerabilities
  4 Mambo Multiple Vulnerabilities
  5 PEAR XML_RPC Library Remote Code Execution
  6 eBay And Amazon Still Vulnerable
  7 Woltlab Burning Board SQL Injection Vulnerability
  8 When Small Mistakes Can Cause Big Problems
  9 WordPress 1.5.1.2 And Earlier Multiple Vulnerabilities
10 MySQL Eventum Multiple Vulnerabilities
Need Secure Code?
Quick Search
You can use the form below to search our site. Just enter the keywords to search.
Home Services Archives Research Downloads Contact
Mambo Authentication Bypass October 4, 2021
Mambo is a popular Open Source Content Management System released under the GNU General Public license (GNU GPL). There are unfortunately some serious flaws in Mambo's login feature that allow for authentication bypass. This can be used to access arbitrary accounts, but even worse can be used to eventually install harmful modules and execute arbitrary php code on the server running Mambo. The Mambo team have committed fixes for these issues to SVN, and patches are available from the official Mambo website. Users are encouraged to patch the vulnerable functionality or update their Mambo installation as soon as possible.
Read This Article Article Read 1499 Times
HAMweather Remote Code Execution September 30, 2021
HAMWeather is a popular weather forecasting software that allows webmasters to display detailed weather forecasts and statistics on their websites. Unfortunately some of the features within HAMweather allow for an attacker to inject arbitrary php into the application and successfully execute arbitrary code. Also, because magic_quotes_gpc and register_globals settings are irrelevant when exploiting this issue it makes it that much easier for an attacker to get a remote shell on the host and possibly mount further attacks on the underlying server. An updated version of HAMweather has been released and all users are encouraged to upgrade as soon as possible.
Read This Article Article Read 1315 Times
CakePHP Framework Arbitrary File Access September 21, 2021
CakePHP is a RAD (Rapid Application Framework) framework for PHP which uses commonly known design patterns like ActiveRecord, Association Data Mapping, Front Controller and MVC. Unfortunately CakePHP is vulnerable to an arbitrary file access vulnerability due to unsafe use of the readfile function that allows for an attacker to read any file on the system that the webserver has read access to. This could be used to read password files or sensitive configuration data etc. An updated version of CakePHP has been released and users encouraged to upgrade their CakePHP installations as soon as possible.
Read This Article Article Read 1323 Times
X-Cart Arbitrary Code Execution September 18, 2021
X-Cart is a commercial web based eCommerce solution written in PHP and MySQL that allows for webmasters to host an online marketplace. Unfortunately an attacker may be able to execute arbitrary php code on an X-Cart installation by overwriting key configuration variables. However, because the vulnerability allows for any variables to be overwritten other attacks such as SQL Injection are probably possible as well. Qualiteam have released an updated version of their X-Cart software, and users are strongly encouraged to upgrade as soon as possible or delete the cmpi.php script that resides within the payments directory.
Read This Article Article Read 1835 Times
Claroline Arbitrary File Inclusion September 14, 2021
Claroline is a popular online Open Source e-Learning application used to allow teachers or education organizations to create and administrate courses through the web. Claroline is also used as the framework for other e-Learning applications such as Dokeos. Unfortunately Claroline is vulnerable to a file inclusion issue when register globals is on which may allow for an attacker to read or execute arbitrary files. Some frameworks that use Claroline (such as Dokeos) are also vulnerable to the issues mentioned here. An updated version of Claroline has been released and users should upgrade immediately and disable register_globals if possible.
Read This Article Article Read 1660 Times
CubeCart Multiple Vulnerabilities August 28, 2021
CubeCart is a very popular web application written in php that allows for an individual to open up a fully functioning online ecommerce service. Unfortunately CubeCart is vulnerable to Cross Site Scripting attacks, SQL Injection attacks, and possible remote code execution due to an attacker being able to include arbitrary php code. An updated version of CubeCart has been released and all users are encouraged to upgrade as soon as possible.
Read This Article Article Read 1699 Times
osCommerce Multiple Vulnerabilities August 17, 2021
osCommerce is one of the most popular open source ecommerce web applications ever written. osCommerce allows webmasters to open a fully functioning online marketplace with little effort. Unfortunately there have been several new vulnerabilities discovered in the latest versions of osCommerce. These issues may allow for an attacker to gather arbitrary information from the database such as credit card information, user login information, or personal information. There are also issues with some of osCommerce's file handling functionality that may allow an attacker to gain access to sensitive data. The osCommerce team have released updates to address these vulnerabilities and all users are encouraged to upgrade their osCommerce installations as soon as possible.
Read This Article Article Read 2488 Times
Zen Cart Multiple Vulnerabilities August 15, 2021
Zen Cart is a descendant of the popular osCommerce project, and like osCommerce Zen Cart is one of the most popular open source ecommerce systems in the world. Unfortunately Zen Cart is vulnerable to quite a number of different attacks, and in some circumstances may allow an attacker to execute arbitrary code on the underlying web server with the rights of the httpd process. In addition to remote code execution several different SQL Injection attacks may be possible. The Zen Cart developers have commited fixes for these issues to CVS and an updated version of Zen Cart will be released soon to address the issues. All users should upgrade their Zen Cart installation as soon as possible.
Read This Article Article Read 2657 Times
SquirrelMail Arbitrary Variable Overwriting August 11, 2021
SquirrelMail is a standards-based webmail package written in php. It includes built-in pure PHP support for the IMAP and SMTP protocols. Unfortunately there is a fairly serious variable handling issue in one of the core SquirrelMail scripts that can allow an attacker to take control of variables used within the script, and influence functions and actions within the script. This is due to the unsafe handling of "expired sessions" when composing a message. An updated version of SquirrelMail can be downloaded from their official website. Users are advised to update their SquirrelMail installations as soon as possible.
Read This Article Article Read 2343 Times
PHPLib Remote Code Execution March 5, 2022
The PHP Base Library aka PHPLib is a toolkit for PHP developers supporting them in the development of Web applications. The phpLib codebase can be found in a number of applications available today. Unfortunately some of the session emulation code is vulnerable to SQL Injection issues that in a worst case scenario can lead to remote code execution by using UNION and selecting arbitrary php code into an eval call. A new version og PHPLib has been released and users should upgrade their PHPLib libraries as soon as possible.
Read This Article Article Read 4286 Times
Gallery 2 Multiple Vulnerabilities March 2, 2022
Gallery2, the open source web based photo album organizer is one of the most popular php web applications available today. Gallery2 suffers from a number of vulnerabilities including IP Spoofing via X_FORWARDED_FOR that may allow a malicious user to hide their identity, script injection via the faulty X_FORWARDED_FOR implementation, and also arbitrary file access which could ultimately lead to the deletion of arbitrary files on the webserver. A new version of Gallery 2 has been released and users should upgrade their Gallery 2 installations.
Read This Article Article Read 6626 Times
phpRPC Library Remote Code Execution February 26, 2022
phpRPC is meant to be an easy to use xmlrpc library. phpRPC is greatly simplified with the use of database/rpc-protocol abstraction. It should run on any php server with most data bases. Unfortunately, there is a easily exploitable remote php code execution vulnerability in the phpRPC library that allows an attacker to execute arbitrary code on the affected webserver. This vulnerability, like previously discovered vulnerabilities in various implementations of the XMLRPC protocol is possible because of unsanitized data being passed to an eval call. This of course could ultimately lead to a compromise of the under lying web server, and disclosure of sensitive data.
Read This Article Article Read 6540 Times
Mambo Multiple Vulnerabilities February 24, 2022
Mambo is a popular Open Source Content Management System released under the GNU General Public license (GNU GPL). There are a number of security issues in Mambo which allows for SQL Injection, Authentication Bypass, and possible remote code execution via local file inclusion. There has been an updated version of Mambo released and all users are advised to upgrade as soon as possible. Also, please note that these vulnerabilities are NOT related to any worms currently taking advantage of vulnerable Mambo installations.
Read This Article Article Read 9517 Times
PEAR LiveUser File Access Vulnerabilities February 21, 2022
LiveUser is a user authentication and permission management framework that is part of php's PEAR Library. LiveUser has many different features, including the ability to remember a user via cookies. Unfortunately there is an issue with how extracted cookie data is handled by the LiveUser library within the remember feature which makes it possible for an attacker to gain access to, and even delete potentially sensitive files on the webserver. An updated version of the LiveUser framework has been released, and users are advised to upgrade to LiveUser 0.16.9
Read This Article Article Read 4992 Times
Geeklog Remote Code Execution February 19, 2022
Geeklog is one of the most popular content management systems available today. Geeklog unfortunately is vulnerable to a number of different attacks such as SQL Injection, and arbitrary file inclusion. These attacks can be combined to ultimately execute code on the vulnerable web server in a very reliable manner. According to the developers these issues affect pretty much every version of Geeklog ever released, so users are strongly encouraged to upgrade to the latest version of Geeklog which is Geeklog 1.4.0sr1 and 1.3.11sr4
Read This Article Article Read 6534 Times
ADOdb Library Cross Site Scripting February 18, 2022
ADOdb is a database abstraction library for php used by a great deal of projects to provide support for a number of well known database api's. ADOdb also comes with various functions to perform routine database related tasks. One of the more useful of these functions is ADOdb's ability to paginate the retrieved database records by using the ADODB_Pager class. However, there are several cross site scripting issues within the ADODB_Pager class that may allow for an attacker to render malicious client side code in the victims browser. An updated version of ADOdb has been released, and users should update their ADOdb library.
Read This Article Article Read 5124 Times
XMB Forums Multiple Vulnerabilities February 12, 2022
XMB Forums is a popular forum software written in php and mysql that allows you to open up your own online community or messageboard. There are a number of security issues in XMB Forums that may allow for an attacker to perform SQL injection attacks or cross site scripting attacks against the vulnerable web application. These types of attacks may allow for disclosure of sensitive data such as cookie information or contents from the underlying database.
Read This Article Article Read 5733 Times
DB_eSession deleteSession() SQL injection February 11, 2022
DB_eSession is a feature-packed PHP class that stores the session data in a MySQL database rather than files. It is powerful, designed with security in mind, and is easy to utilize. The DB_eSession library is used in a number of popular web applications, and private projects alike. DB_eSession is vulnerable to SQL Injection attacks due to unsafe use of cookie data in an SQL query, and can allow an attacker to craft malicious SQL Queries and have them then successfully executed.
Read This Article Article Read 4998 Times
HiveMail Multiple Vulnerabilities February 10, 2022
HiveMail is a powerful web-based email program that allows you to offer personal email accounts to your visitors. This makes HiveMail a popular choice for business and individuals alike. Unfortunately there are a number of remote code execution vulnerabilities in HiveMail due to unsafe eval calls that may allow an attacker to compromise the underlying web server. In addition there are also vulnerabilities that allow an attacker to perform SQL Injection and Cross Site Scripting attacks.
Read This Article Article Read 5346 Times
CPAINT AJAX Library Cross Site Scripting February 9, 2022
CPAINT (Cross-Platform Asynchronous INterface Toolkit) is a multi-language toolkit that helps web developers design and implement AJAX web applications with ease and flexibility. CPAINT does not sanitize all user supplied data properly which leads to cross site scripting. This makes not only CPAINT vulnerable, but the applications that use CPAINT as a third party library are vulnerable as well.
Read This Article Article Read 4663 Times
eyeOS Remote Code Execution February 7, 2022
eyeOS is a "web based operating system" written in php, that lets you access your data and your applications from anywhere with an internet connection. There is a very easy to exploit Remote Code Execution issue in one of the core eyeOS files that affects eyeOS 0.8.9 and earlier. A new version of eyeOS has been released and all users are encouraged to upgrade immediately to eyeOS 0.8.10
Read This Article Article Read 4759 Times
Hurricane Katrina Devestation September 14, 2021
As you may or may not know the main offices of GulfTech Research And Development were located off of highway 90 in Gulfport, south of the CSX railroad. Needless to say the area was completely devestated, and my home; which was the central location for most of our business was very heavily damaged. My family and I were in the house when the tidal surge hit us, but everyone is alive and no serious injuries were sustained. According to the Gulfport police officer I talked to yesterday the surge in Gulfport where I lived was close to 37ft high. Everything belonging to the business (as well as almost all of my personal belongings) were destroyed with the exception of a majority of our records etc which were stored in a secure location. Due to the circumstances we will ONLY be offering security services for an undetermined length of time, and any new programming projects will be put on hold until further notice. I am sorry for having to limit our services, but getting my family and my life back to normal is my main concern right now. Thank you for understanding.
Read This Article Article Read 4693 Times
RunCMS Multiple Vulnerabilities August 19, 2021
RunCMS is a very popular, full featured content management system based on the XOOPS content management system. There are a number of fairly serious vulnerabilities in RunCMS that may allow an attacker to overwrite very important variables used by RunCMS and conduct SQL Injection attacks. A new version of RunCMS has been released some time ago, and all users are advised to upgrade immediately.
Read This Article Article Read 6279 Times
MySQL Eventum Multiple Vulnerabilities July 31, 2021
Eventum is a user-friendly and flexible issue tracking system that can be used by a support department to track incoming technical support requests, or by a software development team to quickly organize tasks and bugs. Eventum is used by the MySQL AB Technical Support team. Unfortunately Eventum is vulnerable to some highly exploitable SQL Injection issues as well as cross site scripting issues. A new version of Eventum has been released and users are strongly advised to upgrade their Eventum installations.
Read This Article Article Read 7523 Times
Kayako LiveResponse Multiple Vulnerabilities July 30, 2021
Kayako liveResponse is a web based application aimed at providing live support for websites and businesses. There are a number of vulnerabilities in Kayako liveResponse that range from Cross Site Request Forgeries, Cross Site Scripting, Information Disclosure, Script Injection, and SQL Injection vulnerabilities which can lead to disclosure of sensitive data. Users are suggested to update as soon as a secured version becomes available.
Read This Article Article Read 5897 Times
Mozilla XPCOM Library Race Condition July 21, 2021
xpcom, or cross platform component object model is a framework for writing cross-platform, modular software. The xpcom library is used in many applications including a majority of the popular browsers such as FireFox, NetScape, Mozilla, Galeon, etc. It seems that there is a race condition of sorts in xpcom that makes it possible for an attacker to crash a victims browser by having them view a malformed html document. This issue is not believed to be exploitable by the Mozilla dev team, and will likely be addressed in full at a later date by the development team.
Read This Article Article Read 5819 Times
SquirrelMail Arbitrary Variable Overwriting July 14, 2021
SquirrelMail is a standards-based webmail package written in php. It includes built-in pure PHP support for the IMAP and SMTP protocols. Unfortunately there is a fairly serious variable handling issue in one of the core SquirrelMail scripts that can allow an attacker to take control of variables used within the script, and influence functions and actions within the script. An updated version of SquirrelMail can be downloaded from their official website. Users are advised to update their SquirrelMail installations as soon as possible.
Read This Article Article Read 5446 Times
Simple Machines Forum SQL Injection July 03, 2022
SMF or Simple Machines Forum as it is probably better known as is a very popular forum system, and developed by members of the YaBB SE development team. Simple Machine Forums versions prior to the recently released 1.0.5 are vulnerable to a very serious SQL Injection hole, as well as a more obscure, harder to exploit SQL Injection hole. Both vulnerabilities have been resolved and users should upgrade to the latest version of SMF immediately.
Read This Article Article Read 6241 Times
PHPXMLRPC Library Remote Code Execution July 02, 2022
PHPXMLRPC aka XML-RPC For PHP is a PHP implementation of the XML-RPC web RPC protocol, and was originally developed by Edd Dumbill of Useful Information Company. As of the 1.0 stable release, the project has been opened to wider involvement and moved to SourceForge. PHPXMLRPC is used in a large number of popular web applications such as PostNuke, Drupal, b2evolution, and TikiWiki. Unfortunately PHPXMLRPC is vulnerable to a remote php code execution vulnerability that may be exploited by an attacker to compromise a vulnerable system.
Read This Article Article Read 27791 Times
PEAR XML_RPC Library Remote Code Execution July 01, 2022
PEAR XML_RPC is a PHP implementation of the XML-RPC web RPC protocol, and used by many different developers across the world. PEAR XML_RPC was originally developed by Edd Dumbill of Useful Information Company, but has since been expanded by several individuals. Unfortunately PEAR XML_RPC is vulnerable to a remote php code execution vulnerability that may allow for an attacker to compromise a vulnerable server. Version 1.3.1 has been released to address these issues.
Read This Article Article Read 8886 Times
XOOPS 2.0.11 && Earlier Multiple Vulnerabilities June 29, 2022
XOOPS is a very popular dynamic web content management system written in Object Oriented PHP. One of the features of XOOPS is it's own XMLRPC server that handles incoming XMLRPC requests. This particular feature is vulnerable to a highly critical SQL Injection issue. Additionally there are several cross site scripting issues in XOOPS as well which could allow for theft of user data or client side code execution in the context of the victim's web browser.
Read This Article Article Read 10409 Times
WordPress 1.5.1.2 And Earlier Multiple Vulnerabilities June 28, 2022
WordPress is a very popular personal publishing platform aka blog software, and is used by everyone from celebrities, to government officials, to non technical average joe's. There are a number of vulnerabilities in WordPress that may allow an attacker to ultimately run arbitrary code on the vulnerable system. These vulnerabilities include SQL Injection, Cross Site Scripting, and also issues that may aid an attacker in social engineering. An updated version of WordPress is available and users are strongly advised to.
Read This Article Article Read 7835 Times
Infopop UBB Threads Multiple Vulnerabilities June 23, 2022
UBB Threads is a very popular forum system developed by Infopop. There are a number of vulnerabilities in UBB Threads that may allow an attacker to execute cross site scripting, http response splitting, and cross site request forgery attacks. Also, an attacker may include, execute, or read arbitrary local files. These vulnerabilities may allow for an attacker to completely compromise an installation of UBB Threads and possibly more. Users are encouraged to upgrade as soon as possible to the latest UBB Threads release.
Read This Article Article Read 4109 Times
paFaq Multiple Vulnerabilities June 20, 2022
paFAQ is a FAQ/Knowledge base system that allows webmasters to keep an organized database of Frequently Asked Questions; a Knowledge Database for problems and solutions. There are a number of vulnerabilities in paFaq. These vulnerabilities include arbitrary unauthorized access to the entire paFaq database, as well as admin authentication bypass, sql injection, arbitrary code execution and cross site scripting. An attacker can gain a remote shell on a vulnerable system using these vulnerabilities.
Read This Article Article Read 2804 Times
paFileDB Multiple Vulnerabilities June 14, 2022
paFileDB is a popular open source web application offered by php Arena. paFileDB allows webmasters to open up an interactive file repository on their website. There are a number of vulnerabilities in paFileDB that may allow for an attacker to include arbitrary files, retrieve sensitive user and/or database information, and completely bypass admin, and team member authentication. Users should upgrade immediately.
Read This Article Article Read 2595 Times
FusionBB Multiple Vulnerabilities June 13, 2022
FusionBB is a popular online message board written in php and developed by InteractivePHP, INC. There are several vulnerabilities in FusionBB such as SQL Injection and Arbitrary Local File Inclusion. These issues could allow for an attacker to execute arbitrary scripts residing on the web server, retrieve sensitive data from the underlying database, or bypass the FusionBB authentication mechanisms.
Read This Article Article Read 1484 Times
osCommerce HTTP Response Splitting June 10, 2022
osCommerce is a very popular eCommerce application that allows for individuals to host their own online shop. All current versions of osCommerce are vulnerable to HTTP Response Splitting. These HTTP Response Splitting vulnerabilities may allow for an attacker to steal sensitive user information, or cause temporary web site defacement. The suggested fix for this issue is to make sure that CRLF sequences are not passed to the application.
Read This Article Article Read 3782 Times
Invision Gallery Vulnerabilities June 09, 2022
Invision Gallery is a community based gallery software that can be integrated into Invision Power Board. There are several security issues in Invision Gallery that may allow for an attacker to force a user into unknowingly / unwillingly perform actions on behalf of an attacker, or an attacker may influence SQL queries and retrieve sensitive information contained within the underlying database. An upgrade has been released for several weeks now and all users should upgrade their gallery installations as soon as possible.
Read This Article Article Read 1894 Times
Invision Community Blog Vulnerabilities June 07, 2022
Invision Blog is a community based blogging software that can be integrated into Invision Power Board. There are several dangerous SQL Injection vulnerabilities, as well as a cross site scripting vulnerability. These vulnerabilities could allow for an attacker to gain access to sensitive data such as password information and render hostile script in the context of a victims browser which could lead to disclosure of sensitive data such as cookie data.
Read This Article Article Read 1903 Times
Format String Vulnerability In Peercast May 28, 2022
Peercast is a popular p2p streaming media server (similar to shoutcast). There is a serious security issue in peercast versions 0.1211 and earlier that may allow for an attacker to execute arbitrary code on the remote target with the privileges of the user running peercast (usually administrator) or crash the vulnerable server. There is an updated version of peercast available and all users should upgrade as soon as possible.
Read This Article Article Read 2589 Times
Help Center Live Vulnerabilities May 17, 2022
Help Center Live is a `Live` help desk system written in PHP using a MySql database backend that features Live Support, Trouble Tickets and FAQ within one project. This is a very popular application, especially with webhosts and other services. Unfortunately Help Center Live is vulnerable to Sql injection, Script Injection, and Cross Site Scripting attacks, but the most serious of the vulnerabilities mentioned (The SQL Injection attacks) require magic_quotes_gpc to be set to off.
Read This Article Article Read 1817 Times
Woltlab Burning Board SQL Injection Vulnerability May 16, 2022
Burning Board is a popular, multi purpose forum / community software offered by WoltLab GmbH. There is an SQL Injection vulnerability in Burning Board 2.* and earlier that allows for an attacker to influence SQL Queries and possibly query arbitrary data from the database, such as admin password hashes. The developers are said to have made a patch available as of late last week, and all users should upgrade their Burning Board installations as soon as possible.
Read This Article Article Read 8004 Times
Yappa-NG Multiple Vulnerabilities May 11, 2022
Yappa-NG is the second generation (new and improved) version of Yappa (yet another php photo album). There are several vulnerabilities in Yappa-NG that may allow an attacker to possibly take control of the vulnerable server. In order to exploit these vulnerabilities register_globals must be on. An updated version of Yappa-NG is available, and users should upgrade as soon as possible.
Read This Article Article Read 1413 Times
Multiple Invision Power Board Vulnerabilities May 5, 2022
Invision Power Board (IPB) is a professional forum system that has been built from the ground up with speed and security in mind. It is used by a great many people all over the world. All versions of Invision Power Board are vulnerable to a serious SQL Injection vulnerability. An attacker does not have to be logged in, or even have access or permission to view the forums in order to exploit this vulnerability. Users should upgrade immediately.
Read This Article Article Read 11122 Times
Multiple SitePanel2 Vulnerabilities May 3, 2022
SitePanel2 is a helpdesk / trouble ticket / support system used by businesses and individuals alike. There are a number of vulnerabilities in SitePanel2, some of which are fairly serious. If an attacker is able to successfully exploit these vulnerabilities in SitePanel2 he may be able to successfully compromise user accounts or completely compromise the target web server. A security patch has been released to address these issues and all users are strongly encouraged to upgrade their SitePanel2 installations as soon as possible.
Read This Article Article Read 1694 Times
Multiple Vulnerabilities In osTicket May 2, 2022
osTicket is a widely-used open source support ticket system. It is a lightweight support ticket tool written mainly using PHP scripting language. There are several vulnerabilities in the osTicket software that may allow for an attacker to take control of the affected web server, disclose sensitive data from the database, or read arbitrary files. These issues have been reported to the developers and a new updated version of osTicket is available for download. All affected users should upgrade their osTicket installations immediately.
Read This Article Article Read 3025 Times
phpBB Notes Mod SQL Injection Vulnerability April 27, 2022
oxpus.de author many popular modules and hacks for the amazingly popular phpBB software. One of these modules allows users to keep their own personal memo pad of sorts in the usercp. This particular mod comes standard with packages like orion_phpbb and others. This "notes" module is vulnerable to a serious SQL Injection vulnerability that will allow for an attacker to pull sensitive information from the underlying database, and possibly compromise the integrity of the affected phpBB installation.
Read This Article Article Read 2298 Times
Multiple eGroupware Vulnerabilities April 20, 2022
eGroupware is a very popular open source web based collaboration software that can be used within an intranet, or externally via the internet to build a community and/or help coordinate large projects. eGroupware also comes pre packaged in some linux distributions. GulfTech Security Research has found a few high risk SQL Injection vulnerabilities as well as Cross Site Scripting vulnerabilities. A new version of eGroupware is now available and all eGroupware users should upgrade immediately. Not only does the new eGroupware release address these security issues, but it also includes a number of bugfixes!
Read This Article Article Read 2050 Times
Multiple Security Issues Found In AZBB April 19, 2022
azbb is a forum that was written with a primary focus on security. azbb does not require a database such as MySQL, PostGres or MSSQL and can even be used as a blog, or portal of sorts. Unfortunately there are a number of security issues in AZBB versions prior to 1.0.08, but none of these issues are considered "high risk". However, the developer has addressed these issues and all users should upgrade to the current 1.0.08 version. These vulnerabilities include file enumeration, arbitrary file deletion, and file inclusion.
Read This Article Article Read 1396 Times
Multiple ModernBill 4.3.0 And Earlier Vulnerabilities April 10, 2022
ModernBill is a widely used billing and management software used by webhosts to manage billing and financial data. ModernBill is prone to remote file inclusion and cross site scripting in version prior to 4.3.1. These vulnerabilities could allow for an attacker to execute client side code in the context of the victims web browser, steal sensitive user data, and run system commands remotely on the affected web server. A fixed version is available and users are advised to upgrade immediately.
Read This Article Article Read 2527 Times
Results 1 - 50 of 50 Results per-page: 5 | 10 | 20 | 50