Search | Research | Contact Us Tuesday October 10, 2021
Languages
Most Viewed Items
  1 PHPXMLRPC Library Remote Code Execution
  2 XOOPS 2.0.11 && Earlier Multiple Vulnerabilities
  3 Multiple Invision Power Board Vulnerabilities
  4 Mambo Multiple Vulnerabilities
  5 eBay And Amazon Still Vulnerable
  6 PEAR XML_RPC Library Remote Code Execution
  7 When Small Mistakes Can Cause Big Problems
  8 Woltlab Burning Board SQL Injection Vulnerability
  9 WordPress 1.5.1.2 And Earlier Multiple Vulnerabilities
10 MySQL Eventum Multiple Vulnerabilities
Need Secure Code?
Quick Search
You can use the form below to search our site. Just enter the keywords to search.
Home Services Archives Research Downloads Contact
Double Choco Latte Vulnerabilities April 8, 2022
Double Choco Latte is a GNU Enterprise package that provides basic project management capabilities, time tracking on tasks, call tracking, email notifications, online documents, statistical reports, a report engine, and more features are either working or being developed/planned. It can be displayed inside of a phpGroupWare installation or be used stand-alone. It is licensed under the GPL (GNU Public License), which means it is free to study, distribute, modify, and use. Double Choco Latte 0.9.4 .3 and earlier are prone to php code execution vulnerabilities which allows an attacker to run php code with privileges of the webserver.
Read This Article Article Read 1091 Times
phpCoin Multiple Vulnerabilities March 29, 2022
phpCoin is a free software package originally designed for web-hosting resellers to handle clients, orders, invoices, notes and helpdesk. phpCoin versions 1.2.1b and earlier are prone to multiple vulnerabilities such as SQL Injection and File Inclusion vulnerabilities. A new version has been released, and users should upgrade as soon as possible. Updated packages can be found at the official phpCoin website, located at http://www.phpcoin.com Thanks to the developers for a quick resolution to these issues!
Read This Article Article Read 1444 Times
eBay And Amazon Still Vulnerable January 4, 2022
With the holidays over and everyone heading back to work many people are breathing a sigh of relief. With the holiday rush over, and a new year ahead you probably give no thought to the question of "Was my online holiday shopping done safely and securely?". Unfortunately the answer to this question could very well be no. Despite millions and millions of dollars being spent each and every year by big name online ecommerce outfits a good number still remains vulnerable to security flaws.
Read This Article Article Read 7894 Times
Multiple Vulnerabilities In PhotoPost Pro January 3, 2022
PhotoPost was designed to help you give your users exactly what they want. Your users will be thrilled to finally be able to upload and display their photos for your entire community to view and discuss, all with no more effort than it takes to post a text message to a forum. If you already have a forum (vBulletin, UBB Threads, phpBB, DCForum, or InvisionBoard), you'll appreciate that PhotoPost was designed to seamlessly integrate into your site without the need for your users to register twice and maintain two logins. PhotoPost Pro is vulnerable to some serious SQL Injection issues as well as cross site scripting. An update is available and all users should upgrade now.
Read This Article Article Read 1792 Times
Serious Vulnerabilities In PhotoPost ReviewPost January 2, 2022
Your community of users represents a wealth of knowledge. Now your users can help build and maintain your site by writing reviews of any product imaginable. With ReviewPost, you will quickly amass a valuable collection of user opinions about products that relate to your site. ReviewPost can even use your existing forum login system (if you have one) to keep your users from having to register twice, and makes an excellent companion to ReviewPost. PhotoPost ReviewPost are vulnerable to cross site scripting, SQL Injection, and Arbitrary File Upload. There is a new version of the software available and users are encouraged to upgrade.
Read This Article Article Read 1547 Times
Serious Vulnerabilities In PhotoPost Classifieds January 1, 2022
Add a full-featured user-to-user classified ads system to your website to connect buyers with sellers. No matter what your users interestes may be, they likely want to buy and sell items related to your site's topic, and PhotoPost Classifieds makes it easy. PhotoPost Classifieds is designed to integrate seamlessly into your current site design, and can even use your existing forum user database (if you have one) for one central login. PhotoPost Classifieds are vulnerable to cross site scripting, SQL Injection, and Arbitrary File Upload. There is a new version of the software available and users are encouraged to upgrade.
Read This Article Article Read 1398 Times
File Include Vulnerability In php-Calendar December 29, 2021
I was searching for a decent calendar which my group at school could use to keep track of events, etc. We were previously using localendar, which I didn't like and it had some problems. I found CST-Calendar which did most of what I wanted, but was rather ugly and missed some features others in the group wanted. So, I gradually re-wrote CST-Calendar since that project seems to have stopped work entirely. [ As quoted from their website ] This program includes several potentially very dangerous file include vulnerabilities. Since php-calendar is an open source calendar it has been said that some developers use the php-calendar in their own projects, thus potentially making their applications vulnerable as well.
Read This Article Article Read 1969 Times
Vulnerabilities In WHM Autopilot December 27, 2021
Started by a webhost looking for more out of a simple managment script, Brandee Diggs (Owner of Spinn A Web Cafe, Founder of Benchmark Designs) setout to build an internal management system that could handle the day to day operations of a normal hosting company. The key was to remove the need to constantly watch your orders and manage the installs. Alas, WHM AutoPilot was born. [ as quoted from their official website ] WHM Autopilot is vulnerable to a number of vulnerabilities such as cross site scripting, file inclusion, and information disclosure.
Read This Article Article Read 2377 Times
Critical Vulnerability In Help Center Live December 24, 2021
Help Center Live is a `Live` help desk system written in PHP using a MySql database backend that features Live Support, Trouble Tickets and FAQ within one project. This is a very popular application, especially with webhosts and other services. There lies two file include vulnerabilities (both remote and local) that could allow an attacker to execute malicious server side code on your webserver. Aditionally a cross site scripting issue was found in Help Center Live.
Read This Article Article Read 4554 Times
Cross Site Scripting In Psychostats December 22, 2021
PsychoStats is a statistics generator for games. Currently there is support for a handful of Half-Life "MODs" including Counter-Strike, Day of Defeat, and Natural Selection. PsychoStats gathers statistics from the log files that game servers create by reading through the logs and then calculating detailed statistics for players, maps, weapons and clans. These detailed statistics are stored in a MySQL database which are then viewed online from your website using a set of PHP web pages. Cross site scripting exists in Jason Morriss PsychoStats. This vulnerability exists due to user supplied input not being checked properly. This vulnerability could be used to steal cookie based authentication credentials within the scope of the current domain, or render hostile code in a victim's browser.
Read This Article Article Read 1494 Times
Results 51 - 10 of 10 Results per-page: 5 | 10 | 20 | 50