Search | Research | Contact Us Sunday September 4, 2021
Languages
Most Viewed Items
  1 PHPXMLRPC Library Remote Code Execution
  2 Multiple Invision Power Board Vulnerabilities
  3 eBay And Amazon Still Vulnerable
  4 When Small Mistakes Can Cause Big Problems
  5 Woltlab Burning Board SQL Injection Vulnerability
  6 Multiple Vulnerabilities In phpWebsite
  7 XOOPS 2.0.11 && Earlier Multiple Vulnerabilities
  8 Critical Vulnerability In Help Center Live
  9 dbPowerAmp Buffer Overflow And DoS Vulnerabilities
10 Document Object Model Hijacking Explained
Need Secure Code?
Quick Search
You can use the form below to search our site. Just enter the keywords to search.
Home Services Archives Research Downloads Contact
Invision Gallery Vulnerabilities June 09, 2022
Invision Gallery is a community based gallery software that can be integrated into Invision Power Board. There are several security issues in Invision Gallery that may allow for an attacker to force a user into unknowingly / unwillingly perform actions on behalf of an attacker, or an attacker may influence SQL queries and retrieve sensitive information contained within the underlying database. An upgrade has been released for several weeks now and all users should upgrade their gallery installations as soon as possible.
Read This Article Article Read 531 Times
Invision Community Blog Vulnerabilities June 07, 2022
Invision Blog is a community based blogging software that can be integrated into Invision Power Board. There are several dangerous SQL Injection vulnerabilities, as well as a cross site scripting vulnerability. These vulnerabilities could allow for an attacker to gain access to sensitive data such as password information and render hostile script in the context of a victims browser which could lead to disclosure of sensitive data such as cookie data.
Read This Article Article Read 399 Times
Format String Vulnerability In Peercast May 28, 2022
Peercast is a popular p2p streaming media server (similar to shoutcast). There is a serious security issue in peercast versions 0.1211 and earlier that may allow for an attacker to execute arbitrary code on the remote target with the privileges of the user running peercast (usually administrator) or crash the vulnerable server. There is an updated version of peercast available and all users should upgrade as soon as possible.
Read This Article Article Read 782 Times
Help Center Live Vulnerabilities May 17, 2022
Help Center Live is a `Live` help desk system written in PHP using a MySql database backend that features Live Support, Trouble Tickets and FAQ within one project. This is a very popular application, especially with webhosts and other services. Unfortunately Help Center Live is vulnerable to Sql injection, Script Injection, and Cross Site Scripting attacks, but the most serious of the vulnerabilities mentioned (The SQL Injection attacks) require magic_quotes_gpc to be set to off.
Read This Article Article Read 426 Times
Woltlab Burning Board SQL Injection Vulnerability May 16, 2022
Burning Board is a popular, multi purpose forum / community software offered by WoltLab GmbH. There is an SQL Injection vulnerability in Burning Board 2.* and earlier that allows for an attacker to influence SQL Queries and possibly query arbitrary data from the database, such as admin password hashes. The developers are said to have made a patch available as of late last week, and all users should upgrade their Burning Board installations as soon as possible.
Read This Article Article Read 1855 Times
Yappa-NG Multiple Vulnerabilities May 11, 2022
Yappa-NG is the second generation (new and improved) version of Yappa (yet another php photo album). There are several vulnerabilities in Yappa-NG that may allow an attacker to possibly take control of the vulnerable server. In order to exploit these vulnerabilities register_globals must be on. An updated version of Yappa-NG is available, and users should upgrade as soon as possible.
Read This Article Article Read 379 Times
Multiple Invision Power Board Vulnerabilities May 5, 2022
Invision Power Board (IPB) is a professional forum system that has been built from the ground up with speed and security in mind. It is used by a great many people all over the world. All versions of Invision Power Board are vulnerable to a serious SQL Injection vulnerability. An attacker does not have to be logged in, or even have access or permission to view the forums in order to exploit this vulnerability. Users should upgrade immediately.
Read This Article Article Read 2407 Times
Multiple SitePanel2 Vulnerabilities May 3, 2022
SitePanel2 is a helpdesk / trouble ticket / support system used by businesses and individuals alike. There are a number of vulnerabilities in SitePanel2, some of which are fairly serious. If an attacker is able to successfully exploit these vulnerabilities in SitePanel2 he may be able to successfully compromise user accounts or completely compromise the target web server. A security patch has been released to address these issues and all users are strongly encouraged to upgrade their SitePanel2 installations as soon as possible.
Read This Article Article Read 504 Times
Multiple Vulnerabilities In osTicket May 2, 2022
osTicket is a widely-used open source support ticket system. It is a lightweight support ticket tool written mainly using PHP scripting language. There are several vulnerabilities in the osTicket software that may allow for an attacker to take control of the affected web server, disclose sensitive data from the database, or read arbitrary files. These issues have been reported to the developers and a new updated version of osTicket is available for download. All affected users should upgrade their osTicket installations immediately.
Read This Article Article Read 811 Times
phpBB Notes Mod SQL Injection Vulnerability April 27, 2022
oxpus.de author many popular modules and hacks for the amazingly popular phpBB software. One of these modules allows users to keep their own personal memo pad of sorts in the usercp. This particular mod comes standard with packages like orion_phpbb and others. This "notes" module is vulnerable to a serious SQL Injection vulnerability that will allow for an attacker to pull sensitive information from the underlying database, and possibly compromise the integrity of the affected phpBB installation.
Read This Article Article Read 822 Times
Multiple eGroupware Vulnerabilities April 20, 2022
eGroupware is a very popular open source web based collaboration software that can be used within an intranet, or externally via the internet to build a community and/or help coordinate large projects. eGroupware also comes pre packaged in some linux distributions. GulfTech Security Research has found a few high risk SQL Injection vulnerabilities as well as Cross Site Scripting vulnerabilities. A new version of eGroupware is now available and all eGroupware users should upgrade immediately. Not only does the new eGroupware release address these security issues, but it also includes a number of bugfixes!
Read This Article Article Read 604 Times
Multiple Security Issues Found In AZBB April 19, 2022
azbb is a forum that was written with a primary focus on security. azbb does not require a database such as MySQL, PostGres or MSSQL and can even be used as a blog, or portal of sorts. Unfortunately there are a number of security issues in AZBB versions prior to 1.0.08, but none of these issues are considered "high risk". However, the developer has addressed these issues and all users should upgrade to the current 1.0.08 version. These vulnerabilities include file enumeration, arbitrary file deletion, and file inclusion.
Read This Article Article Read 355 Times
Multiple ModernBill 4.3.0 And Earlier Vulnerabilities April 10, 2022
ModernBill is a widely used billing and management software used by webhosts to manage billing and financial data. ModernBill is prone to remote file inclusion and cross site scripting in version prior to 4.3.1. These vulnerabilities could allow for an attacker to execute client side code in the context of the victims web browser, steal sensitive user data, and run system commands remotely on the affected web server. A fixed version is available and users are advised to upgrade immediately.
Read This Article Article Read 802 Times
Double Choco Latte Vulnerabilities April 8, 2022
Double Choco Latte is a GNU Enterprise package that provides basic project management capabilities, time tracking on tasks, call tracking, email notifications, online documents, statistical reports, a report engine, and more features are either working or being developed/planned. It can be displayed inside of a phpGroupWare installation or be used stand-alone. It is licensed under the GPL (GNU Public License), which means it is free to study, distribute, modify, and use. Double Choco Latte 0.9.4 .3 and earlier are prone to php code execution vulnerabilities which allows an attacker to run php code with privileges of the webserver.
Read This Article Article Read 361 Times
phpCoin Multiple Vulnerabilities March 29, 2022
phpCoin is a free software package originally designed for web-hosting resellers to handle clients, orders, invoices, notes and helpdesk. phpCoin versions 1.2.1b and earlier are prone to multiple vulnerabilities such as SQL Injection and File Inclusion vulnerabilities. A new version has been released, and users should upgrade as soon as possible. Updated packages can be found at the official phpCoin website, located at http://www.phpcoin.com Thanks to the developers for a quick resolution to these issues!
Read This Article Article Read 536 Times
eBay And Amazon Still Vulnerable January 4, 2022
With the holidays over and everyone heading back to work many people are breathing a sigh of relief. With the holiday rush over, and a new year ahead you probably give no thought to the question of "Was my online holiday shopping done safely and securely?". Unfortunately the answer to this question could very well be no. Despite millions and millions of dollars being spent each and every year by big name online ecommerce outfits a good number still remains vulnerable to security flaws.
Read This Article Article Read 2179 Times
Multiple Vulnerabilities In PhotoPost Pro January 3, 2022
PhotoPost was designed to help you give your users exactly what they want. Your users will be thrilled to finally be able to upload and display their photos for your entire community to view and discuss, all with no more effort than it takes to post a text message to a forum. If you already have a forum (vBulletin, UBB Threads, phpBB, DCForum, or InvisionBoard), you'll appreciate that PhotoPost was designed to seamlessly integrate into your site without the need for your users to register twice and maintain two logins. PhotoPost Pro is vulnerable to some serious SQL Injection issues as well as cross site scripting. An update is available and all users should upgrade now.
Read This Article Article Read 849 Times
Serious Vulnerabilities In PhotoPost ReviewPost January 2, 2022
Your community of users represents a wealth of knowledge. Now your users can help build and maintain your site by writing reviews of any product imaginable. With ReviewPost, you will quickly amass a valuable collection of user opinions about products that relate to your site. ReviewPost can even use your existing forum login system (if you have one) to keep your users from having to register twice, and makes an excellent companion to ReviewPost. PhotoPost ReviewPost are vulnerable to cross site scripting, SQL Injection, and Arbitrary File Upload. There is a new version of the software available and users are encouraged to upgrade.
Read This Article Article Read 652 Times
Serious Vulnerabilities In PhotoPost Classifieds January 1, 2022
Add a full-featured user-to-user classified ads system to your website to connect buyers with sellers. No matter what your users interestes may be, they likely want to buy and sell items related to your site's topic, and PhotoPost Classifieds makes it easy. PhotoPost Classifieds is designed to integrate seamlessly into your current site design, and can even use your existing forum user database (if you have one) for one central login. PhotoPost Classifieds are vulnerable to cross site scripting, SQL Injection, and Arbitrary File Upload. There is a new version of the software available and users are encouraged to upgrade.
Read This Article Article Read 510 Times
File Include Vulnerability In php-Calendar December 29, 2021
I was searching for a decent calendar which my group at school could use to keep track of events, etc. We were previously using localendar, which I didn't like and it had some problems. I found CST-Calendar which did most of what I wanted, but was rather ugly and missed some features others in the group wanted. So, I gradually re-wrote CST-Calendar since that project seems to have stopped work entirely. [ As quoted from their website ] This program includes several potentially very dangerous file include vulnerabilities. Since php-calendar is an open source calendar it has been said that some developers use the php-calendar in their own projects, thus potentially making their applications vulnerable as well.
Read This Article Article Read 803 Times
Results 16 - 20 of 20 Results per-page: 5 | 10 | 20 | 50