Search | WebPortal | Contact Us
Recent News
Languages


Search
You can use the form below to search our site. Just enter the keywords to search.










Invision Power Top Site List SQL Injection Vulnerability March 21, 2022
Invision Power Top Site List is a flexible site ranking script written in PHP, the popular programming choice for web developers. Featuring an impressive feature set with a user-friendly interface your community will feel at home using the system. It is vulnerable to attack though through a fairly serious SQL Injection issue which may allow an attacker to query arbitrary information such as hashed admin credentials and more.
Read This Article Article Read 154 Times


phpBB 2.0.7a And Earlier Security Issues March 20, 2022
phpBB 2.0.7 and earlier have a number of security issues. One of these issues is SQL Injection and Cross Site Scripting in the admin panel. This is an issue that would take either admin access or a bit of social engineering for an attacker to use. But there is a far more serious problem in phpBB and that problem is lack of session authentication in certain parts of phpBB. This could allow for a malicious user to have an admin unknowingly execute undo-able actions in both the admin panel and the forum itself. This issue also affects users. Read this for more details.
Read This Article Article Read 387 Times


Mambo Open Source Multiple Vulnerabilities March 16, 2022
Mambo Open Source is the finest open source Web Content Management System available today. Mambo Open Source makes communicating via the Web easy. Have you always wanted to have your own site but never understood how? Well Mambo Open Source is just the ticket! With Mambo Open Source there is no need for HTML, XML or DHTML skills, just enter your content, add a picture and then through the easy to use administrator web-interface ...click Publish! Simple ... Quick ... And easy! With the in-built editor Mambo Open Source allows you to design and create your content without the need for HTML code. Maintaining a website has never been easier. Mambo Open Source is vulnerable to several attacks including cross site scripting as well as SQL Injection vulnerabilities.
Read This Article Article Read 186 Times


Multiple JelSoft vBulletin XSS Vulnerabilities March 15, 2022
JelSoft vBulletin is a powerful, scalable and fully customisable forums package for your web site. Based on the PHP language, and backed with a MySQL back-end database. It is one of the most popular forum systems in the world. It is also prone to several XSS (Cross Site Scripting) issues which may allow an attacker to disclose sensetive user information, and run code in the context of a victims web browser. Check the JelSoft website for any updates regarding this issue.
Read This Article Article Read 195 Times


Phorum 5.0.3 Beta And Earlier XSS Vulnerabilities March 15, 2022
Phorum is a popular web based message board written in PHP. Phorum is designed with high availability and visitor ease of use in mind. Features such as mailing list integration, easy customization and simple installation make Phorum a powerful add-in to any website. There are a number of XSS (Cross Site Scripting) issues in forum which may allow an attacker or malicious user to run code or script in the context of a users browser which could result in credential disclosure, and more.
Read This Article Article Read 110 Times


phpBB 2.0.6d && Earlier Security Issues March 12, 2022
phpBB is a great forum system used by many millions of people. It is one of the more secure of the forum systems, but has a few issues still present; both of which allow for XSS (Cross Site Scripting). This problem presents itself in two different places. One of these places is viewtopic.php and the other is viewforum.php Shown are examples along with a brief explanation on how to replicate this issue. I have also released a fix, and will post official patch information as soon as it is made available. Thanks to the phpBB team for thier quick response!
Read This Article Article Read 231 Times


Non Critical Invision Power Board Vulnerabilities March 02, 2022
This is being released in response to the "vulnerability" recently discovered in Invision Power Board as seen here. We found a very similar vulnerability at the end of last year while researching IPB, but did not report it publicly as we did not see it as exploitable. We recently contacted BugTraq about this but the message was never published or rejected. Long story short you can find details of this "vulnerability" within. Also in this post is a flaw we discovered late last year that discloses the installation path in Invision Power Board. Neither of these vulnerabilities are critical and webmasters need not be alarmed. Upgrade is advised though as soon as a fix is available.
Read This Article Article Read 122 Times


Possible Credential Exposure In Trillian Pro v2.01 March 01, 2022
Trillian is a multinetwork chat client that currently supports mIRC, AIM, ICQ, MSN, and Yahoo Messenger. It supports docking, multiline edit boxes, buddy alerts, multiple connections to the same medium, a powerful skinning language, easy importing of your existing contacts, skinnable emoticons, logging, global away/invisible features, and a unified contact list. It has a direct connection for AIM, support for user profiles, complete type formatting, buddy icons, proxy support, emotisounds, encrypted instant messaging to ICQ and AIM, AIM group chats, and shell extensions for file transfers. Unfortunately the automated email checking feature in Trillian leaves behind user credintials in a temporary file. To make matters worse these credentials are stored in the temporary file in plaintext, and may be accessed by other users on the host, or network depending on user permissions.
Read This Article Article Read 112 Times


Multiple Vulnerabilities In phpShop January 15, 2022
phpShop is a PHP-based e-commerce application and PHP development framework. phpShop offers the basic features needed to run a successful e-commerce web site and to extend its capabilities for multiple purposes. phpShop uses a nice development framework that allows web developers to easily extend its functionality through the use of modules. Its web-box architecture makes it easy to understand and work with, while providing powerful function management capabilities for your web application needs. It is one of the most popular php SQL driven e-commerce solutions available today. There are several vulnerabilities present in phpShop. The vulnerabilities are believed to affect all versions of phpShop currently distributed, and include SQL Injection, Arbitrary Customer Information Disclosure, Cross Site Scripting, and Script Injection. A fix for these vulnerabilities should be available shortly. Please visit the official phpShop website for more details as they are made available.
Read This Article Article Read 207 Times


Multiple Vulnerabilities In phpGedView January 13, 2022
The phpGedView project parses GEDCOM 5.5 genealogy files and displays them on the Internet in a format similar to PAF. It is one of the top 10 most popular projects at SourceForge. However, in addition to the vulnerabilities found by Vietnamese Security Group last week in phpGedView, GulfTech Security Research has also found a number of vulnerabilities which are now fixed in the latest beta release. These issues include SQL injection vulnerabilities, path disclosure vulnerabilities, cross site scriting vulnerabilities, and a denial of service vulnerability. Users are strongly encouraged to upgrade.
Read This Article Article Read 142 Times


Multiple MetaDot Vulnerabilities Found January 12, 2022
MetaDot is a very popular Open Source portal application written in Perl and powered by MySql. It's users range from home users to the likes of governments, banks, universities and even NASA ;) It has been found to be prone to SQL Injection, and XSS attacks due to not properl validating the user supplied input that it receives. It also divulges a great deal of information about it's host when calling certain invalid arguments. These vulnerabilities are believed to affect all versions including 5.6.5.4b5 and below. The MetaDot Corporation team has addresses the issues in the latest version though, and users are strongly encouraged to upgrade as soon as possible.
Read This Article Article Read 117 Times


Vulnerabilities In PostNuke 0.726 Phoenix January 03, 2022
PostNuke is a popular Open Source CMS (Content Management System) used by millions of people all across the world. GulfTech Security Research has recendly found a couple of vulnerabilities in the popular open source CMS (Content Managment System) PostNuke. Versions affected are 0.726 Phoenix and though not confirmed older versions may be affected as well. These vulnerabilities have been resolved by the developers very promptly and a patch is available at the official PostNuke website. The vulnerabilities discovered are SQL Injection and Cross Site Scripting. More details of the vulnerabilities available .
Read This Article Article Read 143 Times


Multiple osCommerce Vulnerabilities December 22, 2021
GulfTech Security Research has found yet more vulnerabilities in the popular ecommerce product osCommerce. These vulnerabilities include SQL Injection, Denial Of Service, and Cross Site Scripting. While there has been several vulnerabilities found in this product by us lately, I would like to point out that these finds only make for a more secure product. I do think that the next release of osCommerce (MS3) will be one of the most secure ecommerce products around. The osCommerce development team have been prompt in resolving these issues. Anyway, check out the full detailed report inside and the osCommerce website for a fix :o)
Read This Article Article Read 334 Times


Multiple vulnerabilities in ASPapp Products December 18, 2021
ASPapp offers a wide range of web applications written in .asp Amongst them is the fairly popular AspApp Portal. Several of these products have very weak security and can allow an attacker to completely take over an affected portal or site running the vulnerable software. The vulnerabilities include Script Injection, Account Hijacking, Privilege Escalation, Cross Site Scripting, and Plaintext Authentication Credentials.
Read This Article Article Read 96 Times


Autorank PHP SQL Injection Vulnerability December 18, 2021
Autorank PHP is a widely used topsite script offered by JMB Software. It is vulnerable to SQL Injection attacks in the "accounts.php" file. These vulnerabilities can be exploited by a malicious user via the lost password form, account edit form, or the registration form. The vulnerabilities leave user accounts open to compromise as well as the entire database that is being used for a particular top site.
Read This Article Article Read 120 Times


osCommerce Malformed Session ID XSS Vulnerability December 17, 2021
osCommerce is a very powerful open source e-commerce solution. It has been found however to be vulnerable to an XSS vuln due to the session id parameter not being properly sanitized. This seems to take place only over a secure, SSL connection, however it is believed to affect even regular http connections in the current CVS version. In some cases (namely the CVS version) the full path of the web directory may also be exposed when exploiting this vulnerability.
Read This Article Article Read 113 Times


Multiple Vulnerabilities In Aardvark Topsites December 16, 2021
Aardvark Topsites is a very powerful, and popular Topsites Ranking web application. Versions prior to 4.1.1 are vulnerable to a number of issues though. These issues include SQL Injection, Path Disclosure, Plaintext Weaknesses, and information disclosure vulnerabilities. You can update your Aardvark Topsite at the official download site. All users should upgrade as soon as possible.
Read This Article Article Read 100 Times


Invision Power Board SQL Injection Vulnerability December 16, 2021
Invision Power Board is one of the most popular and powerful forums available today. It is used by millions of people worldwide and businesses alike. There is however an SQL Injection vulnerability that affects ALL versions (even the non public releases). The people at Invision power were very prompt and professional in addressing the issue and there is now an available fix less than a week after I discovered the vulnerability. Details and a link to the fix are available in the report by GulfTech Security Research.
Read This Article Article Read 183 Times


Invision Power Top Site List SQL Injection December 15, 2021
Invision Power Top Site List is a flexible site ranking script written in PHP. Featuring an impressive feature set with a user-friendly interface. However It is vulnerable to SQL injection. This flaw is hard to exploit, thus it will not be addressed until the next release of the Invision Power Top Site List. No patches or immediate upgrade will be released.
Read This Article Article Read 99 Times


Multiple Vulnerabilities In DU Ware Products December 15, 2021
DU Ware are a company that offers a very large number of web based applications for both purchase and free download. Their products are vulnerable to a substantial number of attacks, and contain many weaknesses. This includes but is not limited to: Account HiJacking, Code Execution, Arbitrary File Upload, Privilege Escalation and more. There are currently no fixes for these issues, and no patches will be issued. I guess thier customers will have to wait til the new software versions to have thier data and servers be secure.
Read This Article Article Read 108 Times




back 1 2 3 4 - Next Results per-page: 5 | 10 | 20 | 50
Results 31 - 50 of 64 Page 2.5 of 4




Copyright 2004 GulfTech Research And Development, All Rights Reserved