|
Mambo Open Source Multiple Vulnerabilities
|
March 16, 2022 |
|
Mambo Open Source is the finest open source Web Content Management
System available today. Mambo Open Source makes communicating via
the Web easy. Have you always wanted to have your own site but never
understood how? Well Mambo Open Source is just the ticket! With Mambo
Open Source there is no need for HTML, XML or DHTML skills, just enter
your content, add a picture and then through the easy to use
administrator web-interface ...click Publish! Simple ... Quick ... And
easy! With the in-built editor Mambo Open Source allows you to design
and create your content without the need for HTML code. Maintaining a
website has never been easier. Mambo Open Source is vulnerable to
several attacks including cross site scripting as well as SQL Injection
vulnerabilities.
|
|
Read This Article
|
Article Read 228 Times |
|
Multiple JelSoft vBulletin XSS Vulnerabilities
|
March 15, 2022 |
|
JelSoft vBulletin is a powerful, scalable and fully customisable
forums package for your web site. Based on the PHP language, and
backed with a MySQL back-end database. It is one of the most
popular forum systems in the world. It is also prone to several
XSS (Cross Site Scripting) issues which may allow an attacker to
disclose sensetive user information, and run code in the context
of a victims web browser. Check the JelSoft website for any updates
regarding this issue.
|
|
Read This Article
|
Article Read 272 Times |
|
Phorum 5.0.3 Beta And Earlier XSS Vulnerabilities
|
March 15, 2022 |
|
Phorum is a popular web based message board written in PHP. Phorum is designed with high availability and visitor ease of use in mind. Features such as mailing list integration, easy customization and simple installation make Phorum a powerful add-in to any website. There are a number of XSS (Cross Site Scripting) issues in forum which may allow an attacker or malicious user to run code or script in the context of a users browser which could result in credential disclosure, and more.
|
|
Read This Article
|
Article Read 148 Times |
|
phpBB 2.0.6d && Earlier Security Issues
|
March 12, 2022 |
|
phpBB is a great forum system used by many millions of people. It is one of the more secure of the forum systems, but has a few issues still present; both of which allow for XSS (Cross Site Scripting). This problem presents itself in two different places. One of these places is viewtopic.php and the other is viewforum.php Shown are examples along with a brief explanation on how to replicate this issue. I have also released a fix, and will post official patch information as soon as it is made available. Thanks to the phpBB team for thier quick response!
|
|
Read This Article
|
Article Read 278 Times |
|
Non Critical Invision Power Board Vulnerabilities
|
March 02, 2022 |
|
This is being released in response to the "vulnerability" recently
discovered in Invision Power Board as seen here. We found a very
similar vulnerability at the end of last year while researching IPB,
but did not report it publicly as we did not see it as exploitable.
We recently contacted BugTraq about this but the message was never
published or rejected. Long story short you can find details of this
"vulnerability" within. Also in this post is a flaw we discovered
late last year that discloses the installation path in Invision Power
Board. Neither of these vulnerabilities are critical and webmasters
need not be alarmed. Upgrade is advised though as soon as a fix is
available.
|
|
Read This Article
|
Article Read 160 Times |
|
