GulfTech Research And Development

Search | Research | Contact Us

Saturday September 10, 2021

Languages

Most Viewed Items

1	PHPXMLRPC Library Remote Code Execution
2	Multiple Invision Power Board Vulnerabilities
3	eBay And Amazon Still Vulnerable
4	When Small Mistakes Can Cause Big Problems
5	Woltlab Burning Board SQL Injection Vulnerability
6	Multiple Vulnerabilities In phpWebsite
7	XOOPS 2.0.11 && Earlier Multiple Vulnerabilities
8	Critical Vulnerability In Help Center Live
9	dbPowerAmp Buffer Overflow And DoS Vulnerabilities
10	Document Object Model Hijacking Explained

Need Secure Code?

Developers, are you concerned with the security of your product? We offer a wide range of security assessment programs that are specifically aimed at making the security of your web applications above and beyond that of your competition, as well as most of the web applications available today. Our rates are very affordable, and our programs are among the most flexible. Don't put something as important as the security of your information in the hands of amateurs, you can't afford to. Contact us today for a free service estimate and consultation.

Quick Search

You can use the form below to search our site. Just enter the keywords to search.

Possible Security Issues In LiveWorld Products	August 23, 2021
LiveWorld provides collaborative services for online meetings, customer care, and loyalty marketing. Supporting communication between a company and its customers, employees, or partners and among those people themselves - our services help corporations cut costs, increase revenue, and solidify relationships with groups critical to their success. The affected products are beleived to be prone to Cross Site Scripting issues which allow a malicious user to steal sensitive data, temporarily deface a page, or render any malicious script in the context of the victim's browser. The software believed to be vulnerable is LiveForum, LiveQ&A;, and LiveFocusGroups. LiveWorld products are used on major websites such as HBO, eBay, and others.
Read This Article	Article Read 581 Times

BadBlue Web Server Denial of Service Vulnerability	August 20, 2021
BadBlue lets you run a no-hassle Web site on your own PC for free, including a domain name you can choose. Within seconds, you can transform your PC into a friendly, file-sharing Web server with all the power of a real server on the Internet. Remote users can search for files, explore your shared folders, and run full-blown applications created in HTML, PHP, Perl, and so on. This HTTP server is vulnerable to a Denial of Service attack. This attack can take place when a malicious user makes a certain number of connections to the server. Included is proof of concept code.
Read This Article	Article Read 356 Times

SubScan 1.3 DNS Enumeration Utility Released	August 18, 2021
After a way too long awaited release SubScan 1.3 is here. It is a beta copy, but works. I call it a beta because right now it is only for the Windows OS. I plan changing this in the very near future, but until then the source is available if you want to make it better. Some of the new features in SubScan 1.3 are netblock scans, deep scan, and a wildcard DNS option that helps ignore duplicate records. The deep scan is my favorite feature of the new release, and allows for the enumaration of up to one hundred times more DNS records than in SubScan 1.2. If you have any questions about this release you can get them answered on our forums. Please read the README file before asking any questions though
Read This Article	Article Read 744 Times

Invision Power Board IP Spoofing Vulnerability	June 16, 2022
Invision Power Board (IPB) is a professional forum system that has been built from the ground up with speed and security in mind, taking advantage of object oriented code, highly-optimized SQL queries, and the fast PHP engine. A comprehensive administration control panel is included to help you keep your board running smoothly. Moderators will also enjoy the full range of options available to them via built-in tools and moderators control panel. Members will appreciate the ability to subscribe to topics, send private messages, and perform a host of other options through the user control panel. It is used by millions of people over the world. There lies a vulnerability in all version of Invision Power Board that allow a user to spoof his/her IP address by creating a bogus X_FORWARDED_FOR HTTP Header entry. This condition can also be caused by a user unknowingly if they use a proxy to access the internet. For example, private LAN based IP's will be logged which are impossible to trace.
Read This Article	Article Read 687 Times

Multiple Vulnerabilities In PHPX 3.26 And Earlier	May 04, 2022
PHPX is a constantly evolving and changing Content Management System (CMS). PHPX is highly customizable and high powered all in one system. PHPX provides content management combined with the power of a portal by including in the core package modules such as FAQ, polls, and forums. PHPX uses dynamic-template-design, what this means is that you have the power to control what your site will look like. Themes are included, but not required. You can create the page however you want, and PHPX will just insert code where you want it. No more 3 columns if you donâ€™t want it! Written in the powerful server language, PHP, and utilizing the amazingly fast and secure database MySQL, PHPX is a great solution for all size website communities, at the best price possibleâ€¦free! Vulnerabilities are present in version(s) 3.2.6 and earlier and present themselves in the form of cross site scripting, path disclosure, and arbitrary command execution. Users are advised to upgrade immeadiately.
Read This Article	Article Read 304 Times

Results 51 - 5 of 5

Results per-page: 5 | 10 | 20 | 50

Terms of Use | Disclaimer | About GulfTech
Copyright 2005 GulfTech Research And Development, LLC. All Rights Reserved