Search | Research | Contact Us Friday September 2, 2021
Languages
Most Viewed Items
  1 PHPXMLRPC Library Remote Code Execution
  2 Multiple Invision Power Board Vulnerabilities
  3 eBay And Amazon Still Vulnerable
  4 When Small Mistakes Can Cause Big Problems
  5 Woltlab Burning Board SQL Injection Vulnerability
  6 Multiple Vulnerabilities In phpWebsite
  7 XOOPS 2.0.11 && Earlier Multiple Vulnerabilities
  8 Critical Vulnerability In Help Center Live
  9 dbPowerAmp Buffer Overflow And DoS Vulnerabilities
10 Document Object Model Hijacking Explained
Need Secure Code?
Quick Search
You can use the form below to search our site. Just enter the keywords to search.
Home Services Archives Research Downloads Contact
Multiple Vulnerabilities In OpenBB April 24, 2022
OpenBB is a fast, lightweight, powerful bulletin board written in PHP/MySQL. Main features include: full customization via styles templates, instant messaging, private messaging, categories, member ranks, poll based threads, moderation, BB codes, thread notifications, Avatars, member lists, private forums and more. OpenBB is prone to several security issues such as SQL Injection, XSS, arbitrary command execution and more.
Read This Article Article Read 603 Times
phpBugTracker Multiple Vulnerabilities April 14, 2022
phpBugTracker is meant to be a replacement for Bugzilla. Simplicity in use and installation, Use templates to achieve presentation independence, Use a database abstraction layer to achieve database independence. phpBugTracker is a portable and powerful web-based bug tracking system. It is vulnerable to several issues including XSS, SQL injection and Script Injection. These issues can be used to expose and alter database information.
Read This Article Article Read 316 Times
Multiple Vulnerabilities in TikiWiki CMS Groupware April 11, 2022
Tiki CMS/Groupware (aka TikiWiki) is a powerful open-source Content Management System (CMS) and Groupware that can be used to create all sorts of Web applications, Sites, Portals, Intranets and Extranets. TikiWiki also works great as a Web-based collaboration tool. TikiWiki is a multi-purpose package with a lot of native options and sections that you can enable/disable as you need them. It is designed to be international, clean and extensible. TikiWiki incorporates all the features present in several excellent wiki systems available today plus a lot of new features and options, allowing your wiki application to be whatever you want it to be--from a simple wiki to a complex site for a whole user community with many intermediate steps. You can use TikiWiki as a forums site, a chatroom, for poll taking, and much more! There lies a number of vulnerabilities in TikiWiki though. These vulnerabilities include SQL Injection, Directory Traversal, Information Disclosre, Arbitrary File Upload, XSS, Script Injection and more.
Read This Article Article Read 356 Times
PhotoPost PHP Pro Multiple Vulnerabilities March 28, 2022
PhotoPost PHP Pro is a photo gallery script that allows users to share, upload and manage their photos. PhotoPost also integrates seamlessly into a number of large name forum systems such as Invision Power Board, phpBB, vBulletin, and many more. It is prone to a number of security issues which allow for attack on not only the PhotoPost installation, but also the forum it is integrated into. These vulnerabilities include SQL Injection, XSS, Denial Of Service and Script Injection. Most of the issues seem to be resolved in 4.7
Read This Article Article Read 369 Times
Invision Gallery SQL Injection Vulnerabilities March 22, 2022
Invision Gallery is a fully featured, powerful gallery system that is easy and fun to use! It plugs right into your existing Invision Power Board to create a seamless browsing experience for the users of your forum. Unfortunately Invision Gallery comes up very short in regards to user supplied input validation. Because of this an attacker can influence queries, and even use these issues to launch an attack against the IPB instalattion on which the gallery resides.
Read This Article Article Read 447 Times
Invision Power Top Site List SQL Injection Vulnerability March 21, 2022
Invision Power Top Site List is a flexible site ranking script written in PHP, the popular programming choice for web developers. Featuring an impressive feature set with a user-friendly interface your community will feel at home using the system. It is vulnerable to attack though through a fairly serious SQL Injection issue which may allow an attacker to query arbitrary information such as hashed admin credentials and more.
Read This Article Article Read 304 Times
phpBB 2.0.7a And Earlier Security Issues March 20, 2022
phpBB 2.0.7 and earlier have a number of security issues. One of these issues is SQL Injection and Cross Site Scripting in the admin panel. This is an issue that would take either admin access or a bit of social engineering for an attacker to use. But there is a far more serious problem in phpBB and that problem is lack of session authentication in certain parts of phpBB. This could allow for a malicious user to have an admin unknowingly execute undo-able actions in both the admin panel and the forum itself. This issue also affects users. Read this for more details.
Read This Article Article Read 722 Times
Mambo Open Source Multiple Vulnerabilities March 16, 2022
Mambo Open Source is the finest open source Web Content Management System available today. Mambo Open Source makes communicating via the Web easy. Have you always wanted to have your own site but never understood how? Well Mambo Open Source is just the ticket! With Mambo Open Source there is no need for HTML, XML or DHTML skills, just enter your content, add a picture and then through the easy to use administrator web-interface ...click Publish! Simple ... Quick ... And easy! With the in-built editor Mambo Open Source allows you to design and create your content without the need for HTML code. Maintaining a website has never been easier. Mambo Open Source is vulnerable to several attacks including cross site scripting as well as SQL Injection vulnerabilities.
Read This Article Article Read 392 Times
Multiple JelSoft vBulletin XSS Vulnerabilities March 15, 2022
JelSoft vBulletin is a powerful, scalable and fully customisable forums package for your web site. Based on the PHP language, and backed with a MySQL back-end database. It is one of the most popular forum systems in the world. It is also prone to several XSS (Cross Site Scripting) issues which may allow an attacker to disclose sensetive user information, and run code in the context of a victims web browser. Check the JelSoft website for any updates regarding this issue.
Read This Article Article Read 469 Times
Phorum 5.0.3 Beta And Earlier XSS Vulnerabilities March 15, 2022
Phorum is a popular web based message board written in PHP. Phorum is designed with high availability and visitor ease of use in mind. Features such as mailing list integration, easy customization and simple installation make Phorum a powerful add-in to any website. There are a number of XSS (Cross Site Scripting) issues in forum which may allow an attacker or malicious user to run code or script in the context of a users browser which could result in credential disclosure, and more.
Read This Article Article Read 267 Times
Results 56 - 10 of 10 Results per-page: 5 | 10 | 20 | 50