phpBB 2.0.6d && Earlier Security Issues	March 12, 2022
phpBB is a great forum system used by many millions of people. It is one of the more secure of the forum systems, but has a few issues still present; both of which allow for XSS (Cross Site Scripting). This problem presents itself in two different places. One of these places is viewtopic.php and the other is viewforum.php Shown are examples along with a brief explanation on how to replicate this issue. I have also released a fix, and will post official patch information as soon as it is made available. Thanks to the phpBB team for thier quick response!
Read This Article	Article Read 434 Times

Non Critical Invision Power Board Vulnerabilities	March 02, 2022
This is being released in response to the "vulnerability" recently discovered in Invision Power Board as seen here. We found a very similar vulnerability at the end of last year while researching IPB, but did not report it publicly as we did not see it as exploitable. We recently contacted BugTraq about this but the message was never published or rejected. Long story short you can find details of this "vulnerability" within. Also in this post is a flaw we discovered late last year that discloses the installation path in Invision Power Board. Neither of these vulnerabilities are critical and webmasters need not be alarmed. Upgrade is advised though as soon as a fix is available.
Read This Article	Article Read 373 Times

Possible Credential Exposure In Trillian Pro v2.01	March 01, 2022
Trillian is a multinetwork chat client that currently supports mIRC, AIM, ICQ, MSN, and Yahoo Messenger. It supports docking, multiline edit boxes, buddy alerts, multiple connections to the same medium, a powerful skinning language, easy importing of your existing contacts, skinnable emoticons, logging, global away/invisible features, and a unified contact list. It has a direct connection for AIM, support for user profiles, complete type formatting, buddy icons, proxy support, emotisounds, encrypted instant messaging to ICQ and AIM, AIM group chats, and shell extensions for file transfers. Unfortunately the automated email checking feature in Trillian leaves behind user credintials in a temporary file. To make matters worse these credentials are stored in the temporary file in plaintext, and may be accessed by other users on the host, or network depending on user permissions.
Read This Article	Article Read 271 Times

Multiple Vulnerabilities In phpShop	January 15, 2022
phpShop is a PHP-based e-commerce application and PHP development framework. phpShop offers the basic features needed to run a successful e-commerce web site and to extend its capabilities for multiple purposes. phpShop uses a nice development framework that allows web developers to easily extend its functionality through the use of modules. Its web-box architecture makes it easy to understand and work with, while providing powerful function management capabilities for your web application needs. It is one of the most popular php SQL driven e-commerce solutions available today. There are several vulnerabilities present in phpShop. The vulnerabilities are believed to affect all versions of phpShop currently distributed, and include SQL Injection, Arbitrary Customer Information Disclosure, Cross Site Scripting, and Script Injection. A fix for these vulnerabilities should be available shortly. Please visit the official phpShop website for more details as they are made available.
Read This Article	Article Read 410 Times

Multiple Vulnerabilities In phpGedView	January 13, 2022
The phpGedView project parses GEDCOM 5.5 genealogy files and displays them on the Internet in a format similar to PAF. It is one of the top 10 most popular projects at SourceForge. However, in addition to the vulnerabilities found by Vietnamese Security Group last week in phpGedView, GulfTech Security Research has also found a number of vulnerabilities which are now fixed in the latest beta release. These issues include SQL injection vulnerabilities, path disclosure vulnerabilities, cross site scriting vulnerabilities, and a denial of service vulnerability. Users are strongly encouraged to upgrade.
Read This Article	Article Read 332 Times

Multiple MetaDot Vulnerabilities Found	January 12, 2022
MetaDot is a very popular Open Source portal application written in Perl and powered by MySql. It's users range from home users to the likes of governments, banks, universities and even NASA ;) It has been found to be prone to SQL Injection, and XSS attacks due to not properl validating the user supplied input that it receives. It also divulges a great deal of information about it's host when calling certain invalid arguments. These vulnerabilities are believed to affect all versions including 5.6.5.4b5 and below. The MetaDot Corporation team has addresses the issues in the latest version though, and users are strongly encouraged to upgrade as soon as possible.
Read This Article	Article Read 294 Times

Vulnerabilities In PostNuke 0.726 Phoenix	January 03, 2022
PostNuke is a popular Open Source CMS (Content Management System) used by millions of people all across the world. GulfTech Security Research has recendly found a couple of vulnerabilities in the popular open source CMS (Content Managment System) PostNuke. Versions affected are 0.726 Phoenix and though not confirmed older versions may be affected as well. These vulnerabilities have been resolved by the developers very promptly and a patch is available at the official PostNuke website. The vulnerabilities discovered are SQL Injection and Cross Site Scripting. More details of the vulnerabilities available .
Read This Article	Article Read 327 Times

Multiple osCommerce Vulnerabilities	December 22, 2021
GulfTech Security Research has found yet more vulnerabilities in the popular ecommerce product osCommerce. These vulnerabilities include SQL Injection, Denial Of Service, and Cross Site Scripting. While there has been several vulnerabilities found in this product by us lately, I would like to point out that these finds only make for a more secure product. I do think that the next release of osCommerce (MS3) will be one of the most secure ecommerce products around. The osCommerce development team have been prompt in resolving these issues. Anyway, check out the full detailed report inside and the osCommerce website for a fix :o)
Read This Article	Article Read 853 Times

Multiple vulnerabilities in ASPapp Products	December 18, 2021
ASPapp offers a wide range of web applications written in .asp Amongst them is the fairly popular AspApp Portal. Several of these products have very weak security and can allow an attacker to completely take over an affected portal or site running the vulnerable software. The vulnerabilities include Script Injection, Account Hijacking, Privilege Escalation, Cross Site Scripting, and Plaintext Authentication Credentials.
Read This Article	Article Read 224 Times

Autorank PHP SQL Injection Vulnerability	December 18, 2021
Autorank PHP is a widely used topsite script offered by JMB Software. It is vulnerable to SQL Injection attacks in the "accounts.php" file. These vulnerabilities can be exploited by a malicious user via the lost password form, account edit form, or the registration form. The vulnerabilities leave user accounts open to compromise as well as the entire database that is being used for a particular top site.
Read This Article	Article Read 291 Times

osCommerce Malformed Session ID XSS Vulnerability	December 17, 2021
osCommerce is a very powerful open source e-commerce solution. It has been found however to be vulnerable to an XSS vuln due to the session id parameter not being properly sanitized. This seems to take place only over a secure, SSL connection, however it is believed to affect even regular http connections in the current CVS version. In some cases (namely the CVS version) the full path of the web directory may also be exposed when exploiting this vulnerability.
Read This Article	Article Read 275 Times

Multiple Vulnerabilities In Aardvark Topsites	December 16, 2021
Aardvark Topsites is a very powerful, and popular Topsites Ranking web application. Versions prior to 4.1.1 are vulnerable to a number of issues though. These issues include SQL Injection, Path Disclosure, Plaintext Weaknesses, and information disclosure vulnerabilities. You can update your Aardvark Topsite at the official download site. All users should upgrade as soon as possible.
Read This Article	Article Read 243 Times

Invision Power Board SQL Injection Vulnerability	December 16, 2021
Invision Power Board is one of the most popular and powerful forums available today. It is used by millions of people worldwide and businesses alike. There is however an SQL Injection vulnerability that affects ALL versions (even the non public releases). The people at Invision power were very prompt and professional in addressing the issue and there is now an available fix less than a week after I discovered the vulnerability. Details and a link to the fix are available in the report by GulfTech Security Research.
Read This Article	Article Read 427 Times

Invision Power Top Site List SQL Injection	December 15, 2021
Invision Power Top Site List is a flexible site ranking script written in PHP. Featuring an impressive feature set with a user-friendly interface. However It is vulnerable to SQL injection. This flaw is hard to exploit, thus it will not be addressed until the next release of the Invision Power Top Site List. No patches or immediate upgrade will be released.
Read This Article	Article Read 234 Times

Multiple Vulnerabilities In DU Ware Products	December 15, 2021
DU Ware are a company that offers a very large number of web based applications for both purchase and free download. Their products are vulnerable to a substantial number of attacks, and contain many weaknesses. This includes but is not limited to: Account HiJacking, Code Execution, Arbitrary File Upload, Privilege Escalation and more. There are currently no fixes for these issues, and no patches will be issued. I guess thier customers will have to wait til the new software versions to have thier data and servers be secure.
Read This Article	Article Read 241 Times

Security Issues In CGINews And CGIForum	December 14, 2021
CGINews and CGIForum are two fairly popular scripts by Markus Triska. CGINews is a multi-user Web site news posting system written in Perl. And CGIForum is A template based discussion board also written in Perl. However they both rely on a very weak encryption algorithm that can be decrypted easily. The author has no plans on switching to a more secure one way encryption, so if security is a concern try another forum system.
Read This Article	Article Read 231 Times

osCommerce 2.2-MS1 SQL Injection Vulnerability	December 12, 2021
osCommerce is one of the most popular Open Source e-commerce solutions in the world today. It comes with many out of the box features and is constantly being developed by the Open Source Community. Recently GulfTech Security Research has discovered an SQL Injection vuln in the create_account_process.php and the account_edit_process.php files. This vulnerability is present in osCommerce 2.2-MS1 but does not appear to be an issue in osCommerce 2.2-MS2. Advice to all osCommerce shop owners is to upgrade to the latest version of osCommerce by clicking here.
Read This Article	Article Read 410 Times

Multiple Vulnerabilities In Snitz Forums 2000	June 16, 2022
Snitz forums is a full-featured UBB-style ASP discussion board application used by thousands of people across the web. Recently I found many serious vulnerabilities in this application that may allow an attacker to take over an entire Snitz forum. The vulnerabilities include cross site scripting issues, cookie authentication bypass vulnerability, and a password reset vulnerability. Users are encouraged to upgrade as soon as possible.
Read This Article	Article Read 574 Times

Multiple Vulnerabilities In Max Web Portal	June 06, 2022
MaxWebPortal is a web portal and online community system which includes advanced features such as web-based administration, poll, private/public events calendar, user customizable color themes, classifieds, user control panel, online pager, link, file, article, picture managers and much more. Easy-to-use and powerful user interface allows members to add news, content, write reviews and share information among other registered users. MaxWebPortal has multiple vulnerabilities which include cross site scripting, hidden form weaknesses, Database exposure, and a password reset vulnerability.
Read This Article	Article Read 368 Times

QPC MegaBrowser Multiple Vulnerabilities	June 04, 2022
QPC MegaBrowser is a webserver / FTP server in one. Aimed at home users and small business who would like to run their own FTP and HTTP servers. However it is vulnerable to a directory traversal vulnerability which allows access to any file on the system as well as directory viewing of the root web directory. There is also a user enumeration vulnerability in the FTP server that allows an attacker to enumerate valid usernames.
Read This Article	Article Read 219 Times

Vulns In Pablo Software Solutions FTP Service 1.2	June 03, 2022
FTPService.exe is a service-version of Pablo's FTP Server. This service enables you to have the Pablo FTP server active even when you're not logged into Windows. By default this application is totally open to compromise, and also leaves the users machine open to attacks by allowing access to any file in the C drive. This can be prevented by changing privileges of, or disabling access to the anonymous account. The passwords for Pablo FTP Service are also stored in plaintext, which can definitely be a big threat if the default anonymous account is enabled.
Read This Article	Article Read 272 Times

WinMX Plaintext Password Vulnerabilities	June 02, 2022
WinMX 2.6 is an older version of the popular file sharing client WinMX. While the current version is 3.31, 2.6 still remains quite popular. Especially amongst users on private networks. I believe this is largely due to the fact that 2.6 does not have the option to output .wsx file (WinMX server list files) This helps keep the addresses for private OpenNap servers out of the hands of uninvited users (amongst other reasons). The problems with WinMX 2.6 is that it provides pretty much NO password protection. This can be exploited both locally and remotely. Again, I think all of us have seen the bad habit that most people have of using the same password for multiple accounts etc etc.
Read This Article	Article Read 593 Times

Vulnerabilities In P-Synch Password Management	May 30, 2022
P-Synch is a total password management solution. It is intended to reduce the cost of ownership of password systems, and simultaneously improve the security of password protected systems. This is done through: Password Synchronization. Enforcing an enterprise wide password strength policy. Allowing authenticated users to reset their own forgotten passwords and enable their locked out accounts. Streamlining help desk call resolution for password resets. P-Synch is available for both internal use, on the corporate Intranet, as well as for the Internet deployment in B2B and B2C applications. There are a few vulnerabilities in P-Synch such as path disclosure, cross site scripting, and arbitrary file inclusion. Users should upgrade immediately.
Read This Article	Article Read 261 Times

SubScan 1.2 DNS Discovery Utility Released	May 25, 2022
SubScan is a DNS utility that i built for myself and decided to share it with the public. Any of you who have used the earlier versions should know that this version is COMPLETELY different. It's almost a completely different program, but accomplishes the same thing really. Here are some things that are new and improved in SubScan 1.2 If you have any comments, questions, or need help or anything else feel free to ask on the forums. Be sure to check out the readme file first though, as it might just have the answer you are looking for. Anyone using the contact forms for tech questions will be ignored.
Read This Article	Article Read 84 Times

IISamDiscover And IISamCrack Now Available	May 02, 2022
Recently I noticed that the Microsoft IIS Accounts Manager could be used to verify accounts much like the VRFY and EXPN commands with sendmail. Turns out that David Lichtfield discovered this vuln years earlier, but I don't think it was ever an official BID until I posted the issue to BugTraq. Anyway, below is a link to the example code that I wrote. The versions posted at BugTraq are the same, but the formatting got completely trashed. IISamCrack attempts to enumerate weak passwords using a dictionary style attck on the Microsoft IIS Accounts Manager. IISamDiscover uses the Accounts Manager User Existence Disclosure Vulnerability to confirm or deny the exsistance of a user on the machine using a list of probable usernames.
Read This Article	Article Read 87 Times

Invision Board Plaintext Password Vulnerability	April 25, 2022
Invision Board has been stores restricted forum credentials as plain text embedded in cookie data. These are the forums where you need a password to get access into the forum. If the Invision Board admin 'pass protected' option is activated for a specific forum, on attempted access to the controlled area, the restricted forum password is stored as plaintext in a local cookie. This is dangerous because if an attacker can steal the legit users cookie via cross site scripting or some other method, then they can gain access to the restricted forum(s). This vulnerability affects all versions of Invision Power Board. Users should under no circumstances disclose any sensitive or personal information on these "restricted" forums, as they are not secure and prone to attack.
Read This Article	Article Read 336 Times

JpegX Password Bypass Vulnerability	April 20, 2022
Jpegx is a modern day application of steganography. It will encrypt and hide messages in jpeg files to provide ample medium for sending secure information. The images remain visually unchanged but the code inside is altered to hide your message. Anyone with the Jpegx program could read your message as long as they know the password that you encrypted it with. There lies a vulnerability that allows the password feature to be pretty much useless, as it will accept any password. Users should upgrade immediately.
Read This Article	Article Read 656 Times

Multiple Vulnerabilities In PHP Links	January 17, 2022
phpLinks is an open source free PHP script. phpLinks allows you to run a very powerful link farm or search engine. phpLinks has multilevel site categorization, infinite threaded search capabilities and more. phpLinks is prone to HTML injection due to a vulnerability in the search feature. Search queries are not sufficiently sanitized of HTML and script code. These search queries may potentially be displayed to other users when the most popular searches are viewed. If an attacker includes malicious HTML or script code in these queries, it is possible that the attacker-supplied code may be rendered in the web client software of other users. This is just one of several code injection issues in phpLinks.
Read This Article	Article Read 242 Times

Vulnerabilities In PHP Topsites	January 13, 2022
PHP TopSites is a PHP/MySQL-based customizable TopList script. Main features include: Easy configuration config file; MySQL database backend; unlimited categories, Site rating on incoming votes; Special Rating from Webmaster; anti-cheating gateway; Random link; Lost password function; Webmaster Site-approval; Edit site; ProcessingTime display; Cookies Anti-Cheating; Site Reviews; Linux Cron Free; Frame Protection and much more. We have discovered this application has several vulnerabilities. These vulnerabilities include, but are not limited to: Cross Site Scripting vulnerabilities, SQL Injection, Script Injection, and Plaintext password weakness. Users are advised to upgrade immediately. The most recent version of iTop PHP Topsites can be found at thier official website.
Read This Article	Article Read 326 Times