Multiple MetaDot Vulnerabilities Found	January 12, 2022
MetaDot is a very popular Open Source portal application written in Perl and powered by MySql. It's users range from home users to the likes of governments, banks, universities and even NASA ;) It has been found to be prone to SQL Injection, and XSS attacks due to not properl validating the user supplied input that it receives. It also divulges a great deal of information about it's host when calling certain invalid arguments. These vulnerabilities are believed to affect all versions including 5.6.5.4b5 and below. The MetaDot Corporation team has addresses the issues in the latest version though, and users are strongly encouraged to upgrade as soon as possible.
Read This Article	Article Read 288 Times

Vulnerabilities In PostNuke 0.726 Phoenix	January 03, 2022
PostNuke is a popular Open Source CMS (Content Management System) used by millions of people all across the world. GulfTech Security Research has recendly found a couple of vulnerabilities in the popular open source CMS (Content Managment System) PostNuke. Versions affected are 0.726 Phoenix and though not confirmed older versions may be affected as well. These vulnerabilities have been resolved by the developers very promptly and a patch is available at the official PostNuke website. The vulnerabilities discovered are SQL Injection and Cross Site Scripting. More details of the vulnerabilities available .
Read This Article	Article Read 323 Times

Multiple osCommerce Vulnerabilities	December 22, 2021
GulfTech Security Research has found yet more vulnerabilities in the popular ecommerce product osCommerce. These vulnerabilities include SQL Injection, Denial Of Service, and Cross Site Scripting. While there has been several vulnerabilities found in this product by us lately, I would like to point out that these finds only make for a more secure product. I do think that the next release of osCommerce (MS3) will be one of the most secure ecommerce products around. The osCommerce development team have been prompt in resolving these issues. Anyway, check out the full detailed report inside and the osCommerce website for a fix :o)
Read This Article	Article Read 835 Times

Multiple vulnerabilities in ASPapp Products	December 18, 2021
ASPapp offers a wide range of web applications written in .asp Amongst them is the fairly popular AspApp Portal. Several of these products have very weak security and can allow an attacker to completely take over an affected portal or site running the vulnerable software. The vulnerabilities include Script Injection, Account Hijacking, Privilege Escalation, Cross Site Scripting, and Plaintext Authentication Credentials.
Read This Article	Article Read 222 Times

Autorank PHP SQL Injection Vulnerability	December 18, 2021
Autorank PHP is a widely used topsite script offered by JMB Software. It is vulnerable to SQL Injection attacks in the "accounts.php" file. These vulnerabilities can be exploited by a malicious user via the lost password form, account edit form, or the registration form. The vulnerabilities leave user accounts open to compromise as well as the entire database that is being used for a particular top site.
Read This Article	Article Read 283 Times

osCommerce Malformed Session ID XSS Vulnerability	December 17, 2021
osCommerce is a very powerful open source e-commerce solution. It has been found however to be vulnerable to an XSS vuln due to the session id parameter not being properly sanitized. This seems to take place only over a secure, SSL connection, however it is believed to affect even regular http connections in the current CVS version. In some cases (namely the CVS version) the full path of the web directory may also be exposed when exploiting this vulnerability.
Read This Article	Article Read 269 Times

Multiple Vulnerabilities In Aardvark Topsites	December 16, 2021
Aardvark Topsites is a very powerful, and popular Topsites Ranking web application. Versions prior to 4.1.1 are vulnerable to a number of issues though. These issues include SQL Injection, Path Disclosure, Plaintext Weaknesses, and information disclosure vulnerabilities. You can update your Aardvark Topsite at the official download site. All users should upgrade as soon as possible.
Read This Article	Article Read 238 Times

Invision Power Board SQL Injection Vulnerability	December 16, 2021
Invision Power Board is one of the most popular and powerful forums available today. It is used by millions of people worldwide and businesses alike. There is however an SQL Injection vulnerability that affects ALL versions (even the non public releases). The people at Invision power were very prompt and professional in addressing the issue and there is now an available fix less than a week after I discovered the vulnerability. Details and a link to the fix are available in the report by GulfTech Security Research.
Read This Article	Article Read 416 Times

Invision Power Top Site List SQL Injection	December 15, 2021
Invision Power Top Site List is a flexible site ranking script written in PHP. Featuring an impressive feature set with a user-friendly interface. However It is vulnerable to SQL injection. This flaw is hard to exploit, thus it will not be addressed until the next release of the Invision Power Top Site List. No patches or immediate upgrade will be released.
Read This Article	Article Read 229 Times

Multiple Vulnerabilities In DU Ware Products	December 15, 2021
DU Ware are a company that offers a very large number of web based applications for both purchase and free download. Their products are vulnerable to a substantial number of attacks, and contain many weaknesses. This includes but is not limited to: Account HiJacking, Code Execution, Arbitrary File Upload, Privilege Escalation and more. There are currently no fixes for these issues, and no patches will be issued. I guess thier customers will have to wait til the new software versions to have thier data and servers be secure.
Read This Article	Article Read 238 Times