Security Issues In CGINews And CGIForum	December 14, 2021
CGINews and CGIForum are two fairly popular scripts by Markus Triska. CGINews is a multi-user Web site news posting system written in Perl. And CGIForum is A template based discussion board also written in Perl. However they both rely on a very weak encryption algorithm that can be decrypted easily. The author has no plans on switching to a more secure one way encryption, so if security is a concern try another forum system.
Read This Article	Article Read 225 Times

osCommerce 2.2-MS1 SQL Injection Vulnerability	December 12, 2021
osCommerce is one of the most popular Open Source e-commerce solutions in the world today. It comes with many out of the box features and is constantly being developed by the Open Source Community. Recently GulfTech Security Research has discovered an SQL Injection vuln in the create_account_process.php and the account_edit_process.php files. This vulnerability is present in osCommerce 2.2-MS1 but does not appear to be an issue in osCommerce 2.2-MS2. Advice to all osCommerce shop owners is to upgrade to the latest version of osCommerce by clicking here.
Read This Article	Article Read 397 Times

Multiple Vulnerabilities In Snitz Forums 2000	June 16, 2022
Snitz forums is a full-featured UBB-style ASP discussion board application used by thousands of people across the web. Recently I found many serious vulnerabilities in this application that may allow an attacker to take over an entire Snitz forum. The vulnerabilities include cross site scripting issues, cookie authentication bypass vulnerability, and a password reset vulnerability. Users are encouraged to upgrade as soon as possible.
Read This Article	Article Read 564 Times

Multiple Vulnerabilities In Max Web Portal	June 06, 2022
MaxWebPortal is a web portal and online community system which includes advanced features such as web-based administration, poll, private/public events calendar, user customizable color themes, classifieds, user control panel, online pager, link, file, article, picture managers and much more. Easy-to-use and powerful user interface allows members to add news, content, write reviews and share information among other registered users. MaxWebPortal has multiple vulnerabilities which include cross site scripting, hidden form weaknesses, Database exposure, and a password reset vulnerability.
Read This Article	Article Read 360 Times

QPC MegaBrowser Multiple Vulnerabilities	June 04, 2022
QPC MegaBrowser is a webserver / FTP server in one. Aimed at home users and small business who would like to run their own FTP and HTTP servers. However it is vulnerable to a directory traversal vulnerability which allows access to any file on the system as well as directory viewing of the root web directory. There is also a user enumeration vulnerability in the FTP server that allows an attacker to enumerate valid usernames.
Read This Article	Article Read 212 Times