Search | Research | Contact Us Tuesday September 6, 2021
Languages
Most Viewed Items
  1 PHPXMLRPC Library Remote Code Execution
  2 Multiple Invision Power Board Vulnerabilities
  3 eBay And Amazon Still Vulnerable
  4 When Small Mistakes Can Cause Big Problems
  5 Woltlab Burning Board SQL Injection Vulnerability
  6 Multiple Vulnerabilities In phpWebsite
  7 XOOPS 2.0.11 && Earlier Multiple Vulnerabilities
  8 Critical Vulnerability In Help Center Live
  9 dbPowerAmp Buffer Overflow And DoS Vulnerabilities
10 Document Object Model Hijacking Explained
Need Secure Code?
Quick Search
You can use the form below to search our site. Just enter the keywords to search.
Home Services Archives Research Downloads Contact
Invision Board Plaintext Password Vulnerability April 25, 2022
Invision Board has been stores restricted forum credentials as plain text embedded in cookie data. These are the forums where you need a password to get access into the forum. If the Invision Board admin 'pass protected' option is activated for a specific forum, on attempted access to the controlled area, the restricted forum password is stored as plaintext in a local cookie. This is dangerous because if an attacker can steal the legit users cookie via cross site scripting or some other method, then they can gain access to the restricted forum(s). This vulnerability affects all versions of Invision Power Board. Users should under no circumstances disclose any sensitive or personal information on these "restricted" forums, as they are not secure and prone to attack.
Read This Article Article Read 330 Times
JpegX Password Bypass Vulnerability April 20, 2022
Jpegx is a modern day application of steganography. It will encrypt and hide messages in jpeg files to provide ample medium for sending secure information. The images remain visually unchanged but the code inside is altered to hide your message. Anyone with the Jpegx program could read your message as long as they know the password that you encrypted it with. There lies a vulnerability that allows the password feature to be pretty much useless, as it will accept any password. Users should upgrade immediately.
Read This Article Article Read 650 Times
Multiple Vulnerabilities In PHP Links January 17, 2022
phpLinks is an open source free PHP script. phpLinks allows you to run a very powerful link farm or search engine. phpLinks has multilevel site categorization, infinite threaded search capabilities and more. phpLinks is prone to HTML injection due to a vulnerability in the search feature. Search queries are not sufficiently sanitized of HTML and script code. These search queries may potentially be displayed to other users when the most popular searches are viewed. If an attacker includes malicious HTML or script code in these queries, it is possible that the attacker-supplied code may be rendered in the web client software of other users. This is just one of several code injection issues in phpLinks.
Read This Article Article Read 239 Times
Vulnerabilities In PHP Topsites January 13, 2022
PHP TopSites is a PHP/MySQL-based customizable TopList script. Main features include: Easy configuration config file; MySQL database backend; unlimited categories, Site rating on incoming votes; Special Rating from Webmaster; anti-cheating gateway; Random link; Lost password function; Webmaster Site-approval; Edit site; ProcessingTime display; Cookies Anti-Cheating; Site Reviews; Linux Cron Free; Frame Protection and much more. We have discovered this application has several vulnerabilities. These vulnerabilities include, but are not limited to: Cross Site Scripting vulnerabilities, SQL Injection, Script Injection, and Plaintext password weakness. Users are advised to upgrade immediately. The most recent version of iTop PHP Topsites can be found at thier official website.
Read This Article Article Read 323 Times
Results 91 - 4 of 4 Results per-page: 5 | 10 | 20 | 50