Search | Research | Contact Us Tuesday January 10, 2022
Languages
Most Viewed Items
  1 PHPXMLRPC Library Remote Code Execution
  2 Multiple Invision Power Board Vulnerabilities
  3 eBay And Amazon Still Vulnerable
  4 XOOPS 2.0.11 && Earlier Multiple Vulnerabilities
  5 Woltlab Burning Board SQL Injection Vulnerability
  6 When Small Mistakes Can Cause Big Problems
  7 Multiple Vulnerabilities In phpWebsite
  8 Critical Vulnerability In Help Center Live
  9 dbPowerAmp Buffer Overflow And DoS Vulnerabilities
10 Document Object Model Hijacking Explained
Need Secure Code?
Quick Search
You can use the form below to search our site. Just enter the keywords to search.
Home Services Archives Research Downloads Contact
Hurricane Katrina Devestation September 14, 2021
As you may or may not know the main offices of GulfTech Research And Development were located off of highway 90 in Gulfport, south of the CSX railroad. Needless to say the area was completely devestated, and my home; which was the central location for most of our business was very heavily damaged. My family and I were in the house when the tidal surge hit us, but everyone is alive and no serious injuries were sustained. According to the Gulfport police officer I talked to yesterday the surge in Gulfport where I lived was close to 37ft high. Everything belonging to the business (as well as almost all of my personal belongings) were destroyed with the exception of a majority of our records etc which were stored in a secure location. Due to the circumstances we will ONLY be offering security services for an undetermined length of time, and any new programming projects will be put on hold until further notice. I am sorry for having to limit our services, but getting my family and my life back to normal is my main concern right now. Thank you for understanding.
Read This Article Article Read 414 Times
RunCMS Multiple Vulnerabilities August 19, 2021
RunCMS is a very popular, full featured content management system based on the XOOPS content management system. There are a number of fairly serious vulnerabilities in RunCMS that may allow an attacker to overwrite very important variables used by RunCMS and conduct SQL Injection attacks. A new version of RunCMS has been released some time ago, and all users are advised to upgrade immediately.
Read This Article Article Read 1103 Times
MySQL Eventum Multiple Vulnerabilities July 31, 2021
Eventum is a user-friendly and flexible issue tracking system that can be used by a support department to track incoming technical support requests, or by a software development team to quickly organize tasks and bugs. Eventum is used by the MySQL AB Technical Support team. Unfortunately Eventum is vulnerable to some highly exploitable SQL Injection issues as well as cross site scripting issues. A new version of Eventum has been released and users are strongly advised to upgrade their Eventum installations.
Read This Article Article Read 1555 Times
Kayako LiveResponse Multiple Vulnerabilities July 30, 2021
Kayako liveResponse is a web based application aimed at providing live support for websites and businesses. There are a number of vulnerabilities in Kayako liveResponse that range from Cross Site Request Forgeries, Cross Site Scripting, Information Disclosure, Script Injection, and SQL Injection vulnerabilities which can lead to disclosure of sensitive data. Users are suggested to update as soon as a secured version becomes available.
Read This Article Article Read 770 Times
Mozilla XPCOM Library Race Condition July 21, 2021
xpcom, or cross platform component object model is a framework for writing cross-platform, modular software. The xpcom library is used in many applications including a majority of the popular browsers such as FireFox, NetScape, Mozilla, Galeon, etc. It seems that there is a race condition of sorts in xpcom that makes it possible for an attacker to crash a victims browser by having them view a malformed html document. This issue is not believed to be exploitable by the Mozilla dev team, and will likely be addressed in full at a later date by the development team.
Read This Article Article Read 1301 Times
SquirrelMail Arbitrary Variable Overwriting July 14, 2021
SquirrelMail is a standards-based webmail package written in php. It includes built-in pure PHP support for the IMAP and SMTP protocols. Unfortunately there is a fairly serious variable handling issue in one of the core SquirrelMail scripts that can allow an attacker to take control of variables used within the script, and influence functions and actions within the script. An updated version of SquirrelMail can be downloaded from their official website. Users are advised to update their SquirrelMail installations as soon as possible.
Read This Article Article Read 1123 Times
Simple Machines Forum SQL Injection July 03, 2022
SMF or Simple Machines Forum as it is probably better known as is a very popular forum system, and developed by members of the YaBB SE development team. Simple Machine Forums versions prior to the recently released 1.0.5 are vulnerable to a very serious SQL Injection hole, as well as a more obscure, harder to exploit SQL Injection hole. Both vulnerabilities have been resolved and users should upgrade to the latest version of SMF immediately.
Read This Article Article Read 1603 Times
PHPXMLRPC Library Remote Code Execution July 02, 2022
PHPXMLRPC aka XML-RPC For PHP is a PHP implementation of the XML-RPC web RPC protocol, and was originally developed by Edd Dumbill of Useful Information Company. As of the 1.0 stable release, the project has been opened to wider involvement and moved to SourceForge. PHPXMLRPC is used in a large number of popular web applications such as PostNuke, Drupal, b2evolution, and TikiWiki. Unfortunately PHPXMLRPC is vulnerable to a remote php code execution vulnerability that may be exploited by an attacker to compromise a vulnerable system.
Read This Article Article Read 14321 Times
PEAR XML_RPC Library Remote Code Execution July 01, 2022
PEAR XML_RPC is a PHP implementation of the XML-RPC web RPC protocol, and used by many different developers across the world. PEAR XML_RPC was originally developed by Edd Dumbill of Useful Information Company, but has since been expanded by several individuals. Unfortunately PEAR XML_RPC is vulnerable to a remote php code execution vulnerability that may allow for an attacker to compromise a vulnerable server. Version 1.3.1 has been released to address these issues.
Read This Article Article Read 2171 Times
XOOPS 2.0.11 && Earlier Multiple Vulnerabilities June 29, 2022
XOOPS is a very popular dynamic web content management system written in Object Oriented PHP. One of the features of XOOPS is it's own XMLRPC server that handles incoming XMLRPC requests. This particular feature is vulnerable to a highly critical SQL Injection issue. Additionally there are several cross site scripting issues in XOOPS as well which could allow for theft of user data or client side code execution in the context of the victim's web browser.
Read This Article Article Read 3340 Times
Results 1 - 10 of 10 Results per-page: 5 | 10 | 20 | 50