|
Search |
Research |
Contact Us
|
Tuesday October 10, 2021
|
|
 |
You can use the form below to search our site. Just enter the
keywords to search.
|
|
|
| Title |
Mambo Authentication Bypass
|
| Info |
Mambo is a popular Open Source Content Management System released under the GNU General Public license (GNU GPL). There
are unfortunately some serious flaws in Mambo's login feature that allow for authentication bypass. This can be used to
access arbitrary accounts, but even worse can be used to eventually install harmful modules and execute arbitrary php code
on the server running Mambo. The Mambo team have committed fixes for these issues to SVN, and patches are available from the
official Mambo website. Users are encouraged to patch the vulnerable functionality or update their Mambo installation as soon
as possible. |
| Date |
October 4, 2021 |
| BID |
Not Available
|
| Credit |
James Bercegay |
| Title |
HAMweather Remote Code Execution
|
| Info |
HAMWeather is a popular weather forecasting software that allows webmasters to display detailed
weather forecasts and statistics on their websites. Unfortunately some of the features within
HAMweather allow for an attacker to inject arbitrary php into the application and successfully
execute arbitrary code. Also, because magic_quotes_gpc and register_globals settings are irrelevant
when exploiting this issue it makes it that much easier for an attacker to get a remote shell on the
host and possibly mount further attacks on the underlying server. An updated version of HAMweather
has been released and all users are encouraged to upgrade as soon as possible. |
| Date |
September 30, 2021 |
| BID |
Not Available
|
| Credit |
James Bercegay |
| Title |
CakePHP Framework Arbitrary File Access
|
| Info |
CakePHP is a RAD (Rapid Application Framework) framework for PHP which uses commonly
known design patterns like ActiveRecord, Association Data Mapping, Front Controller
and MVC. Unfortunately CakePHP is vulnerable to an arbitrary file access vulnerability
due to unsafe use of the readfile function that allows for an attacker to read any file
on the system that the webserver has read access to. This could be used to read password
files or sensitive configuration data etc. An updated version of CakePHP has been released
and users encouraged to upgrade their CakePHP installations as soon as possible. |
| Date |
September 21, 2021 |
| BID |
Not Available
|
| Credit |
James Bercegay |
| Title |
X-Cart Arbitrary Code Execution
|
| Info |
X-Cart is a commercial web based eCommerce solution written in PHP and MySQL that allows for
webmasters to host an online marketplace. Unfortunately an attacker may be able to execute
arbitrary php code on an X-Cart installation by overwriting key configuration variables.
However, because the vulnerability allows for any variables to be overwritten other attacks
such as SQL Injection are probably possible as well. Qualiteam have released an updated
version of their X-Cart software, and users are strongly encouraged to upgrade as soon as
possible or delete the cmpi.php script that resides within the payments directory. |
| Date |
September 18, 2021 |
| BID |
Not Available
|
| Credit |
James Bercegay |
| Title |
Claroline Arbitrary File Inclusion
|
| Info |
Claroline is a popular online Open Source e-Learning application used to allow
teachers or education organizations to create and administrate courses through
the web. Claroline is also used as the framework for other e-Learning applications
such as Dokeos. Unfortunately Claroline is vulnerable to a file inclusion issue
when register globals is on which may allow for an attacker to read or execute
arbitrary files. Some frameworks that use Claroline (such as Dokeos) are also
vulnerable to the issues mentioned here. An updated version of Claroline has been
released and users should upgrade immediately and disable register_globals if possible. |
| Date |
September 14, 2021 |
| BID |
Not Available
|
| Credit |
James Bercegay |
|
|
|
|
|
