You can use the form below to search our site. Just enter the
keywords to search.
|
|
 |
|
1
2
3
4
5
6
- Next
|
Results per-page: 5 | 10 | 20 | 50
|
|
Results 1 - 20 of 109
|
Page 1 of 6
|
| Title |
Mambo Authentication Bypass
|
| Info |
Mambo is a popular Open Source Content Management System released under the GNU General Public license (GNU GPL). There
are unfortunately some serious flaws in Mambo's login feature that allow for authentication bypass. This can be used to
access arbitrary accounts, but even worse can be used to eventually install harmful modules and execute arbitrary php code
on the server running Mambo. The Mambo team have committed fixes for these issues to SVN, and patches are available from the
official Mambo website. Users are encouraged to patch the vulnerable functionality or update their Mambo installation as soon
as possible. |
| Date |
October 4, 2021 |
| BID |
Not Available
|
| Credit |
James Bercegay |
| Title |
HAMweather Remote Code Execution
|
| Info |
HAMWeather is a popular weather forecasting software that allows webmasters to display detailed
weather forecasts and statistics on their websites. Unfortunately some of the features within
HAMweather allow for an attacker to inject arbitrary php into the application and successfully
execute arbitrary code. Also, because magic_quotes_gpc and register_globals settings are irrelevant
when exploiting this issue it makes it that much easier for an attacker to get a remote shell on the
host and possibly mount further attacks on the underlying server. An updated version of HAMweather
has been released and all users are encouraged to upgrade as soon as possible. |
| Date |
September 30, 2021 |
| BID |
Not Available
|
| Credit |
James Bercegay |
| Title |
CakePHP Framework Arbitrary File Access
|
| Info |
CakePHP is a RAD (Rapid Application Framework) framework for PHP which uses commonly
known design patterns like ActiveRecord, Association Data Mapping, Front Controller
and MVC. Unfortunately CakePHP is vulnerable to an arbitrary file access vulnerability
due to unsafe use of the readfile function that allows for an attacker to read any file
on the system that the webserver has read access to. This could be used to read password
files or sensitive configuration data etc. An updated version of CakePHP has been released
and users encouraged to upgrade their CakePHP installations as soon as possible. |
| Date |
September 21, 2021 |
| BID |
Not Available
|
| Credit |
James Bercegay |
| Title |
X-Cart Arbitrary Code Execution
|
| Info |
X-Cart is a commercial web based eCommerce solution written in PHP and MySQL that allows for
webmasters to host an online marketplace. Unfortunately an attacker may be able to execute
arbitrary php code on an X-Cart installation by overwriting key configuration variables.
However, because the vulnerability allows for any variables to be overwritten other attacks
such as SQL Injection are probably possible as well. Qualiteam have released an updated
version of their X-Cart software, and users are strongly encouraged to upgrade as soon as
possible or delete the cmpi.php script that resides within the payments directory. |
| Date |
September 18, 2021 |
| BID |
Not Available
|
| Credit |
James Bercegay |
| Title |
Claroline Arbitrary File Inclusion
|
| Info |
Claroline is a popular online Open Source e-Learning application used to allow
teachers or education organizations to create and administrate courses through
the web. Claroline is also used as the framework for other e-Learning applications
such as Dokeos. Unfortunately Claroline is vulnerable to a file inclusion issue
when register globals is on which may allow for an attacker to read or execute
arbitrary files. Some frameworks that use Claroline (such as Dokeos) are also
vulnerable to the issues mentioned here. An updated version of Claroline has been
released and users should upgrade immediately and disable register_globals if possible. |
| Date |
September 14, 2021 |
| BID |
Not Available
|
| Credit |
James Bercegay |
| Title |
CubeCart Multiple Vulnerabilities
|
| Info |
CubeCart is a very popular web application written in php that
allows for an individual to open up a fully functioning online
ecommerce service. Unfortunately CubeCart is vulnerable to Cross
Site Scripting attacks, SQL Injection attacks, and possible remote
code execution due to an attacker being able to include arbitrary
php code. An updated version of CubeCart has been released and all
users are encouraged to upgrade as soon as possible. |
| Date |
August 28, 2021 |
| BID |
Not Available
|
| Credit |
James Bercegay |
| Title |
osCommerce Multiple Vulnerabilities
|
| Info |
osCommerce is one of the most popular open source ecommerce web applications
ever written. osCommerce allows webmasters to open a fully functioning online
marketplace with little effort. Unfortunately there have been several new
vulnerabilities discovered in the latest versions of osCommerce. These issues
may allow for an attacker to gather arbitrary information from the database
such as credit card information, user login information, or personal information.
There are also issues with some of osCommerce's file handling functionality
that may allow an attacker to gain access to sensitive data. The osCommerce
team have released updates to address these vulnerabilities and all users are
encouraged to upgrade their osCommerce installations as soon as possible. |
| Date |
August 17, 2021 |
| BID |
Not Available
|
| Credit |
James Bercegay |
| Title |
Zen Cart Multiple Vulnerabilities
|
| Info |
Zen Cart is a descendant of the popular osCommerce project, and like
osCommerce Zen Cart is one of the most popular open source ecommerce
systems in the world. Unfortunately Zen Cart is vulnerable to quite
a number of different attacks, and in some circumstances may allow an
attacker to execute arbitrary code on the underlying web server with
the rights of the httpd process. In addition to remote code execution
several different SQL Injection attacks may be possible. The Zen Cart
developers have commited fixes for these issues to CVS and an updated
version of Zen Cart will be released soon to address the issues. All
users should upgrade their Zen Cart installation as soon as possible. |
| Date |
August 15, 2021 |
| BID |
Not Available
|
| Credit |
James Bercegay |
| Title |
SquirrelMail Arbitrary Variable Overwriting
|
| Info |
SquirrelMail is a standards-based webmail package written in php. It includes built-in pure PHP support for the IMAP and SMTP protocols. Unfortunately there is a fairly serious variable handling issue in one of the core SquirrelMail scripts that can allow an attacker to take control of variables used within the script, and influence functions and actions within the script. This is due to the unsafe handling of "expired sessions" when composing a message. An updated version of SquirrelMail can be downloaded from their official website. Users are advised to update their SquirrelMail installations as soon as possible.
|
| Date |
August 11, 2021 |
| BID |
Not Available
|
| Credit |
James Bercegay |
| Title |
PHPLib Remote Code Execution
|
| Info |
The PHP Base Library aka PHPLib is a toolkit for PHP developers supporting
them in the development of Web applications. The phpLib codebase can be
found in a number of applications available today. Unfortunately some of
the session emulation code is vulnerable to SQL Injection issues that in
a worst case scenario can lead to remote code execution by using UNION and
selecting arbitrary php code into an eval call. A new version og PHPLib has
been released and users should upgrade their PHPLib libraries as soon as
possible.
|
| Date |
March 5, 2022 |
| BID |
16801
|
| Credit |
James Bercegay |
| Title |
Gallery 2 Multiple Vulnerabilities
|
| Info |
Gallery2, the open source web based photo album organizer is
one of the most popular php web applications available today.
Gallery2 suffers from a number of vulnerabilities including
IP Spoofing via X_FORWARDED_FOR that may allow a malicious
user to hide their identity, script injection via the faulty
X_FORWARDED_FOR implementation, and also arbitrary file access
which could ultimately lead to the deletion of arbitrary files
on the webserver. A new version of Gallery 2 has been released
and users should upgrade their Gallery 2 installations. |
| Date |
March 2, 2022 |
| BID |
Not Available
|
| Credit |
James Bercegay |
| Title |
phpRPC Library Remote Code Execution
|
| Info |
phpRPC is meant to be an easy to use xmlrpc library. phpRPC
is greatly simplified with the use of database/rpc-protocol
abstraction. It should run on any php server with most data
bases. Unfortunately, there is a easily exploitable remote php
code execution vulnerability in the phpRPC library that allows
an attacker to execute arbitrary code on the affected webserver.
This vulnerability, like previously discovered vulnerabilities
in various implementations of the XMLRPC protocol is possible
because of unsanitized data being passed to an eval call. This
of course could ultimately lead to a compromise of the under
lying web server, and disclosure of sensitive data. |
| Date |
February 26, 2022 |
| BID |
Not Available
|
| Credit |
James Bercegay |
| Title |
Mambo Multiple Vulnerabilities
|
| Info |
Mambo is a popular Open Source Content Management System
released under the GNU General Public license (GNU GPL).
There are a number of security issues in Mambo which allows
for SQL Injection, Authentication Bypass, and possible remote
code execution via local file inclusion. There has been an
updated version of Mambo released and all users are advised
to upgrade as soon as possible. Also, please note that these
vulnerabilities are NOT related to any worms currently taking
advantage of vulnerable Mambo installations. |
| Date |
February 24, 2022 |
| BID |
Not Available
|
| Credit |
James Bercegay |
| Title |
PEAR LiveUser File Access Vulnerabilities
|
| Info |
LiveUser is a user authentication and permission management
framework that is part of php's PEAR Library. LiveUser has
many different features, including the ability to remember
a user via cookies. Unfortunately there is an issue with
how extracted cookie data is handled by the LiveUser library
within the remember feature which makes it possible for an
attacker to gain access to, and even delete potentially
sensitive files on the webserver. An updated version of the
LiveUser framework has been released, and users are advised
to upgrade to LiveUser 0.16.9
|
| Date |
February 21, 2022 |
| BID |
Not Available
|
| Credit |
James Bercegay |
| Title |
Geeklog Remote Code Execution
|
| Info |
Geeklog is one of the most popular content management systems
available today. Geeklog unfortunately is vulnerable to a
number of different attacks such as SQL Injection, and
arbitrary file inclusion. These attacks can be combined to
ultimately execute code on the vulnerable web server in a very
reliable manner. According to the developers these issues
affect pretty much every version of Geeklog ever released, so
users are strongly encouraged to upgrade to the latest version
of Geeklog which is Geeklog 1.4.0sr1 and 1.3.11sr4 |
| Date |
February 19, 2022 |
| BID |
Not Available
|
| Credit |
James Bercegay |
| Title |
ADOdb Library Cross Site Scripting
|
| Info |
ADOdb is a database abstraction library for php used by a
great deal of projects to provide support for a number of
well known database api's. ADOdb also comes with various
functions to perform routine database related tasks. One
of the more useful of these functions is ADOdb's ability
to paginate the retrieved database records by using the
ADODB_Pager class. However, there are several cross site
scripting issues within the ADODB_Pager class that may
allow for an attacker to render malicious client side code
in the victims browser. An updated version of ADOdb has been
released, and users should update their ADOdb library. |
| Date |
February 18, 2022 |
| BID |
Not Available
|
| Credit |
James Bercegay |
| Title |
XMB Forums Multiple Vulnerabilities
|
| Info |
XMB Forums is a popular forum software written in php and mysql
that allows you to open up your own online community or
messageboard. There are a number of security issues in XMB Forums
that may allow for an attacker to perform SQL injection attacks
or cross site scripting attacks against the vulnerable web
application. These types of attacks may allow for disclosure of
sensitive data such as cookie information or contents from the
underlying database. |
| Date |
February 12, 2022 |
| BID |
Not Available
|
| Credit |
James Bercegay |
| Title |
DB_eSession deleteSession() SQL injection
|
| Info |
DB_eSession is a feature-packed PHP class that stores the
session data in a MySQL database rather than files. It is
powerful, designed with security in mind, and is easy to
utilize. The DB_eSession library is used in a number of
popular web applications, and private projects alike.
DB_eSession is vulnerable to SQL Injection attacks due to
unsafe use of cookie data in an SQL query, and can allow an
attacker to craft malicious SQL Queries and have them then
successfully executed. |
| Date |
February 11, 2022 |
| BID |
Not Available
|
| Credit |
James Bercegay |
| Title |
HiveMail Multiple Vulnerabilities
|
| Info |
HiveMail is a powerful web-based email program that allows
you to offer personal email accounts to your visitors. This
makes HiveMail a popular choice for business and individuals
alike. Unfortunately there are a number of remote code
execution vulnerabilities in HiveMail due to unsafe eval
calls that may allow an attacker to compromise the underlying
web server. In addition there are also vulnerabilities that
allow an attacker to perform SQL Injection and Cross Site
Scripting attacks. |
| Date |
February 10, 2022 |
| BID |
Not Available
|
| Credit |
James Bercegay |
| Title |
CPAINT AJAX Library Cross Site Scripting
|
| Info |
CPAINT (Cross-Platform Asynchronous INterface Toolkit) is a
multi-language toolkit that helps web developers design and
implement AJAX web applications with ease and flexibility.
CPAINT does not sanitize all user supplied data properly
which leads to cross site scripting. This makes not only
CPAINT vulnerable, but the applications that use CPAINT as
a third party library are vulnerable as well. |
| Date |
February 9, 2022 |
| BID |
Not Available
|
| Credit |
James Bercegay |
|
1
2
3
4
5
6
- Next
|
Results per-page: 5 | 10 | 20 | 50
|
|
Results 1 - 20 of 109
|
Page 1 of 6
|
|
|
