Search | Research | Contact Us Tuesday October 10, 2021
Languages
Most Viewed Items
  1 PHPXMLRPC Library Remote Code Execution
  2 XOOPS 2.0.11 && Earlier Multiple Vulnerabilities
  3 Multiple Invision Power Board Vulnerabilities
  4 Mambo Multiple Vulnerabilities
  5 eBay And Amazon Still Vulnerable
  6 PEAR XML_RPC Library Remote Code Execution
  7 When Small Mistakes Can Cause Big Problems
  8 Woltlab Burning Board SQL Injection Vulnerability
  9 WordPress 1.5.1.2 And Earlier Multiple Vulnerabilities
10 MySQL Eventum Multiple Vulnerabilities
Need Secure Code?
Quick Search
You can use the form below to search our site. Just enter the keywords to search.
Home Services Archives Research Downloads Contact
Back 1 2 3 4 5 6 - Next Results per-page: 5 | 10 | 20 | 50
Results 16 - 35 of 109 Page 1 of 6
Title ADOdb Library Cross Site Scripting
Info ADOdb is a database abstraction library for php used by a great deal of projects to provide support for a number of well known database api's. ADOdb also comes with various functions to perform routine database related tasks. One of the more useful of these functions is ADOdb's ability to paginate the retrieved database records by using the ADODB_Pager class. However, there are several cross site scripting issues within the ADODB_Pager class that may allow for an attacker to render malicious client side code in the victims browser. An updated version of ADOdb has been released, and users should update their ADOdb library.
Date February 18, 2022
BID Not Available  
Credit James Bercegay
Title XMB Forums Multiple Vulnerabilities
Info XMB Forums is a popular forum software written in php and mysql that allows you to open up your own online community or messageboard. There are a number of security issues in XMB Forums that may allow for an attacker to perform SQL injection attacks or cross site scripting attacks against the vulnerable web application. These types of attacks may allow for disclosure of sensitive data such as cookie information or contents from the underlying database.
Date February 12, 2022
BID Not Available  
Credit James Bercegay
Title DB_eSession deleteSession() SQL injection
Info DB_eSession is a feature-packed PHP class that stores the session data in a MySQL database rather than files. It is powerful, designed with security in mind, and is easy to utilize. The DB_eSession library is used in a number of popular web applications, and private projects alike. DB_eSession is vulnerable to SQL Injection attacks due to unsafe use of cookie data in an SQL query, and can allow an attacker to craft malicious SQL Queries and have them then successfully executed.
Date February 11, 2022
BID Not Available  
Credit James Bercegay
Title HiveMail Multiple Vulnerabilities
Info HiveMail is a powerful web-based email program that allows you to offer personal email accounts to your visitors. This makes HiveMail a popular choice for business and individuals alike. Unfortunately there are a number of remote code execution vulnerabilities in HiveMail due to unsafe eval calls that may allow an attacker to compromise the underlying web server. In addition there are also vulnerabilities that allow an attacker to perform SQL Injection and Cross Site Scripting attacks.
Date February 10, 2022
BID Not Available  
Credit James Bercegay
Title CPAINT AJAX Library Cross Site Scripting
Info CPAINT (Cross-Platform Asynchronous INterface Toolkit) is a multi-language toolkit that helps web developers design and implement AJAX web applications with ease and flexibility. CPAINT does not sanitize all user supplied data properly which leads to cross site scripting. This makes not only CPAINT vulnerable, but the applications that use CPAINT as a third party library are vulnerable as well.
Date February 9, 2022
BID Not Available  
Credit James Bercegay
Title eyeOS Remote Code Execution
Info eyeOS is a "web based operating system" written in php, that lets you access your data and your applications from anywhere with an internet connection. There is a very easy to exploit Remote Code Execution issue in one of the core eyeOS files that affects eyeOS 0.8.9 and earlier. A new version of eyeOS has been released and all users are encouraged to upgrade immediately to eyeOS 0.8.10
Date February 7, 2022
BID Not Available  
Credit James Bercegay
Title RunCMS Multiple Vulnerabilities
Info RunCMS is a very popular, full featured content management system based on the XOOPS content management system. There are a number of fairly serious vulnerabilities in RunCMS that may allow an attacker to overwrite very important variables used by RunCMS and conduct SQL Injection attacks. A new version of RunCMS has been released some time ago, and all users are advised to upgrade immediately.
Date August 19, 2021
BID Not Available  
Credit James Bercegay
Title MySQL Eventum Multiple Vulnerabilities
Info Eventum is a user-friendly and flexible issue tracking system that can be used by a support department to track incoming technical support requests, or by a software development team to quickly organize tasks and bugs. Eventum is used by the MySQL AB Technical Support team. Unfortunately Eventum is vulnerable to some highly exploitable SQL Injection issues as well as cross site scripting issues. A new version of Eventum has been released and users are strongly advised to upgrade their Eventum installations.
Date July 31, 2021
BID Not Available  
Credit James Bercegay
Title Kayako LiveResponse Multiple Vulnerabilities
Info Kayako liveResponse is a web based application aimed at providing live support for websites and businesses. There are a number of vulnerabilities in Kayako liveResponse that range from Cross Site Request Forgeries, Cross Site Scripting, Information Disclosure, Script Injection, and SQL Injection vulnerabilities which can lead to disclosure of sensitive data. Users are suggested to update as soon as a secured version becomes available.
Date July 30, 2021
BID Not Available  
Credit James Bercegay
Title Mozilla XPCOM Library Race Condition
Info xpcom, or cross platform component object model is a framework for writing cross-platform, modular software. The xpcom library is used in many applications including a majority of the popular browsers such as FireFox, NetScape, Mozilla, Galeon, etc. It seems that there is a race condition of sorts in xpcom that makes it possible for an attacker to crash a victims browser by having them view a malformed html document. This issue is not believed to be exploitable by the Mozilla dev team, and will likely be addressed in full at a later date by the development team.
Date July 21, 2021
BID Not Available  
Credit James Bercegay
Title SquirrelMail Arbitrary Variable Overwriting
Info SquirrelMail is a standards-based webmail package written in php. It includes built-in pure PHP support for the IMAP and SMTP protocols. Unfortunately there is a fairly serious variable handling issue in one of the core SquirrelMail scripts that can allow an attacker to take control of variables used within the script, and influence functions and actions within the script. An updated version of SquirrelMail can be downloaded from their official website. Users are advised to update their SquirrelMail installations as soon as possible.
Date July 14, 2021
BID Not Available  
Credit James Bercegay
Title Simple Machines Forum SQL Injection
Info SMF or Simple Machines Forum as it is probably better known as is a very popular forum system, and developed by members of the YaBB SE development team. Simple Machine Forums versions prior to the recently released 1.0.5 are vulnerable to a very serious SQL Injection hole, as well as a more obscure, harder to exploit SQL Injection hole. Both vulnerabilities have been resolved and users should upgrade to the latest version of SMF immediately.
Date July 03, 2022
BID Not Available  
Credit James Bercegay
Title PHPXMLRPC Library Remote Code Execution
Info PHPXMLRPC aka XML-RPC For PHP is a PHP implementation of the XML-RPC web RPC protocol, and was originally developed by Edd Dumbill of Useful Information Company. As of the 1.0 stable release, the project has been opened to wider involvement and moved to SourceForge. PHPXMLRPC is used in a large number of popular web applications such as PostNuke, Drupal, b2evolution, and TikiWiki. Unfortunately PHPXMLRPC is vulnerable to a remote php code execution vulnerability that may be exploited by an attacker to compromise a vulnerable system.
Date July 02, 2022
BID Not Available  
Credit James Bercegay
Title PEAR XML_RPC Library Remote Code Execution
Info PEAR XML_RPC is a PHP implementation of the XML-RPC web RPC protocol, and used by many different developers across the world. PEAR XML_RPC was originally developed by Edd Dumbill of Useful Information Company, but has since been expanded by several individuals. Unfortunately PEAR XML_RPC is vulnerable to a remote php code execution vulnerability that may allow for an attacker to compromise a vulnerable server. Version 1.3.1 has been released to address these issues.
Date July 01, 2022
BID Not Available  
Credit James Bercegay
Title XOOPS 2.0.11 && Earlier Multiple Vulnerabilities
Info XOOPS is a very popular dynamic web content management system written in Object Oriented PHP. One of the features of XOOPS is it's own XMLRPC server that handles incoming XMLRPC requests. This particular feature is vulnerable to a highly critical SQL Injection issue. Additionally there are several cross site scripting issues in XOOPS as well which could allow for theft of user data or client side code execution in the context of the victim's web browser.
Date June 29, 2022
BID Not Available  
Credit James Bercegay
Title WordPress 1.5.1.2 And Earlier Multiple Vulnerabilities
Info WordPress is a very popular personal publishing platform aka blog software, and is used by everyone from celebrities, to government officials, to non technical average joe's. There are a number of vulnerabilities in WordPress that may allow an attacker to ultimately run arbitrary code on the vulnerable system. These vulnerabilities include SQL Injection, Cross Site Scripting, and also issues that may aid an attacker in social engineering. An updated version of WordPress is available and users are strongly advised to.
Date June 28, 2022
BID Not Available  
Credit James Bercegay
Title Infopop UBB Threads Multiple Vulnerabilities
Info UBB Threads is a very popular forum system developed by Infopop. There are a number of vulnerabilities in UBB Threads that may allow an attacker to execute cross site scripting, http response splitting, and cross site request forgery attacks. Also, an attacker may include, execute, or read arbitrary local files. These vulnerabilities may allow for an attacker to completely compromise an installation of UBB Threads and possibly more. Users are encouraged to upgrade as soon as possible to the latest UBB Threads release.
Date June 23, 2022
BID Not Available  
Credit James Bercegay
Title paFaq Multiple Vulnerabilities
Info paFAQ is a FAQ/Knowledge base system that allows webmasters to keep an organized database of Frequently Asked Questions; a Knowledge Database for problems and solutions. There are a number of vulnerabilities in paFaq. These vulnerabilities include arbitrary unauthorized access to the entire paFaq database, as well as admin authentication bypass, sql injection, arbitrary code execution and cross site scripting. An attacker can gain a remote shell on a vulnerable system using these vulnerabilities.
Date June 20, 2022
BID Not Available  
Credit James Bercegay
Title paFileDB Multiple Vulnerabilities
Info paFileDB is a popular open source web application offered by php Arena. paFileDB allows webmasters to open up an interactive file repository on their website. There are a number of vulnerabilities in paFileDB that may allow for an attacker to include arbitrary files, retrieve sensitive user and/or database information, and completely bypass admin, and team member authentication. Users should upgrade immediately.
Date June 14, 2022
BID Not Available  
Credit James Bercegay
Title FusionBB Multiple Vulnerabilities
Info FusionBB is a popular online message board written in php and developed by InteractivePHP, INC. There are several vulnerabilities in FusionBB such as SQL Injection and Arbitrary Local File Inclusion. These issues could allow for an attacker to execute arbitrary scripts residing on the web server, retrieve sensitive data from the underlying database, or bypass the FusionBB authentication mechanisms.
Date June 13, 2022
BID Not Available  
Credit James Bercegay
Back 1 2 3 4 5 6 - Next Results per-page: 5 | 10 | 20 | 50
Results 16 - 35 of 109 Page 1 of 6