| Title |
ADOdb Library Cross Site Scripting
|
| Info |
ADOdb is a database abstraction library for php used by a
great deal of projects to provide support for a number of
well known database api's. ADOdb also comes with various
functions to perform routine database related tasks. One
of the more useful of these functions is ADOdb's ability
to paginate the retrieved database records by using the
ADODB_Pager class. However, there are several cross site
scripting issues within the ADODB_Pager class that may
allow for an attacker to render malicious client side code
in the victims browser. An updated version of ADOdb has been
released, and users should update their ADOdb library. |
| Date |
February 18, 2022 |
| BID |
Not Available
|
| Credit |
James Bercegay |
| Title |
XMB Forums Multiple Vulnerabilities
|
| Info |
XMB Forums is a popular forum software written in php and mysql
that allows you to open up your own online community or
messageboard. There are a number of security issues in XMB Forums
that may allow for an attacker to perform SQL injection attacks
or cross site scripting attacks against the vulnerable web
application. These types of attacks may allow for disclosure of
sensitive data such as cookie information or contents from the
underlying database. |
| Date |
February 12, 2022 |
| BID |
Not Available
|
| Credit |
James Bercegay |
| Title |
DB_eSession deleteSession() SQL injection
|
| Info |
DB_eSession is a feature-packed PHP class that stores the
session data in a MySQL database rather than files. It is
powerful, designed with security in mind, and is easy to
utilize. The DB_eSession library is used in a number of
popular web applications, and private projects alike.
DB_eSession is vulnerable to SQL Injection attacks due to
unsafe use of cookie data in an SQL query, and can allow an
attacker to craft malicious SQL Queries and have them then
successfully executed. |
| Date |
February 11, 2022 |
| BID |
Not Available
|
| Credit |
James Bercegay |
| Title |
HiveMail Multiple Vulnerabilities
|
| Info |
HiveMail is a powerful web-based email program that allows
you to offer personal email accounts to your visitors. This
makes HiveMail a popular choice for business and individuals
alike. Unfortunately there are a number of remote code
execution vulnerabilities in HiveMail due to unsafe eval
calls that may allow an attacker to compromise the underlying
web server. In addition there are also vulnerabilities that
allow an attacker to perform SQL Injection and Cross Site
Scripting attacks. |
| Date |
February 10, 2022 |
| BID |
Not Available
|
| Credit |
James Bercegay |
| Title |
CPAINT AJAX Library Cross Site Scripting
|
| Info |
CPAINT (Cross-Platform Asynchronous INterface Toolkit) is a
multi-language toolkit that helps web developers design and
implement AJAX web applications with ease and flexibility.
CPAINT does not sanitize all user supplied data properly
which leads to cross site scripting. This makes not only
CPAINT vulnerable, but the applications that use CPAINT as
a third party library are vulnerable as well. |
| Date |
February 9, 2022 |
| BID |
Not Available
|
| Credit |
James Bercegay |
|
