Search | Research | Contact Us Tuesday October 10, 2021
Languages
Most Viewed Items
  1 PHPXMLRPC Library Remote Code Execution
  2 XOOPS 2.0.11 && Earlier Multiple Vulnerabilities
  3 Multiple Invision Power Board Vulnerabilities
  4 Mambo Multiple Vulnerabilities
  5 eBay And Amazon Still Vulnerable
  6 PEAR XML_RPC Library Remote Code Execution
  7 When Small Mistakes Can Cause Big Problems
  8 Woltlab Burning Board SQL Injection Vulnerability
  9 WordPress 1.5.1.2 And Earlier Multiple Vulnerabilities
10 MySQL Eventum Multiple Vulnerabilities
Need Secure Code?
Quick Search
You can use the form below to search our site. Just enter the keywords to search.
Home Services Archives Research Downloads Contact
Back 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 - Next Results per-page: 5 | 10 | 20 | 50
Results 16 - 20 of 109 Page 4 of 22
Title ADOdb Library Cross Site Scripting
Info ADOdb is a database abstraction library for php used by a great deal of projects to provide support for a number of well known database api's. ADOdb also comes with various functions to perform routine database related tasks. One of the more useful of these functions is ADOdb's ability to paginate the retrieved database records by using the ADODB_Pager class. However, there are several cross site scripting issues within the ADODB_Pager class that may allow for an attacker to render malicious client side code in the victims browser. An updated version of ADOdb has been released, and users should update their ADOdb library.
Date February 18, 2022
BID Not Available  
Credit James Bercegay
Title XMB Forums Multiple Vulnerabilities
Info XMB Forums is a popular forum software written in php and mysql that allows you to open up your own online community or messageboard. There are a number of security issues in XMB Forums that may allow for an attacker to perform SQL injection attacks or cross site scripting attacks against the vulnerable web application. These types of attacks may allow for disclosure of sensitive data such as cookie information or contents from the underlying database.
Date February 12, 2022
BID Not Available  
Credit James Bercegay
Title DB_eSession deleteSession() SQL injection
Info DB_eSession is a feature-packed PHP class that stores the session data in a MySQL database rather than files. It is powerful, designed with security in mind, and is easy to utilize. The DB_eSession library is used in a number of popular web applications, and private projects alike. DB_eSession is vulnerable to SQL Injection attacks due to unsafe use of cookie data in an SQL query, and can allow an attacker to craft malicious SQL Queries and have them then successfully executed.
Date February 11, 2022
BID Not Available  
Credit James Bercegay
Title HiveMail Multiple Vulnerabilities
Info HiveMail is a powerful web-based email program that allows you to offer personal email accounts to your visitors. This makes HiveMail a popular choice for business and individuals alike. Unfortunately there are a number of remote code execution vulnerabilities in HiveMail due to unsafe eval calls that may allow an attacker to compromise the underlying web server. In addition there are also vulnerabilities that allow an attacker to perform SQL Injection and Cross Site Scripting attacks.
Date February 10, 2022
BID Not Available  
Credit James Bercegay
Title CPAINT AJAX Library Cross Site Scripting
Info CPAINT (Cross-Platform Asynchronous INterface Toolkit) is a multi-language toolkit that helps web developers design and implement AJAX web applications with ease and flexibility. CPAINT does not sanitize all user supplied data properly which leads to cross site scripting. This makes not only CPAINT vulnerable, but the applications that use CPAINT as a third party library are vulnerable as well.
Date February 9, 2022
BID Not Available  
Credit James Bercegay
Back 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 - Next Results per-page: 5 | 10 | 20 | 50
Results 16 - 20 of 109 Page 4 of 22