GulfTech Research And Development

Search | Research | Contact Us

Tuesday October 10, 2021

Languages

Most Viewed Items

1	PHPXMLRPC Library Remote Code Execution
2	XOOPS 2.0.11 && Earlier Multiple Vulnerabilities
3	Multiple Invision Power Board Vulnerabilities
4	Mambo Multiple Vulnerabilities
5	eBay And Amazon Still Vulnerable
6	PEAR XML_RPC Library Remote Code Execution
7	When Small Mistakes Can Cause Big Problems
8	Woltlab Burning Board SQL Injection Vulnerability
9	WordPress 1.5.1.2 And Earlier Multiple Vulnerabilities
10	MySQL Eventum Multiple Vulnerabilities

Need Secure Code?

Developers, are you concerned with the security of your product? We offer a wide range of security assessment programs that are specifically aimed at making the security of your web applications above and beyond that of your competition, as well as most of the web applications available today. Our rates are very affordable, and our programs are among the most flexible. Don't put something as important as the security of your information in the hands of amateurs, you can't afford to. Contact us today for a free service estimate and consultation.

Quick Search

You can use the form below to search our site. Just enter the keywords to search.

Back 1 2 3 4 5 6 7 8 9 10 11 - Next	Results per-page: 5 \| 10 \| 20 \| 50
Results 26 - 35 of 109	Page 3 of 11

Title	SquirrelMail Arbitrary Variable Overwriting
Info	SquirrelMail is a standards-based webmail package written in php. It includes built-in pure PHP support for the IMAP and SMTP protocols. Unfortunately there is a fairly serious variable handling issue in one of the core SquirrelMail scripts that can allow an attacker to take control of variables used within the script, and influence functions and actions within the script. An updated version of SquirrelMail can be downloaded from their official website. Users are advised to update their SquirrelMail installations as soon as possible.
Date	July 14, 2021
BID	Not Available
Credit	James Bercegay

Title	Simple Machines Forum SQL Injection
Info	SMF or Simple Machines Forum as it is probably better known as is a very popular forum system, and developed by members of the YaBB SE development team. Simple Machine Forums versions prior to the recently released 1.0.5 are vulnerable to a very serious SQL Injection hole, as well as a more obscure, harder to exploit SQL Injection hole. Both vulnerabilities have been resolved and users should upgrade to the latest version of SMF immediately.
Date	July 03, 2022
BID	Not Available
Credit	James Bercegay

Title	PHPXMLRPC Library Remote Code Execution
Info	PHPXMLRPC aka XML-RPC For PHP is a PHP implementation of the XML-RPC web RPC protocol, and was originally developed by Edd Dumbill of Useful Information Company. As of the 1.0 stable release, the project has been opened to wider involvement and moved to SourceForge. PHPXMLRPC is used in a large number of popular web applications such as PostNuke, Drupal, b2evolution, and TikiWiki. Unfortunately PHPXMLRPC is vulnerable to a remote php code execution vulnerability that may be exploited by an attacker to compromise a vulnerable system.
Date	July 02, 2022
BID	Not Available
Credit	James Bercegay

Title	PEAR XML_RPC Library Remote Code Execution
Info	PEAR XML_RPC is a PHP implementation of the XML-RPC web RPC protocol, and used by many different developers across the world. PEAR XML_RPC was originally developed by Edd Dumbill of Useful Information Company, but has since been expanded by several individuals. Unfortunately PEAR XML_RPC is vulnerable to a remote php code execution vulnerability that may allow for an attacker to compromise a vulnerable server. Version 1.3.1 has been released to address these issues.
Date	July 01, 2022
BID	Not Available
Credit	James Bercegay

Title	XOOPS 2.0.11 && Earlier Multiple Vulnerabilities
Info	XOOPS is a very popular dynamic web content management system written in Object Oriented PHP. One of the features of XOOPS is it's own XMLRPC server that handles incoming XMLRPC requests. This particular feature is vulnerable to a highly critical SQL Injection issue. Additionally there are several cross site scripting issues in XOOPS as well which could allow for theft of user data or client side code execution in the context of the victim's web browser.
Date	June 29, 2022
BID	Not Available
Credit	James Bercegay

Title	WordPress 1.5.1.2 And Earlier Multiple Vulnerabilities
Info	WordPress is a very popular personal publishing platform aka blog software, and is used by everyone from celebrities, to government officials, to non technical average joe's. There are a number of vulnerabilities in WordPress that may allow an attacker to ultimately run arbitrary code on the vulnerable system. These vulnerabilities include SQL Injection, Cross Site Scripting, and also issues that may aid an attacker in social engineering. An updated version of WordPress is available and users are strongly advised to.
Date	June 28, 2022
BID	Not Available
Credit	James Bercegay

Title	Infopop UBB Threads Multiple Vulnerabilities
Info	UBB Threads is a very popular forum system developed by Infopop. There are a number of vulnerabilities in UBB Threads that may allow an attacker to execute cross site scripting, http response splitting, and cross site request forgery attacks. Also, an attacker may include, execute, or read arbitrary local files. These vulnerabilities may allow for an attacker to completely compromise an installation of UBB Threads and possibly more. Users are encouraged to upgrade as soon as possible to the latest UBB Threads release.
Date	June 23, 2022
BID	Not Available
Credit	James Bercegay

Title	paFaq Multiple Vulnerabilities
Info	paFAQ is a FAQ/Knowledge base system that allows webmasters to keep an organized database of Frequently Asked Questions; a Knowledge Database for problems and solutions. There are a number of vulnerabilities in paFaq. These vulnerabilities include arbitrary unauthorized access to the entire paFaq database, as well as admin authentication bypass, sql injection, arbitrary code execution and cross site scripting. An attacker can gain a remote shell on a vulnerable system using these vulnerabilities.
Date	June 20, 2022
BID	Not Available
Credit	James Bercegay

Title	paFileDB Multiple Vulnerabilities
Info	paFileDB is a popular open source web application offered by php Arena. paFileDB allows webmasters to open up an interactive file repository on their website. There are a number of vulnerabilities in paFileDB that may allow for an attacker to include arbitrary files, retrieve sensitive user and/or database information, and completely bypass admin, and team member authentication. Users should upgrade immediately.
Date	June 14, 2022
BID	Not Available
Credit	James Bercegay

Title	FusionBB Multiple Vulnerabilities
Info	FusionBB is a popular online message board written in php and developed by InteractivePHP, INC. There are several vulnerabilities in FusionBB such as SQL Injection and Arbitrary Local File Inclusion. These issues could allow for an attacker to execute arbitrary scripts residing on the web server, retrieve sensitive data from the underlying database, or bypass the FusionBB authentication mechanisms.
Date	June 13, 2022
BID	Not Available
Credit	James Bercegay

Back 1 2 3 4 5 6 7 8 9 10 11 - Next	Results per-page: 5 \| 10 \| 20 \| 50
Results 26 - 35 of 109	Page 3 of 11

Terms of Use | Disclaimer | About GulfTech
Copyright 2005 GulfTech Research And Development, LLC. All Rights Reserved