| Title |
SquirrelMail Arbitrary Variable Overwriting
|
| Info |
SquirrelMail is a standards-based webmail package written in php. It
includes built-in pure PHP support for the IMAP and SMTP protocols.
Unfortunately there is a fairly serious variable handling issue in one
of the core SquirrelMail scripts that can allow an attacker to take
control of variables used within the script, and influence functions
and actions within the script. An updated version of SquirrelMail can
be downloaded from their official website. Users are advised to update
their SquirrelMail installations as soon as possible. |
| Date |
July 14, 2021 |
| BID |
Not Available
|
| Credit |
James Bercegay |
| Title |
Simple Machines Forum SQL Injection
|
| Info |
SMF or Simple Machines Forum as it is probably better known as
is a very popular forum system, and developed by members of the
YaBB SE development team. Simple Machine Forums versions prior
to the recently released 1.0.5 are vulnerable to a very serious
SQL Injection hole, as well as a more obscure, harder to exploit
SQL Injection hole. Both vulnerabilities have been resolved and
users should upgrade to the latest version of SMF immediately. |
| Date |
July 03, 2022 |
| BID |
Not Available
|
| Credit |
James Bercegay |
| Title |
PHPXMLRPC Library Remote Code Execution
|
| Info |
PHPXMLRPC aka XML-RPC For PHP is a PHP implementation of the XML-RPC
web RPC protocol, and was originally developed by Edd Dumbill of Useful
Information Company. As of the 1.0 stable release, the project has been
opened to wider involvement and moved to SourceForge. PHPXMLRPC is used
in a large number of popular web applications such as PostNuke, Drupal,
b2evolution, and TikiWiki. Unfortunately PHPXMLRPC is vulnerable to a
remote php code execution vulnerability that may be exploited by an
attacker to compromise a vulnerable system. |
| Date |
July 02, 2022 |
| BID |
Not Available
|
| Credit |
James Bercegay |
| Title |
PEAR XML_RPC Library Remote Code Execution
|
| Info |
PEAR XML_RPC is a PHP implementation of the XML-RPC web RPC protocol,
and used by many different developers across the world. PEAR XML_RPC
was originally developed by Edd Dumbill of Useful Information Company,
but has since been expanded by several individuals. Unfortunately PEAR
XML_RPC is vulnerable to a remote php code execution vulnerability that
may allow for an attacker to compromise a vulnerable server. Version
1.3.1 has been released to address these issues. |
| Date |
July 01, 2022 |
| BID |
Not Available
|
| Credit |
James Bercegay |
| Title |
XOOPS 2.0.11 && Earlier Multiple Vulnerabilities
|
| Info |
XOOPS is a very popular dynamic web content management system written
in Object Oriented PHP. One of the features of XOOPS is it's own XMLRPC
server that handles incoming XMLRPC requests. This particular feature
is vulnerable to a highly critical SQL Injection issue. Additionally
there are several cross site scripting issues in XOOPS as well which
could allow for theft of user data or client side code execution in the
context of the victim's web browser. |
| Date |
June 29, 2022 |
| BID |
Not Available
|
| Credit |
James Bercegay |
|
