Search | Research | Contact Us Tuesday October 10, 2021
Languages
Most Viewed Items
  1 PHPXMLRPC Library Remote Code Execution
  2 XOOPS 2.0.11 && Earlier Multiple Vulnerabilities
  3 Multiple Invision Power Board Vulnerabilities
  4 Mambo Multiple Vulnerabilities
  5 eBay And Amazon Still Vulnerable
  6 PEAR XML_RPC Library Remote Code Execution
  7 When Small Mistakes Can Cause Big Problems
  8 Woltlab Burning Board SQL Injection Vulnerability
  9 WordPress 1.5.1.2 And Earlier Multiple Vulnerabilities
10 MySQL Eventum Multiple Vulnerabilities
Need Secure Code?
Quick Search
You can use the form below to search our site. Just enter the keywords to search.
Home Services Archives Research Downloads Contact
Back 1 2 3 4 5 6 - Next Results per-page: 5 | 10 | 20 | 50
Results 31 - 50 of 109 Page 2 of 6
Title WordPress 1.5.1.2 And Earlier Multiple Vulnerabilities
Info WordPress is a very popular personal publishing platform aka blog software, and is used by everyone from celebrities, to government officials, to non technical average joe's. There are a number of vulnerabilities in WordPress that may allow an attacker to ultimately run arbitrary code on the vulnerable system. These vulnerabilities include SQL Injection, Cross Site Scripting, and also issues that may aid an attacker in social engineering. An updated version of WordPress is available and users are strongly advised to.
Date June 28, 2022
BID Not Available  
Credit James Bercegay
Title Infopop UBB Threads Multiple Vulnerabilities
Info UBB Threads is a very popular forum system developed by Infopop. There are a number of vulnerabilities in UBB Threads that may allow an attacker to execute cross site scripting, http response splitting, and cross site request forgery attacks. Also, an attacker may include, execute, or read arbitrary local files. These vulnerabilities may allow for an attacker to completely compromise an installation of UBB Threads and possibly more. Users are encouraged to upgrade as soon as possible to the latest UBB Threads release.
Date June 23, 2022
BID Not Available  
Credit James Bercegay
Title paFaq Multiple Vulnerabilities
Info paFAQ is a FAQ/Knowledge base system that allows webmasters to keep an organized database of Frequently Asked Questions; a Knowledge Database for problems and solutions. There are a number of vulnerabilities in paFaq. These vulnerabilities include arbitrary unauthorized access to the entire paFaq database, as well as admin authentication bypass, sql injection, arbitrary code execution and cross site scripting. An attacker can gain a remote shell on a vulnerable system using these vulnerabilities.
Date June 20, 2022
BID Not Available  
Credit James Bercegay
Title paFileDB Multiple Vulnerabilities
Info paFileDB is a popular open source web application offered by php Arena. paFileDB allows webmasters to open up an interactive file repository on their website. There are a number of vulnerabilities in paFileDB that may allow for an attacker to include arbitrary files, retrieve sensitive user and/or database information, and completely bypass admin, and team member authentication. Users should upgrade immediately.
Date June 14, 2022
BID Not Available  
Credit James Bercegay
Title FusionBB Multiple Vulnerabilities
Info FusionBB is a popular online message board written in php and developed by InteractivePHP, INC. There are several vulnerabilities in FusionBB such as SQL Injection and Arbitrary Local File Inclusion. These issues could allow for an attacker to execute arbitrary scripts residing on the web server, retrieve sensitive data from the underlying database, or bypass the FusionBB authentication mechanisms.
Date June 13, 2022
BID Not Available  
Credit James Bercegay
Title osCommerce HTTP Response Splitting
Info osCommerce is a very popular eCommerce application that allows for individuals to host their own online shop. All current versions of osCommerce are vulnerable to HTTP Response Splitting. These HTTP Response Splitting vulnerabilities may allow for an attacker to steal sensitive user information, or cause temporary web site defacement. The suggested fix for this issue is to make sure that CRLF sequences are not passed to the application.
Date June 10, 2022
BID Not Available  
Credit James Bercegay
Title Invision Gallery Vulnerabilities
Info Invision Gallery is a community based gallery software that can be integrated into Invision Power Board. There are several security issues in Invision Gallery that may allow for an attacker to force a user into unknowingly / unwillingly perform actions on behalf of an attacker, or an attacker may influence SQL queries and retrieve sensitive information contained within the underlying database. An upgrade has been released for several weeks now and all users should upgrade their gallery installations as soon as possible.
Date June 09, 2022
BID Not Available  
Credit James Bercegay
Title Invision Community Blog Vulnerabilities
Info Invision Blog is a community based blogging software that can be integrated into Invision Power Board. There are several dangerous SQL Injection vulnerabilities, as well as a cross site scripting vulnerability. These vulnerabilities could allow for an attacker to gain access to sensitive data such as password information and render hostile script in the context of a victims browser which could lead to disclosure of sensitive data such as cookie data.
Date June 07, 2022
BID Not Available  
Credit James Bercegay
Title Format String Vulnerability In Peercast
Info Peercast is a popular p2p streaming media server (similar to shoutcast). There is a serious security issue in peercast versions 0.1211 and earlier that may allow for an attacker to execute arbitrary code on the remote target with the privileges of the user running peercast (usually administrator) or crash the vulnerable server. There is an updated version of peercast available and all users should upgrade as soon as possible.
Date May 28, 2022
BID Not Available  
Credit James Bercegay
Title Help Center Live Vulnerabilities
Info Help Center Live is a `Live` help desk system written in PHP using a MySql database backend that features Live Support, Trouble Tickets and FAQ within one project. This is a very popular application, especially with webhosts and other services. Unfortunately Help Center Live is vulnerable to Sql injection, Script Injection, and Cross Site Scripting attacks, but the most serious of the vulnerabilities mentioned (The SQL Injection attacks) require magic_quotes_gpc to be set to off.
Date May 17, 2022
BID Not Available  
Credit James Bercegay
Title Woltlab Burning Board SQL Injection Vulnerability
Info Burning Board is a popular, multi purpose forum / community software offered by WoltLab GmbH. There is an SQL Injection vulnerability in Burning Board 2.* and earlier that allows for an attacker to influence SQL Queries and possibly query arbitrary data from the database, such as admin password hashes. The developers are said to have made a patch available as of late last week, and all users should upgrade their Burning Board installations as soon as possible.
Date May 16, 2022
BID Not Available  
Credit James Bercegay
Title Yappa-NG Multiple Vulnerabilities
Info Yappa-NG is the second generation (new and improved) version of Yappa (yet another php photo album). There are several vulnerabilities in Yappa-NG that may allow an attacker to possibly take control of the vulnerable server. In order to exploit these vulnerabilities register_globals must be on. An updated version of Yappa-NG is available, and users should upgrade as soon as possible.
Date May 11, 2022
BID Not Available  
Credit James Bercegay
Title Multiple Invision Power Board Vulnerabilities
Info Invision Power Board (IPB) is a professional forum system that has been built from the ground up with speed and security in mind. It is used by a great many people all over the world. All versions of Invision Power Board are vulnerable to a serious SQL Injection vulnerability. An attacker does not have to be logged in, or even have access or permission to view the forums in order to exploit this vulnerability. Users should upgrade immediately.
Date May 5, 2022
BID Not Available  
Credit James Bercegay
Title Multiple SitePanel2 Vulnerabilities
Info SitePanel2 is a helpdesk / trouble ticket / support system used by businesses and individuals alike. There are a number of vulnerabilities in SitePanel2, some of which are fairly serious. If an attacker is able to successfully exploit these vulnerabilities in SitePanel2 he may be able to successfully compromise user accounts or completely compromise the target web server. A security patch has been released to address these issues and all users are strongly encouraged to upgrade their SitePanel2 installations as soon as possible.
Date May 3, 2022
BID Not Available  
Credit James Bercegay
Title Multiple Vulnerabilities In osTicket
Info osTicket is a widely-used open source support ticket system. It is a lightweight support ticket tool written mainly using PHP scripting language. There are several vulnerabilities in the osTicket software that may allow for an attacker to take control of the affected web server, disclose sensitive data from the database, or read arbitrary files. These issues have been reported to the developers and a new updated version of osTicket is available for download. All affected users should upgrade their osTicket installations immediately.
Date May 2, 2022
BID Not Available  
Credit James Bercegay
Title phpBB Notes Mod SQL Injection Vulnerability
Info oxpus.de author many popular modules and hacks for the amazingly popular phpBB software. One of these modules allows users to keep their own personal memo pad of sorts in the usercp. This particular mod comes standard with packages like orion_phpbb and others. This "notes" module is vulnerable to a serious SQL Injection vulnerability that will allow for an attacker to pull sensitive information from the underlying database, and possibly compromise the integrity of the affected phpBB installation.
Date April 27, 2022
BID Not Available  
Credit James Bercegay
Title Multiple eGroupware Vulnerabilities
Info eGroupware is a very popular open source web based collaboration software that can be used within an intranet, or externally via the internet to build a community and/or help coordinate large projects. eGroupware also comes pre packaged in some linux distributions. GulfTech Security Research has found a few high risk SQL Injection vulnerabilities as well as Cross Site Scripting vulnerabilities. A new version of eGroupware is now available and all eGroupware users should upgrade immediately. Not only does the new eGroupware release address these security issues, but it also includes a number of bugfixes!
Date April 20, 2022
BID Not Available  
Credit James Bercegay
Title Multiple Security Issues Found In AZBB
Info azbb is a forum that was written with a primary focus on security. azbb does not require a database such as MySQL, PostGres or MSSQL and can even be used as a blog, or portal of sorts. Unfortunately there are a number of security issues in AZBB versions prior to 1.0.08, but none of these issues are considered "high risk". However, the developer has addressed these issues and all users should upgrade to the current 1.0.08 version. These vulnerabilities include file enumeration, arbitrary file deletion, and file inclusion.
Date April 19, 2022
BID Not Available  
Credit James Bercegay
Title Multiple ModernBill 4.3.0 And Earlier Vulnerabilities
Info ModernBill is a widely used billing and management software used by webhosts to manage billing and financial data. ModernBill is prone to remote file inclusion and cross site scripting in version prior to 4.3.1. These vulnerabilities could allow for an attacker to execute client side code in the context of the victims web browser, steal sensitive user data, and run system commands remotely on the affected web server. A fixed version is available and users are advised to upgrade immediately.
Date April 10, 2022
BID Not Available  
Credit James Bercegay
Title Double Choco Latte Vulnerabilities
Info Double Choco Latte is a GNU Enterprise package that provides basic project management capabilities, time tracking on tasks, call tracking, email notifications, online documents, statistical reports, a report engine, and more features are either working or being developed/planned. It can be displayed inside of a phpGroupWare installation or be used stand-alone. It is licensed under the GPL (GNU Public License), which means it is free to study, distribute, modify, and use. Double Choco Latte 0.9.4 .3 and earlier are prone to php code execution vulnerabilities which allows an attacker to run php code with privileges of the webserver.
Date April 8, 2022
BID 12894  
Credit James Bercegay
Back 1 2 3 4 5 6 - Next Results per-page: 5 | 10 | 20 | 50
Results 31 - 50 of 109 Page 2 of 6