|
Search |
Research |
Contact Us
|
Tuesday October 10, 2021
|
|
 |
You can use the form below to search our site. Just enter the
keywords to search.
|
|
|
| Title |
osCommerce HTTP Response Splitting
|
| Info |
osCommerce is a very popular eCommerce application that allows for
individuals to host their own online shop. All current versions of
osCommerce are vulnerable to HTTP Response Splitting. These HTTP
Response Splitting vulnerabilities may allow for an attacker to
steal sensitive user information, or cause temporary web site
defacement. The suggested fix for this issue is to make sure that
CRLF sequences are not passed to the application. |
| Date |
June 10, 2022 |
| BID |
Not Available
|
| Credit |
James Bercegay |
| Title |
Invision Gallery Vulnerabilities
|
| Info |
Invision Gallery is a community based gallery software that can be
integrated into Invision Power Board. There are several security
issues in Invision Gallery that may allow for an attacker to force
a user into unknowingly / unwillingly perform actions on behalf of an
attacker, or an attacker may influence SQL queries and retrieve
sensitive information contained within the underlying database. An
upgrade has been released for several weeks now and all users should
upgrade their gallery installations as soon as possible. |
| Date |
June 09, 2022 |
| BID |
Not Available
|
| Credit |
James Bercegay |
| Title |
Invision Community Blog Vulnerabilities
|
| Info |
Invision Blog is a community based blogging software that can be
integrated into Invision Power Board. There are several dangerous
SQL Injection vulnerabilities, as well as a cross site scripting
vulnerability. These vulnerabilities could allow for an attacker
to gain access to sensitive data such as password information and
render hostile script in the context of a victims browser which
could lead to disclosure of sensitive data such as cookie data. |
| Date |
June 07, 2022 |
| BID |
Not Available
|
| Credit |
James Bercegay |
| Title |
Format String Vulnerability In Peercast
|
| Info |
Peercast is a popular p2p streaming media server (similar to
shoutcast). There is a serious security issue in peercast versions
0.1211 and earlier that may allow for an attacker to execute
arbitrary code on the remote target with the privileges of the user
running peercast (usually administrator) or crash the vulnerable
server. There is an updated version of peercast available and all
users should upgrade as soon as possible. |
| Date |
May 28, 2022 |
| BID |
Not Available
|
| Credit |
James Bercegay |
| Title |
Help Center Live Vulnerabilities
|
| Info |
Help Center Live is a `Live` help desk system written in PHP using
a MySql database backend that features Live Support, Trouble Tickets
and FAQ within one project. This is a very popular application,
especially with webhosts and other services. Unfortunately Help Center
Live is vulnerable to Sql injection, Script Injection, and Cross Site
Scripting attacks, but the most serious of the vulnerabilities mentioned
(The SQL Injection attacks) require magic_quotes_gpc to be set to off. |
| Date |
May 17, 2022 |
| BID |
Not Available
|
| Credit |
James Bercegay |
| Title |
Woltlab Burning Board SQL Injection Vulnerability
|
| Info |
Burning Board is a popular, multi purpose forum / community software
offered by WoltLab GmbH. There is an SQL Injection vulnerability in
Burning Board 2.* and earlier that allows for an attacker to influence
SQL Queries and possibly query arbitrary data from the database, such
as admin password hashes. The developers are said to have made a patch
available as of late last week, and all users should upgrade their
Burning Board installations as soon as possible. |
| Date |
May 16, 2022 |
| BID |
Not Available
|
| Credit |
James Bercegay |
| Title |
Yappa-NG Multiple Vulnerabilities
|
| Info |
Yappa-NG is the second generation (new and improved) version
of Yappa (yet another php photo album). There are several
vulnerabilities in Yappa-NG that may allow an attacker to
possibly take control of the vulnerable server. In order to
exploit these vulnerabilities register_globals must be on. An
updated version of Yappa-NG is available, and users should
upgrade as soon as possible. |
| Date |
May 11, 2022 |
| BID |
Not Available
|
| Credit |
James Bercegay |
| Title |
Multiple Invision Power Board Vulnerabilities
|
| Info |
Invision Power Board (IPB) is a professional forum system that
has been built from the ground up with speed and security in
mind. It is used by a great many people all over the world. All
versions of Invision Power Board are vulnerable to a serious
SQL Injection vulnerability.
An attacker does not have to be logged in, or even have access
or permission to view the forums in order to exploit this
vulnerability. Users should upgrade immediately. |
| Date |
May 5, 2022 |
| BID |
Not Available
|
| Credit |
James Bercegay |
| Title |
Multiple SitePanel2 Vulnerabilities
|
| Info |
SitePanel2 is a helpdesk / trouble ticket / support system used
by businesses and individuals alike. There are a number of
vulnerabilities in SitePanel2, some of which are fairly serious.
If an attacker is able to successfully exploit these vulnerabilities
in SitePanel2 he may be able to successfully compromise user accounts
or completely compromise the target web server. A security patch has
been released to address these issues and all users are strongly
encouraged to upgrade their SitePanel2 installations as soon as
possible. |
| Date |
May 3, 2022 |
| BID |
Not Available
|
| Credit |
James Bercegay |
| Title |
Multiple Vulnerabilities In osTicket
|
| Info |
osTicket is a widely-used open source support ticket system. It is a
lightweight support ticket tool written mainly using PHP scripting
language. There are several vulnerabilities in the osTicket software
that may allow for an attacker to take control of the affected web
server, disclose sensitive data from the database, or read arbitrary
files. These issues have been reported to the developers and a new
updated version of osTicket is available for download. All affected
users should upgrade their osTicket installations immediately. |
| Date |
May 2, 2022 |
| BID |
Not Available
|
| Credit |
James Bercegay |
|
|
|
|
|
