You can use the form below to search our site. Just enter the
keywords to search.
|
|
 |
| Title |
phpBB Notes Mod SQL Injection Vulnerability
|
| Info |
oxpus.de author many popular modules and hacks for the amazingly
popular phpBB software. One of these modules allows users to keep
their own personal memo pad of sorts in the usercp. This particular
mod comes standard with packages like orion_phpbb and others. This
"notes" module is vulnerable to a serious SQL Injection vulnerability
that will allow for an attacker to pull sensitive information from
the underlying database, and possibly compromise the integrity of
the affected phpBB installation. |
| Date |
April 27, 2022 |
| BID |
Not Available
|
| Credit |
James Bercegay |
| Title |
Multiple eGroupware Vulnerabilities
|
| Info |
eGroupware is a very popular open source web based collaboration
software that can be used within an intranet, or externally via
the internet to build a community and/or help coordinate large
projects. eGroupware also comes pre packaged in some linux
distributions. GulfTech Security Research has found a few high
risk SQL Injection vulnerabilities as well as Cross Site Scripting
vulnerabilities. A new version of eGroupware is now available and
all eGroupware users should upgrade immediately. Not only does the
new eGroupware release address these security issues, but it also
includes a number of bugfixes! |
| Date |
April 20, 2022 |
| BID |
Not Available
|
| Credit |
James Bercegay |
| Title |
Multiple Security Issues Found In AZBB
|
| Info |
azbb is a forum that was written with a primary focus on security.
azbb does not require a database such as MySQL, PostGres or MSSQL
and can even be used as a blog, or portal of sorts. Unfortunately
there are a number of security issues in AZBB versions prior to
1.0.08, but none of these issues are considered "high risk". However,
the developer has addressed these issues and all users should upgrade
to the current 1.0.08 version. These vulnerabilities include file
enumeration, arbitrary file deletion, and file inclusion. |
| Date |
April 19, 2022 |
| BID |
Not Available
|
| Credit |
James Bercegay |
| Title |
Multiple ModernBill 4.3.0 And Earlier Vulnerabilities
|
| Info |
ModernBill is a widely used billing and management software used
by webhosts to manage billing and financial data. ModernBill is
prone to remote file inclusion and cross site scripting in version
prior to 4.3.1. These vulnerabilities could allow for an attacker to
execute client side code in the context of the victims web browser,
steal sensitive user data, and run system commands remotely on the
affected web server. A fixed version is available and users are advised
to upgrade immediately. |
| Date |
April 10, 2022 |
| BID |
Not Available
|
| Credit |
James Bercegay |
| Title |
Double Choco Latte Vulnerabilities
|
| Info |
Double Choco Latte is a GNU Enterprise package that provides basic
project management capabilities, time tracking on tasks, call
tracking, email notifications, online documents, statistical reports,
a report engine, and more features are either working or being
developed/planned. It can be displayed inside of a phpGroupWare
installation or be used stand-alone. It is licensed under the GPL
(GNU Public License), which means it is free to study, distribute,
modify, and use. Double Choco Latte 0.9.4 .3 and earlier are prone
to php code execution vulnerabilities which allows an attacker to run
php code with privileges of the webserver. |
| Date |
April 8, 2022 |
| BID |
12894
|
| Credit |
James Bercegay |
| Title |
phpCoin Multiple Vulnerabilities
|
| Info |
phpCoin is a free software package originally designed for
web-hosting resellers to handle clients, orders, invoices,
notes and helpdesk. phpCoin versions 1.2.1b and earlier are
prone to multiple vulnerabilities such as SQL Injection and
File Inclusion vulnerabilities. A new version has been released,
and users should upgrade as soon as possible. Updated packages can be found at the official phpCoin website, located at http://www.phpcoin.com Thanks to the developers for a quick resolution to these issues! |
| Date |
March 29, 2022 |
| BID |
Not Available
|
| Credit |
James Bercegay |
| Title |
Multiple Vulnerabilities In PhotoPost Pro
|
| Info |
PhotoPost was designed to help you give your users exactly
what they want. Your users will be thrilled to finally be
able to upload and display their photos for your entire
community to view and discuss, all with no more effort than
it takes to post a text message to a forum. If you already
have a forum (vBulletin, UBB Threads, phpBB, DCForum, or
InvisionBoard), you'll appreciate that PhotoPost was designed
to seamlessly integrate into your site without the need for
your users to register twice and maintain two logins. PhotoPost
Pro is vulnerable to some serious SQL Injection issues as well as
cross site scripting. An update is available and all users should
upgrade now. |
| Date |
January 3, 2022 |
| BID |
Not Available
|
| Credit |
James Bercegay |
| Title |
Serious Vulnerabilities In PhotoPost ReviewPost
|
| Info |
Your community of users represents a wealth of knowledge. Now
your users can help build and maintain your site by writing
reviews of any product imaginable. With ReviewPost, you will
quickly amass a valuable collection of user opinions about
products that relate to your site. ReviewPost can even use
your existing forum login system (if you have one) to keep your
users from having to register twice, and makes an excellent
companion to ReviewPost. PhotoPost ReviewPost are vulnerable to cross site
scripting, SQL Injection, and Arbitrary File Upload. There is a new
version of the software available and users are encouraged to upgrade. |
| Date |
January 2, 2022 |
| BID |
Not Available
|
| Credit |
James Bercegay |
| Title |
Serious Vulnerabilities In PhotoPost Classifieds
|
| Info |
Add a full-featured user-to-user classified ads system to your
website to connect buyers with sellers. No matter what your users
interestes may be, they likely want to buy and sell items related
to your site's topic, and PhotoPost Classifieds makes it easy.
PhotoPost Classifieds is designed to integrate seamlessly into
your current site design, and can even use your existing forum
user database (if you have one) for one central login. PhotoPost Classifieds are vulnerable to cross site scripting, SQL Injection, and Arbitrary File Upload. There is a new version of the software available and users are encouraged to upgrade. |
| Date |
January 1, 2022 |
| BID |
Not Available
|
| Credit |
James Bercegay |
| Title |
File Include Vulnerability In php-Calendar
|
| Info |
I was searching for a decent calendar which my group at school could
use to keep track of events, etc. We were previously using localendar,
which I didn't like and it had some problems. I found CST-Calendar which
did most of what I wanted, but was rather ugly and missed some features
others in the group wanted. So, I gradually re-wrote CST-Calendar since
that project seems to have stopped work entirely.
[ As quoted from their website ] This program includes several potentially
very dangerous file include vulnerabilities. Since php-calendar is an open
source calendar it has been said that some developers use the php-calendar
in their own projects, thus potentially making their applications vulnerable as well. |
| Date |
December 29, 2021 |
| BID |
Not Available
|
| Credit |
James Bercegay |
|
|
