Search | Research | Contact Us Tuesday October 10, 2021
Languages
Most Viewed Items
  1 PHPXMLRPC Library Remote Code Execution
  2 XOOPS 2.0.11 && Earlier Multiple Vulnerabilities
  3 Multiple Invision Power Board Vulnerabilities
  4 Mambo Multiple Vulnerabilities
  5 eBay And Amazon Still Vulnerable
  6 PEAR XML_RPC Library Remote Code Execution
  7 When Small Mistakes Can Cause Big Problems
  8 Woltlab Burning Board SQL Injection Vulnerability
  9 WordPress 1.5.1.2 And Earlier Multiple Vulnerabilities
10 MySQL Eventum Multiple Vulnerabilities
Need Secure Code?
Quick Search
You can use the form below to search our site. Just enter the keywords to search.
Home Services Archives Research Downloads Contact
Back 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 - Next Results per-page: 5 | 10 | 20 | 50
Results 56 - 60 of 109 Page 12 of 22
Title Vulnerabilities In WHM Autopilot
Info Started by a webhost looking for more out of a simple managment script, Brandee Diggs (Owner of Spinn A Web Cafe, Founder of Benchmark Designs) setout to build an internal management system that could handle the day to day operations of a normal hosting company. The key was to remove the need to constantly watch your orders and manage the installs. Alas, WHM AutoPilot was born. [ as quoted from their official website ] WHM Autopilot is vulnerable to a number of vulnerabilities such as cross site scripting, file inclusion, and information disclosure.
Date December 27, 2021
BID Not Available  
Credit James Bercegay
Title Critical Vulnerability In Help Center Live
Info Help Center Live is a `Live` help desk system written in PHP using a MySql database backend that features Live Support, Trouble Tickets and FAQ within one project. This is a very popular application, especially with webhosts and other services. There lies two file include vulnerabilities (both remote and local) that could allow an attacker to execute malicious server side code on your webserver. Aditionally a cross site scripting issue was found in Help Center Live.
Date December 24, 2021
BID Not Available  
Credit James Bercegay
Title Cross Site Scripting In Psychostats
Info PsychoStats is a statistics generator for games. Currently there is support for a handful of Half-Life "MODs" including Counter-Strike, Day of Defeat, and Natural Selection. PsychoStats gathers statistics from the log files that game servers create by reading through the logs and then calculating detailed statistics for players, maps, weapons and clans. These detailed statistics are stored in a MySQL database which are then viewed online from your website using a set of PHP web pages. Cross site scripting exists in Jason Morriss PsychoStats. This vulnerability exists due to user supplied input not being checked properly. This vulnerability could be used to steal cookie based authentication credentials within the scope of the current domain, or render hostile code in a victim's browser.
Date December 22, 2021
BID Not Available  
Credit James Bercegay
Title Multiple Kayako eSupport Vulnerabilities
Info Kayako eSupport is one of the most feature packed support systems. This program is used by many online businesses and webhosts to help with technical support and other various support issues. This application is vulnerable to both Cross Site Scripting and SQL Injection vulnerabilities. The SQL Injection vulnerabilities are fairly serious and may allow for an attacker to influence SQL queries. Full details inside.
Date December 18, 2021
BID 12037  
Credit James Bercegay
Title Multiple phpGroupWare Vulnerabilities
Info phpGroupWare (formerly known as webdistro) is a multi-user groupware suite written in PHP. It provides a Web-based calendar, todo-list, addressbook, email, news headlines, and a file manager. The calendar supports repeating events. The email system supports inline graphics and file attachments. The system as a whole supports user preferences, themes, user permissions, multi-language support, an advanced API, and user groups. There have been a number of vulnerabilities found in phpGroupWare, including Cross Site Scripting, SQL Injection, and Full Path Disclosure. This application comes with some linux distributions, so check to see if you have it installed. The SQL Injection can be fairly critical.
Date December 14, 2021
BID 11952  
Credit James Bercegay
Back 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 - Next Results per-page: 5 | 10 | 20 | 50
Results 56 - 60 of 109 Page 12 of 22