Search | Research | Contact Us Tuesday October 10, 2021
Languages
Most Viewed Items
  1 PHPXMLRPC Library Remote Code Execution
  2 XOOPS 2.0.11 && Earlier Multiple Vulnerabilities
  3 Multiple Invision Power Board Vulnerabilities
  4 Mambo Multiple Vulnerabilities
  5 eBay And Amazon Still Vulnerable
  6 PEAR XML_RPC Library Remote Code Execution
  7 When Small Mistakes Can Cause Big Problems
  8 Woltlab Burning Board SQL Injection Vulnerability
  9 WordPress 1.5.1.2 And Earlier Multiple Vulnerabilities
10 MySQL Eventum Multiple Vulnerabilities
Need Secure Code?
Quick Search
You can use the form below to search our site. Just enter the keywords to search.
Home Services Archives Research Downloads Contact
Back 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 - Next Results per-page: 5 | 10 | 20 | 50
Results 81 - 85 of 109 Page 17 of 22
Title Multiple JelSoft vBulletin XSS Vulnerabilities
Info JelSoft vBulletin is a powerful, scalable and fully customisable forums package for your web site. Based on the PHP language, and backed with a MySQL back-end database. It is one of the most popular forum systems in the world. It is also prone to several XSS (Cross Site Scripting) issues which may allow an attacker to disclose sensetive user information, and run code in the context of a victims web browser. Check the JelSoft website for any updates regarding this issue.
Date March 15, 2022
BID 9887   9888   9889   9940   9943  
Credit James Bercegay
Title Phorum 5.0.3 Beta And Earlier XSS Vulnerabilities
Info Phorum is a popular web based message board written in PHP. Phorum is designed with high availability and visitor ease of use in mind. Features such as mailing list integration, easy customization and simple installation make Phorum a powerful add-in to any website. There are a number of XSS (Cross Site Scripting) issues in forum which may allow an attacker or malicious user to run code or script in the context of a users browser which could result in credential disclosure, and more.
Date March 15, 2022
BID 9882  
Credit James Bercegay
Title phpBB 2.0.6d && Earlier Security Issues
Info phpBB is a great forum system used by many millions of people. It is one of the more secure of the forum systems, but has a few issues still present; both of which allow for XSS (Cross Site Scripting). This problem presents itself in two different places. One of these places is viewtopic.php and the other is viewforum.php Shown are examples along with a brief explanation on how to replicate this issue. I have also released a fix, and will post official patch information as soon as it is made available. Thanks to the phpBB team for thier quick response!
Date March 12, 2022
BID 9865   9866  
Credit James Bercegay
Title Non Critical Invision Power Board Vulnerabilities
Info This is being released in response to the "vulnerability" recently discovered in Invision Power Board as seen here. We found a very similar vulnerability at the end of last year while researching IPB, but did not report it publicly as we did not see it as exploitable. We recently contacted BugTraq about this but the message was never published or rejected. Long story short you can find details of this "vulnerability" within. Also in this post is a flaw we discovered late last year that discloses the installation path in Invision Power Board. Neither of these vulnerabilities are critical and webmasters need not be alarmed. Upgrade is advised though as soon as a fix is available.
Date March 02, 2022
BID 9810  
Credit James Bercegay
Title Possible Credential Exposure In Trillian Pro v2.01
Info Trillian is a multinetwork chat client that currently supports mIRC, AIM, ICQ, MSN, and Yahoo Messenger. It supports docking, multiline edit boxes, buddy alerts, multiple connections to the same medium, a powerful skinning language, easy importing of your existing contacts, skinnable emoticons, logging, global away/invisible features, and a unified contact list. It has a direct connection for AIM, support for user profiles, complete type formatting, buddy icons, proxy support, emotisounds, encrypted instant messaging to ICQ and AIM, AIM group chats, and shell extensions for file transfers. Unfortunately the automated email checking feature in Trillian leaves behind user credintials in a temporary file. To make matters worse these credentials are stored in the temporary file in plaintext, and may be accessed by other users on the host, or network depending on user permissions.
Date March 01, 2022
BID Not Available  
Credit James Bercegay
Back 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 - Next Results per-page: 5 | 10 | 20 | 50
Results 81 - 85 of 109 Page 17 of 22