Search | Research | Contact Us Tuesday October 10, 2021
Languages
Most Viewed Items
  1 PHPXMLRPC Library Remote Code Execution
  2 XOOPS 2.0.11 && Earlier Multiple Vulnerabilities
  3 Multiple Invision Power Board Vulnerabilities
  4 Mambo Multiple Vulnerabilities
  5 eBay And Amazon Still Vulnerable
  6 PEAR XML_RPC Library Remote Code Execution
  7 When Small Mistakes Can Cause Big Problems
  8 Woltlab Burning Board SQL Injection Vulnerability
  9 WordPress 1.5.1.2 And Earlier Multiple Vulnerabilities
10 MySQL Eventum Multiple Vulnerabilities
Need Secure Code?
Quick Search
You can use the form below to search our site. Just enter the keywords to search.
Home Services Archives Research Downloads Contact
Back 1 2 3 4 5 6 7 8 9 10 11 - Next Results per-page: 5 | 10 | 20 | 50
Results 91 - 100 of 109 Page 10 of 11
Title Multiple vulnerabilities in ASPapp Products
Info ASPapp offers a wide range of web applications written in .asp Amongst them is the fairly popular AspApp Portal. Several of these products have very weak security and can allow an attacker to completely take over an affected portal or site running the vulnerable software. The vulnerabilities include Script Injection, Account Hijacking, Privilege Escalation, Cross Site Scripting, and Plaintext Authentication Credentials.
Date December 18, 2021
BID 9250  
Credit James Bercegay
Title Autorank PHP SQL Injection Vulnerability
Info Autorank PHP is a widely used topsite script offered by JMB Software. It is vulnerable to SQL Injection attacks in the "accounts.php" file. These vulnerabilities can be exploited by a malicious user via the lost password form, account edit form, or the registration form. The vulnerabilities leave user accounts open to compromise as well as the entire database that is being used for a particular top site.
Date December 18, 2021
BID 9251  
Credit James Bercegay
Title osCommerce Malformed Session ID XSS Vulnerability
Info osCommerce is a very powerful open source e-commerce solution. It has been found however to be vulnerable to an XSS vuln due to the session id parameter not being properly sanitized. This seems to take place only over a secure, SSL connection, however it is believed to affect even regular http connections in the current CVS version. In some cases (namely the CVS version) the full path of the web directory may also be exposed when exploiting this vulnerability.
Date December 17, 2021
BID 9238  
Credit James Bercegay
Title Multiple Vulnerabilities In Aardvark Topsites
Info Aardvark Topsites is a very powerful, and popular Topsites Ranking web application. Versions prior to 4.1.1 are vulnerable to a number of issues though. These issues include SQL Injection, Path Disclosure, Plaintext Weaknesses, and information disclosure vulnerabilities. You can update your Aardvark Topsite at the official download site. All users should upgrade as soon as possible.
Date December 16, 2021
BID 9231  
Credit James Bercegay
Title Invision Power Board SQL Injection Vulnerability
Info Invision Power Board is one of the most popular and powerful forums available today. It is used by millions of people worldwide and businesses alike. There is however an SQL Injection vulnerability that affects ALL versions (even the non public releases). The people at Invision power were very prompt and professional in addressing the issue and there is now an available fix less than a week after I discovered the vulnerability. Details and a link to the fix are available in the report by GulfTech Security Research.
Date December 16, 2021
BID 9232  
Credit James Bercegay
Title Invision Power Top Site List SQL Injection
Info Invision Power Top Site List is a flexible site ranking script written in PHP. Featuring an impressive feature set with a user-friendly interface. However It is vulnerable to SQL injection. This flaw is hard to exploit, thus it will not be addressed until the next release of the Invision Power Top Site List. No patches or immediate upgrade will be released.
Date December 15, 2021
BID 9229  
Credit James Bercegay
Title Multiple Vulnerabilities In DU Ware Products
Info DU Ware are a company that offers a very large number of web based applications for both purchase and free download. Their products are vulnerable to a substantial number of attacks, and contain many weaknesses. This includes but is not limited to: Account HiJacking, Code Execution, Arbitrary File Upload, Privilege Escalation and more. There are currently no fixes for these issues, and no patches will be issued. I guess thier customers will have to wait til the new software versions to have thier data and servers be secure.
Date December 15, 2021
BID 9246  
Credit James Bercegay
Title Security Issues In CGINews And CGIForum
Info CGINews and CGIForum are two fairly popular scripts by Markus Triska. CGINews is a multi-user Web site news posting system written in Perl. And CGIForum is A template based discussion board also written in Perl. However they both rely on a very weak encryption algorithm that can be decrypted easily. The author has no plans on switching to a more secure one way encryption, so if security is a concern try another forum system.
Date December 14, 2021
BID 9214  
Credit James Bercegay
Title osCommerce 2.2-MS1 SQL Injection Vulnerability
Info osCommerce is one of the most popular Open Source e-commerce solutions in the world today. It comes with many out of the box features and is constantly being developed by the Open Source Community. Recently GulfTech Security Research has discovered an SQL Injection vuln in the create_account_process.php and the account_edit_process.php files. This vulnerability is present in osCommerce 2.2-MS1 but does not appear to be an issue in osCommerce 2.2-MS2. Advice to all osCommerce shop owners is to upgrade to the latest version of osCommerce by clicking here.
Date December 12, 2021
BID 9211  
Credit James Bercegay
Title Multiple Vulnerabilities In Snitz Forums 2000
Info Snitz forums is a full-featured UBB-style ASP discussion board application used by thousands of people across the web. Recently I found many serious vulnerabilities in this application that may allow an attacker to take over an entire Snitz forum. The vulnerabilities include cross site scripting issues, cookie authentication bypass vulnerability, and a password reset vulnerability. Users are encouraged to upgrade as soon as possible.
Date June 16, 2022
BID 7922   7924   7925  
Credit James Bercegay
Back 1 2 3 4 5 6 7 8 9 10 11 - Next Results per-page: 5 | 10 | 20 | 50
Results 91 - 100 of 109 Page 10 of 11