Search | WebPortal | Contact Us
Recent News
Languages


Search
You can use the form below to search our site. Just enter the keywords to search.










Results 1 - 20 of 58 Page 1 of 3
1 2 3 - Next Results per-page: 5 | 10 | 20 | 50

Title Multiple Vulnerabilities In PhotoPost Pro
Info PhotoPost was designed to help you give your users exactly what they want. Your users will be thrilled to finally be able to upload and display their photos for your entire community to view and discuss, all with no more effort than it takes to post a text message to a forum. If you already have a forum (vBulletin, UBB Threads, phpBB, DCForum, or InvisionBoard), you'll appreciate that PhotoPost was designed to seamlessly integrate into your site without the need for your users to register twice and maintain two logins. PhotoPost Pro is vulnerable to some serious SQL Injection issues as well as cross site scripting. An update is available and all users should upgrade now.
Date January 3, 2022
BID Not Available  
Credit James Bercegay


Title Serious Vulnerabilities In PhotoPost ReviewPost
Info Your community of users represents a wealth of knowledge. Now your users can help build and maintain your site by writing reviews of any product imaginable. With ReviewPost, you will quickly amass a valuable collection of user opinions about products that relate to your site. ReviewPost can even use your existing forum login system (if you have one) to keep your users from having to register twice, and makes an excellent companion to ReviewPost. PhotoPost ReviewPost are vulnerable to cross site scripting, SQL Injection, and Arbitrary File Upload. There is a new version of the software available and users are encouraged to upgrade.
Date January 2, 2022
BID Not Available  
Credit James Bercegay


Title Serious Vulnerabilities In PhotoPost Classifieds
Info Add a full-featured user-to-user classified ads system to your website to connect buyers with sellers. No matter what your users interestes may be, they likely want to buy and sell items related to your site's topic, and PhotoPost Classifieds makes it easy. PhotoPost Classifieds is designed to integrate seamlessly into your current site design, and can even use your existing forum user database (if you have one) for one central login. PhotoPost Classifieds are vulnerable to cross site scripting, SQL Injection, and Arbitrary File Upload. There is a new version of the software available and users are encouraged to upgrade.
Date January 1, 2022
BID Not Available  
Credit James Bercegay


Title File Include Vulnerability In php-Calendar
Info I was searching for a decent calendar which my group at school could use to keep track of events, etc. We were previously using localendar, which I didn't like and it had some problems. I found CST-Calendar which did most of what I wanted, but was rather ugly and missed some features others in the group wanted. So, I gradually re-wrote CST-Calendar since that project seems to have stopped work entirely. [ As quoted from their website ] This program includes several potentially very dangerous file include vulnerabilities. Since php-calendar is an open source calendar it has been said that some developers use the php-calendar in their own projects, thus potentially making their applications vulnerable as well.
Date December 29th, 2004
BID Not Available  
Credit James Bercegay


Title Vulnerabilities In WHM Autopilot
Info Started by a webhost looking for more out of a simple managment script, Brandee Diggs (Owner of Spinn A Web Cafe, Founder of Benchmark Designs) setout to build an internal management system that could handle the day to day operations of a normal hosting company. The key was to remove the need to constantly watch your orders and manage the installs. Alas, WHM AutoPilot was born. [ as quoted from their official website ] WHM Autopilot is vulnerable to a number of vulnerabilities such as cross site scripting, file inclusion, and information disclosure.
Date December 27th, 2004
BID Not Available  
Credit James Bercegay


Title Critical Vulnerability In Help Center Live
Info Help Center Live is a `Live` help desk system written in PHP using a MySql database backend that features Live Support, Trouble Tickets and FAQ within one project. This is a very popular application, especially with webhosts and other services. There lies two file include vulnerabilities (both remote and local) that could allow an attacker to execute malicious server side code on your webserver. Aditionally a cross site scripting issue was found in Help Center Live.
Date December 24th, 2004
BID Not Available  
Credit James Bercegay


Title Cross Site Scripting In Psychostats
Info PsychoStats is a statistics generator for games. Currently there is support for a handful of Half-Life "MODs" including Counter-Strike, Day of Defeat, and Natural Selection. PsychoStats gathers statistics from the log files that game servers create by reading through the logs and then calculating detailed statistics for players, maps, weapons and clans. These detailed statistics are stored in a MySQL database which are then viewed online from your website using a set of PHP web pages. Cross site scripting exists in Jason Morriss PsychoStats. This vulnerability exists due to user supplied input not being checked properly. This vulnerability could be used to steal cookie based authentication credentials within the scope of the current domain, or render hostile code in a victim's browser.
Date December 22nd, 2004
BID Not Available  
Credit James Bercegay


Title Multiple Kayako eSupport Vulnerabilities
Info Kayako eSupport is one of the most feature packed support systems. This program is used by many online businesses and webhosts to help with technical support and other various support issues. This application is vulnerable to both Cross Site Scripting and SQL Injection vulnerabilities. The SQL Injection vulnerabilities are fairly serious and may allow for an attacker to influence SQL queries. Full details inside.
Date December 18th, 2004
BID 12037  
Credit James Bercegay


Title Multiple phpGroupWare Vulnerabilities
Info phpGroupWare (formerly known as webdistro) is a multi-user groupware suite written in PHP. It provides a Web-based calendar, todo-list, addressbook, email, news headlines, and a file manager. The calendar supports repeating events. The email system supports inline graphics and file attachments. The system as a whole supports user preferences, themes, user permissions, multi-language support, an advanced API, and user groups. There have been a number of vulnerabilities found in phpGroupWare, including Cross Site Scripting, SQL Injection, and Full Path Disclosure. This application comes with some linux distributions, so check to see if you have it installed. The SQL Injection can be fairly critical.
Date December 14th, 2004
BID 11952  
Credit James Bercegay


Title Multiple Vulnerabilities In SugarCRM
Info Sugar Sales Professional is the solution for companies who use Sugar Sales in a production environment for mission-critical sales knowledge management. Sugar Sales Professional is a visible source CRM application that offers more features than the open source application. It also includes support by SugarCRM staff. Sugar Sales Professional expands the open source application benefits so that your company experiences better performance, integration and support. Multiple vulnerabilities (some high risk) have been discovered in SugarCRM. A recet version was released recently, and was believed to include security fixes, but several of the vulnerabilities still exist in the recently released version 2.0
Date December 1, 2021
BID 11740  
Credit James Bercegay


Title dbPowerAmp Buffer Overflow And DoS Vulnerabilities
Info Often called the Swiss Army knife of audio, dMC can digitally rip sound from audio CDs to a multitude of formats. Convert from one format to another while preserving ID tags. Nearly every audio type is supported, including MP3, MP4, Windows Media Audio (WMA), OGG Vorbis, AAC, Monkey's Audio, and FLAC (with optional installs from Codec Central). For Windows Explorer integration, right-click Convert To to pop up useful information on audio files (such as bit rate and length). Record from LPs with an optional Auxiliary Input install. dBpowerAmp Audio Player (dAP) has a digital conditioning equalizer and an advanced music collection. It's skinnable and has a cross-fader, a playlist editor, and a tag editor. dAP plays MP3s, WMA, Ogg Vorbis, Monkeys Audio, Real Audio, WAV, MIDI, and many more. These programs are vulnerable to buffer overflow as well as denial of service vulnerabilities.
Date September 27, 2021
BID 11266  
Credit James Bercegay


Title Multiple Vulnerabilities In EmuLive Server4
Info Server4 is real-time media broadcasting software that works in conjunction with Emulive producer software to create digital television-like channels on the Internet. To web browsers, Server4 appears as a standard web server. Visitors to a Server4 system can browse and view available channels, chat with other users, remotely control cameras, remotely control devices, create user accounts, extend user accounts, purchase time and access controlled subscriptions, purchase one-to-one exclusive conferences, tip channel hosts, purchase additional time and more. Server4 is prone to unauthorized remote administrative access as well as a vulnerability that will allow an attacker to crash a Server4 instalattion remotely. Proof Of Concept code is included.
Date September 20, 2021
BID 11226  
Credit James Bercegay


Title RhinoSoft DNS4ME HTTP Server Vulnerabilities
Info DNS4Me is the dynamic DNS service that you need to start hosting your own Internet services. When you have a dynamic IP address, you need something to associate a static domain name with it to make it easier for visitors to access the services you provide. With DNS4Me, you can take control of your Web site by running your own HTTP server. Without a hosting company, you've eliminated the cost of hosting as well as a layer of contact between you and your Web site. This gives you unparalleled control overits configuration, content, and delivery. But the benefits of dynamic DNS aren't just for HTTP servers. Any service that can make use of a domain name can benefit from DNS4Me. This includes FTP servers, e-mail servers, daemons for today's popular computer games, NetMeeting… With the reliability and excellent support you've come to expect of RhinoSoft.com backing up DNS4Me, you'll get a powerful, no hassle dynamic DNS solution. The RhinoSoft DNS4ME HTTP server is prone to multiple vulnerabilities, and users are encouraged to upgrade as soon as possible.
Date September 16, 2021
BID 11213  
Credit James Bercegay


Title Multiple Vulnerabilities In phpWebsite
Info phpWebSite provides a complete web site content management solution. All client output is valid XHTML 1.0 and meets the W3C's Web Accessibility Initiative requirements. Currently features: announcement posting, form generator, user management with granulated administration, calendar, poll, faq, photoalbum, bulletin board, rss feeds, user customizable theme support and more. It is one of the most popular content managment systems in the world. However, it is vulnerabile to a number of attacks, some of which allow an attacker to completely take control of a vulnerable phpWebsite installation. Other vulnerabilties in phpWebsite include script injection, SQL injection, forced command execution, and cross site scripting. A security update is available and all phpWebsite users should upgrade their installation as soon as possible.
Date August 31, 2021
BID 11088  
Credit James Bercegay


Title Multiple Vulnerabilities In Xedus Webserver
Info Xedus is a Peer-to-Peer web server and provides you with the ability to share files, music, and any other media, as well as create robust and dynamic web sites, which can feature database access, file system access, with full .net support. Powered by a built in server-side, Microsoft C#, scripting language; Xedus boasts the ability to create sites that can rival web applications built on any other enterprise servers like Apache, IIS, Iplanet… With Xedus, you will never need to pay to host your sites again. Using the peer-to-peer mode, other members of LIVE can access you site by keyword using Internet Explorer even if you do not have a static IP address! Xedus is prone to a number of vulnerabilities, which include Denial Of Service, Cross Site Scripting, and Directory Traversal attacks. These vulnerabilities can allow an attacker to retrieve arbitrary files from the host machine, as well as deny legitimate users access to the webserver.
Date August 30, 2021
BID 11071  
Credit James Bercegay


Title Keene Digital Media Server Directory Traversal
Info Keene Digital Media Server is an easy and affordable way to share all things digital with friends, family, and customers over your broadband connection. DMS turns your computer into a highly secure Web server that automatically converts your files and folders into Web pages, thumbnails, and media shows with no Web programming required. Integrated user and file access security management provide the ultimate control over your content. Keene Digital Media Server allows an attacker to traverse out of the web directory, and retrieve arbitrary files.
Date August 25, 2021
BID 11057  
Credit James Bercegay


Title Easy File Sharing Webserver v1.25 Vulnerabilities
Info Easy File Sharing Web Server is a file sharing software that allows visitors to upload/download files easily through a Web Browser (IE,Netscape,Opera etc.). It can help you share files with your friends and colleagues. They can download files from your computer or upload files from theirs. They will not be required to install this software or any other software because an internet browser is enough. Easy File Sharing Web Server also provides a Bulletin Board System (Forum). The Easy File Sharing Web Server is vulnerable to both Denial Of Service attacks, and unauthorized access to the virtual folders used by the webserver. These vulnerabilities could allow an attacker to crash/DoS the server, or gain read access to arbitrary folders on the server.
Date August 24, 2021
BID 11034   11036  
Credit James Bercegay


Title Possible Security Issues In LiveWorld Products
Info LiveWorld provides collaborative services for online meetings, customer care, and loyalty marketing. Supporting communication between a company and its customers, employees, or partners and among those people themselves - our services help corporations cut costs, increase revenue, and solidify relationships with groups critical to their success. The affected products are beleived to be prone to Cross Site Scripting issues which allow a malicious user to steal sensitive data, temporarily deface a page, or render any malicious script in the context of the victim's browser. The software believed to be vulnerable is LiveForum, LiveQ&A;, and LiveFocusGroups. LiveWorld products are used on major websites such as HBO, eBay, and others.
Date August 23, 2021
BID Not Available  
Credit James Bercegay


Title BadBlue Web Server Denial of Service Vulnerability
Info BadBlue lets you run a no-hassle Web site on your own PC for free, including a domain name you can choose. Within seconds, you can transform your PC into a friendly, file-sharing Web server with all the power of a real server on the Internet. Remote users can search for files, explore your shared folders, and run full-blown applications created in HTML, PHP, Perl, and so on. This HTTP server is vulnerable to a Denial of Service attack. This attack can take place when a malicious user makes a certain number of connections to the server. Included is proof of concept code.
Date August 20, 2021
BID 10983  
Credit James Bercegay


Title Invision Power Board IP Spoofing Vulnerability
Info Invision Power Board (IPB) is a professional forum system that has been built from the ground up with speed and security in mind, taking advantage of object oriented code, highly-optimized SQL queries, and the fast PHP engine. A comprehensive administration control panel is included to help you keep your board running smoothly. Moderators will also enjoy the full range of options available to them via built-in tools and moderators control panel. Members will appreciate the ability to subscribe to topics, send private messages, and perform a host of other options through the user control panel. It is used by millions of people over the world. There lies a vulnerability in all version of Invision Power Board that allow a user to spoof his/her IP address by creating a bogus X_FORWARDED_FOR HTTP Header entry. This condition can also be caused by a user unknowingly if they use a proxy to access the internet. For example, private LAN based IP's will be logged which are impossible to trace.
Date June 16, 2022
BID 10559  
Credit James Bercegay

1 2 3 - Next Results per-page: 5 | 10 | 20 | 50
Results 1 - 20 of 58 Page 1 of 3




Copyright 2004 GulfTech Research And Development, All Rights Reserved