|
Search
|
|
You can use the form below to search our site. Just enter the
keywords to search.
|
|
 |
| Title |
dbPowerAmp Buffer Overflow And DoS Vulnerabilities
|
| Info |
Often called the Swiss Army knife of audio, dMC can digitally
rip sound from audio CDs to a multitude of formats. Convert
from one format to another while preserving ID tags. Nearly
every audio type is supported, including MP3, MP4, Windows Media
Audio (WMA), OGG Vorbis, AAC, Monkey's Audio, and FLAC (with
optional installs from Codec Central). For Windows Explorer
integration, right-click Convert To to pop up useful information
on audio files (such as bit rate and length). Record from LPs with
an optional Auxiliary Input install. dBpowerAmp Audio Player (dAP)
has a digital conditioning equalizer and an advanced music
collection. It's skinnable and has a cross-fader, a playlist
editor, and a tag editor. dAP plays MP3s, WMA, Ogg Vorbis, Monkeys
Audio, Real Audio, WAV, MIDI, and many more. These programs are vulnerable to buffer overflow as well as denial of service vulnerabilities. |
| Date |
September 27, 2021 |
| BID |
11266
|
| Credit |
James Bercegay |
| Title |
Multiple Vulnerabilities In EmuLive Server4
|
| Info |
Server4 is real-time media broadcasting software that works
in conjunction with Emulive producer software to create
digital television-like channels on the Internet. To web
browsers, Server4 appears as a standard web server. Visitors
to a Server4 system can browse and view available channels,
chat with other users, remotely control cameras, remotely
control devices, create user accounts, extend user accounts,
purchase time and access controlled subscriptions, purchase
one-to-one exclusive conferences, tip channel hosts, purchase
additional time and more. Server4 is prone to unauthorized remote administrative access as well as a vulnerability that will allow an attacker to crash a Server4 instalattion remotely. Proof Of Concept code is included. |
| Date |
September 20, 2021 |
| BID |
11226
|
| Credit |
James Bercegay |
| Title |
RhinoSoft DNS4ME HTTP Server Vulnerabilities
|
| Info |
DNS4Me is the dynamic DNS service that you need to
start hosting your own Internet services. When you have
a dynamic IP address, you need something to associate a
static domain name with it to make it easier for visitors
to access the services you provide. With DNS4Me, you can
take control of your Web site by running your own HTTP
server. Without a hosting company, you've eliminated the
cost of hosting as well as a layer of contact between you
and your Web site. This gives you unparalleled control
overits configuration, content, and delivery. But the
benefits of dynamic DNS aren't just for HTTP servers. Any
service that can make use of a domain name can benefit from
DNS4Me. This includes FTP servers, e-mail servers, daemons
for today's popular computer games, NetMeeting… With the
reliability and excellent support you've come to expect of
RhinoSoft.com backing up DNS4Me, you'll get a powerful, no
hassle dynamic DNS solution. The RhinoSoft DNS4ME HTTP server
is prone to multiple vulnerabilities, and users are encouraged
to upgrade as soon as possible.
|
| Date |
September 16, 2021 |
| BID |
11213
|
| Credit |
James Bercegay |
| Title |
Multiple Vulnerabilities In phpWebsite
|
| Info |
phpWebSite provides a complete web site content management
solution. All client output is valid XHTML 1.0 and meets the
W3C's Web Accessibility Initiative requirements. Currently
features: announcement posting, form generator, user
management with granulated administration, calendar, poll,
faq, photoalbum, bulletin board, rss feeds, user
customizable theme support and more. It is one of the most
popular content managment systems in the world. However, it
is vulnerabile to a number of attacks, some of which allow an
attacker to completely take control of a vulnerable phpWebsite
installation. Other vulnerabilties in phpWebsite include script
injection, SQL injection, forced command execution, and cross
site scripting. A security update is available and all phpWebsite
users should upgrade their installation as soon as possible. |
| Date |
August 31, 2021 |
| BID |
11088
|
| Credit |
James Bercegay |
| Title |
Multiple Vulnerabilities In Xedus Webserver
|
| Info |
Xedus is a Peer-to-Peer web server and provides you with the
ability to share files, music, and any other media, as well
as create robust and dynamic web sites, which can feature
database access, file system access, with full .net support.
Powered by a built in server-side, Microsoft C#, scripting
language; Xedus boasts the ability to create sites that can
rival web applications built on any other enterprise servers
like Apache, IIS, Iplanet… With Xedus, you will never need
to pay to host your sites again. Using the peer-to-peer mode,
other members of LIVE can access you site by keyword using
Internet Explorer even if you do not have a static IP address!
Xedus is prone to a number of vulnerabilities, which include
Denial Of Service, Cross Site Scripting, and Directory Traversal
attacks. These vulnerabilities can allow an attacker to retrieve
arbitrary files from the host machine, as well as deny legitimate
users access to the webserver. |
| Date |
August 30, 2021 |
| BID |
11071
|
| Credit |
James Bercegay |
| Title |
Keene Digital Media Server Directory Traversal
|
| Info |
Keene Digital Media Server is an easy and affordable way to
share all things digital with friends, family, and customers
over your broadband connection. DMS turns your computer into
a highly secure Web server that automatically converts your
files and folders into Web pages, thumbnails, and media shows
with no Web programming required. Integrated user and file
access security management provide the ultimate control over
your content. Keene Digital Media Server allows an attacker
to traverse out of the web directory, and retrieve arbitrary
files. |
| Date |
August 25, 2021 |
| BID |
11057
|
| Credit |
James Bercegay |
| Title |
Easy File Sharing Webserver v1.25 Vulnerabilities
|
| Info |
Easy File Sharing Web Server is a file sharing software
that allows visitors to upload/download files easily
through a Web Browser (IE,Netscape,Opera etc.). It can help
you share files with your friends and colleagues. They can
download files from your computer or upload files from
theirs. They will not be required to install this software
or any other software because an internet browser is enough.
Easy File Sharing Web Server also provides a Bulletin Board
System (Forum). The Easy File Sharing Web Server is vulnerable
to both Denial Of Service attacks, and unauthorized access to
the virtual folders used by the webserver. These vulnerabilities
could allow an attacker to crash/DoS the server, or gain read
access to arbitrary folders on the server.
|
| Date |
August 24, 2021 |
| BID |
11034
11036
|
| Credit |
James Bercegay |
| Title |
Possible Security Issues In LiveWorld Products
|
| Info |
LiveWorld provides collaborative services for online meetings,
customer care, and loyalty marketing. Supporting communication
between a company and its customers, employees, or partners
and among those people themselves - our services help corporations
cut costs, increase revenue, and solidify relationships
with groups critical to their success. The affected products
are beleived to be prone to Cross Site Scripting issues which allow
a malicious user to steal sensitive data, temporarily deface a page,
or render any malicious script in the context of the victim's browser.
The software believed to be vulnerable is LiveForum, LiveQ&A;, and
LiveFocusGroups. LiveWorld products are used on major websites
such as HBO, eBay, and others. |
| Date |
August 23, 2021 |
| BID |
Not Available
|
| Credit |
James Bercegay |
| Title |
BadBlue Web Server Denial of Service Vulnerability
|
| Info |
BadBlue lets you run a no-hassle Web site on your own PC for free,
including a domain name you can choose. Within seconds, you can
transform your PC into a friendly, file-sharing Web server with
all the power of a real server on the Internet. Remote users can
search for files, explore your shared folders, and run full-blown
applications created in HTML, PHP, Perl, and so on. This HTTP
server is vulnerable to a Denial of Service attack. This attack can
take place when a malicious user makes a certain number of connections
to the server. Included is proof of concept code. |
| Date |
August 20, 2021 |
| BID |
10983
|
| Credit |
James Bercegay |
| Title |
Invision Power Board IP Spoofing Vulnerability
|
| Info |
Invision Power Board (IPB) is a professional forum system that has been built from the ground up with speed and security in mind, taking advantage of object oriented code, highly-optimized SQL queries, and the fast PHP engine. A comprehensive administration control panel is included to help you keep your board running smoothly. Moderators will also enjoy the full range of options available to them via built-in tools and moderators control panel. Members will appreciate the ability to subscribe to topics, send private messages, and perform a host of other options through the user control panel. It is used by millions of people over the world. There lies a vulnerability in all version of Invision Power Board that allow a user to spoof his/her IP address by creating a bogus X_FORWARDED_FOR HTTP Header entry. This condition can also be caused by a user unknowingly if they use a proxy to access the internet. For example, private LAN based IP's will be logged which are impossible to trace.
|
| Date |
June 16, 2022 |
| BID |
10559
|
| Credit |
James Bercegay |
|
|
