|
Search
|
|
You can use the form below to search our site. Just enter the
keywords to search.
|
|
 |
|
Results 21 - 40 of 58
|
Page 2 of 3
|
|
back
1
2
3
- Next
|
Results per-page: 5 | 10 | 20 | 50
|
| Title |
Multiple Vulnerabilities In PHPX 3.26 And Earlier
|
| Info |
PHPX is a constantly evolving and changing Content Management System (CMS). PHPX is highly customizable and high powered all in one system. PHPX provides content management combined with the power of a portal by including in the core package modules such as FAQ, polls, and forums. PHPX uses dynamic-template-design, what this means is that you have the power to control what your site will look like. Themes are included, but not required. You can create the page however you want, and PHPX will just insert code where you want it. No more 3 columns if you don’t want it! Written in the powerful server language, PHP, and utilizing the amazingly fast and secure database MySQL, PHPX is a great solution for all size website communities, at the best price possible…free! Vulnerabilities are present in version(s) 3.2.6 and earlier and present themselves in the form of cross site scripting, path disclosure, and arbitrary command execution. Users are advised to upgrade immeadiately. |
| Date |
May 04, 2022 |
| BID |
10283
10284
|
| Credit |
James Bercegay |
| Title |
Multiple Vulnerabilities In OpenBB
|
| Info |
OpenBB is a fast, lightweight, powerful bulletin board written in PHP/MySQL. Main features include: full customization via styles templates, instant messaging, private messaging, categories, member ranks, poll based threads, moderation, BB codes, thread notifications, Avatars, member lists, private forums and more. OpenBB is prone to several security issues such as SQL Injection, XSS, arbitrary command execution and more. |
| Date |
April 24, 2022 |
| BID |
10214
|
| Credit |
James Bercegay |
| Title |
phpBugTracker Multiple Vulnerabilities
|
| Info |
phpBugTracker is meant to be a replacement for Bugzilla. Simplicity in use and installation, Use templates to achieve presentation independence, Use a database abstraction layer to achieve database independence. phpBugTracker is a portable and powerful web-based bug tracking system. It is vulnerable to several issues including XSS, SQL injection and Script Injection. These issues can be used to expose and alter database information. |
| Date |
April 14, 2022 |
| BID |
10153
|
| Credit |
James Bercegay |
| Title |
Multiple Vulnerabilities in TikiWiki CMS Groupware
|
| Info |
Tiki CMS/Groupware (aka TikiWiki) is a powerful open-source
Content Management System (CMS) and Groupware that can be
used to create all sorts of Web applications, Sites, Portals,
Intranets and Extranets. TikiWiki also works great as a Web-based
collaboration tool. TikiWiki is a multi-purpose package with a
lot of native options and sections that you can enable/disable
as you need them. It is designed to be international, clean and
extensible. TikiWiki incorporates all the features present in
several excellent wiki systems available today plus a lot of
new features and options, allowing your wiki application to be
whatever you want it to be--from a simple wiki to a complex site
for a whole user community with many intermediate steps. You can
use TikiWiki as a forums site, a chatroom, for poll taking, and
much more! There lies a number of vulnerabilities in TikiWiki
though. These vulnerabilities include SQL Injection, Directory
Traversal, Information Disclosre, Arbitrary File Upload, XSS,
Script Injection and more. |
| Date |
April 11, 2022 |
| BID |
10100
|
| Credit |
James Bercegay |
| Title |
PhotoPost PHP Pro Multiple Vulnerabilities
|
| Info |
PhotoPost PHP Pro is a photo gallery script that allows users to share, upload and manage their photos. PhotoPost also integrates seamlessly into a number of large name forum systems such as Invision Power Board, phpBB, vBulletin, and many more. It is prone to a number of security issues which allow for attack on not only the PhotoPost installation, but also the forum it is integrated into. These vulnerabilities include SQL Injection, XSS, Denial Of Service and Script Injection. Most of the issues seem to be resolved in 4.7 |
| Date |
March 28, 2022 |
| BID |
9994
|
| Credit |
James Bercegay |
| Title |
Invision Gallery SQL Injection Vulnerabilities
|
| Info |
Invision Gallery is a fully featured, powerful gallery system that
is easy and fun to use! It plugs right into your existing Invision
Power Board to create a seamless browsing experience for the users
of your forum. Unfortunately Invision Gallery comes up very short
in regards to user supplied input validation. Because of this an
attacker can influence queries, and even use these issues to launch
an attack against the IPB instalattion on which the gallery resides. |
| Date |
March 22, 2022 |
| BID |
9944
|
| Credit |
James Bercegay |
| Title |
Invision Power Top Site List SQL Injection Vulnerability
|
| Info |
Invision Power Top Site List is a flexible site ranking script written in PHP, the popular programming choice for web developers. Featuring an impressive feature set with a user-friendly interface your community will feel at home using the system. It is vulnerable to attack though through a fairly serious SQL Injection issue which may allow an attacker to query arbitrary information such as hashed admin credentials and more. |
| Date |
March 21, 2022 |
| BID |
9945
|
| Credit |
James Bercegay |
| Title |
phpBB 2.0.7a And Earlier Security Issues
|
| Info |
phpBB 2.0.7 and earlier have a number of security issues. One of
these issues is SQL Injection and Cross Site Scripting in the admin
panel. This is an issue that would take either admin access or a bit
of social engineering for an attacker to use. But there is a far more
serious problem in phpBB and that problem is lack of session
authentication in certain parts of phpBB. This could allow for a
malicious user to have an admin unknowingly execute undo-able actions
in both the admin panel and the forum itself. This issue also affects
users. Read this for more details. |
| Date |
March 20, 2022 |
| BID |
9942
|
| Credit |
James Bercegay |
| Title |
Mambo Open Source Multiple Vulnerabilities
|
| Info |
Mambo Open Source is the finest open source Web Content Management
System available today. Mambo Open Source makes communicating via
the Web easy. Have you always wanted to have your own site but never
understood how? Well Mambo Open Source is just the ticket! With Mambo
Open Source there is no need for HTML, XML or DHTML skills, just enter
your content, add a picture and then through the easy to use
administrator web-interface ...click Publish! Simple ... Quick ... And
easy! With the in-built editor Mambo Open Source allows you to design
and create your content without the need for HTML code. Maintaining a
website has never been easier. Mambo Open Source is vulnerable to
several attacks including cross site scripting as well as SQL Injection
vulnerabilities.
|
| Date |
March 16, 2022 |
| BID |
9890
9891
|
| Credit |
James Bercegay |
| Title |
Multiple JelSoft vBulletin XSS Vulnerabilities
|
| Info |
JelSoft vBulletin is a powerful, scalable and fully customisable
forums package for your web site. Based on the PHP language, and
backed with a MySQL back-end database. It is one of the most
popular forum systems in the world. It is also prone to several
XSS (Cross Site Scripting) issues which may allow an attacker to
disclose sensetive user information, and run code in the context
of a victims web browser. Check the JelSoft website for any updates
regarding this issue. |
| Date |
March 15, 2022 |
| BID |
9887
9888
9889
9940
9943
|
| Credit |
James Bercegay |
| Title |
Phorum 5.0.3 Beta And Earlier XSS Vulnerabilities
|
| Info |
Phorum is a popular web based message board written in PHP. Phorum is designed with high availability and visitor ease of use in mind. Features such as mailing list integration, easy customization and simple installation make Phorum a powerful add-in to any website. There are a number of XSS (Cross Site Scripting) issues in forum which may allow an attacker or malicious user to run code or script in the context of a users browser which could result in credential disclosure, and more.
|
| Date |
March 15, 2022 |
| BID |
9882
|
| Credit |
James Bercegay |
| Title |
phpBB 2.0.6d && Earlier Security Issues
|
| Info |
phpBB is a great forum system used by many millions of people. It is one of the more secure of the forum systems, but has a few issues still present; both of which allow for XSS (Cross Site Scripting). This problem presents itself in two different places. One of these places is viewtopic.php and the other is viewforum.php Shown are examples along with a brief explanation on how to replicate this issue. I have also released a fix, and will post official patch information as soon as it is made available. Thanks to the phpBB team for thier quick response! |
| Date |
March 12, 2022 |
| BID |
9865
9866
|
| Credit |
James Bercegay |
| Title |
Non Critical Invision Power Board Vulnerabilities
|
| Info |
This is being released in response to the "vulnerability" recently
discovered in Invision Power Board as seen here. We found a very
similar vulnerability at the end of last year while researching IPB,
but did not report it publicly as we did not see it as exploitable.
We recently contacted BugTraq about this but the message was never
published or rejected. Long story short you can find details of this
"vulnerability" within. Also in this post is a flaw we discovered
late last year that discloses the installation path in Invision Power
Board. Neither of these vulnerabilities are critical and webmasters
need not be alarmed. Upgrade is advised though as soon as a fix is
available. |
| Date |
March 02, 2022 |
| BID |
9810
|
| Credit |
James Bercegay |
| Title |
Possible Credential Exposure In Trillian Pro v2.01
|
| Info |
Trillian is a multinetwork chat client that currently
supports mIRC, AIM, ICQ, MSN, and Yahoo Messenger. It
supports docking, multiline edit boxes, buddy alerts,
multiple connections to the same medium, a powerful
skinning language, easy importing of your existing
contacts, skinnable emoticons, logging, global
away/invisible features, and a unified contact list.
It has a direct connection for AIM, support for user
profiles, complete type formatting, buddy icons, proxy
support, emotisounds, encrypted instant messaging to
ICQ and AIM, AIM group chats, and shell extensions for
file transfers. Unfortunately the automated email checking
feature in Trillian leaves behind user credintials in a
temporary file. To make matters worse these credentials are
stored in the temporary file in plaintext, and may be
accessed by other users on the host, or network depending
on user permissions.
|
| Date |
March 01, 2022 |
| BID |
Not Available
|
| Credit |
James Bercegay |
| Title |
Multiple Vulnerabilities In phpShop
|
| Info |
phpShop is a PHP-based e-commerce application and PHP development
framework. phpShop offers the basic features needed to run a
successful e-commerce web site and to extend its capabilities for
multiple purposes. phpShop uses a nice development framework that
allows web developers to easily extend its functionality through
the use of modules. Its web-box architecture makes it easy to
understand and work with, while providing powerful function management
capabilities for your web application needs. It is one of the most
popular php SQL driven e-commerce solutions available today. There are
several vulnerabilities present in phpShop. The vulnerabilities are
believed to affect all versions of phpShop currently distributed, and
include SQL Injection, Arbitrary Customer Information Disclosure, Cross
Site Scripting, and Script Injection. A fix for these vulnerabilities
should be available shortly. Please visit the official phpShop website
for more details as they are made available. |
| Date |
January 15, 2022 |
| BID |
9437
|
| Credit |
James Bercegay |
| Title |
Multiple Vulnerabilities In phpGedView
|
| Info |
The phpGedView project parses GEDCOM 5.5 genealogy files and displays
them on the Internet in a format similar to PAF. It is one of the top
10 most popular projects at SourceForge. However, in addition to the
vulnerabilities found by Vietnamese Security Group last week in
phpGedView, GulfTech Security Research has also found a number of
vulnerabilities which are now fixed in the latest beta release. These
issues include SQL injection vulnerabilities, path disclosure
vulnerabilities, cross site scriting vulnerabilities, and a denial
of service vulnerability. Users are strongly encouraged to upgrade. |
| Date |
January 13, 2022 |
| BID |
Not Available
|
| Credit |
James Bercegay |
| Title |
Multiple MetaDot Vulnerabilities Found
|
| Info |
MetaDot is a very popular Open Source portal application written in
Perl and powered by MySql. It's users range from home users to
the likes of governments, banks, universities and even NASA ;) It has
been found to be prone to SQL Injection, and XSS attacks due to not
properl validating the user supplied input that it receives. It also
divulges a great deal of information about it's host when calling
certain invalid arguments. These vulnerabilities are believed to
affect all versions including 5.6.5.4b5 and below. The MetaDot
Corporation team has addresses the issues in the latest version
though, and users are strongly encouraged to upgrade as soon as
possible. |
| Date |
January 12, 2022 |
| BID |
9439
|
| Credit |
James Bercegay |
| Title |
Vulnerabilities In PostNuke 0.726 Phoenix
|
| Info |
PostNuke is a popular Open Source CMS (Content Management
System) used by millions of people all across the world.
GulfTech Security Research has recendly found a couple of
vulnerabilities in the popular open source CMS (Content
Managment System) PostNuke. Versions affected are 0.726
Phoenix and though not confirmed older versions may be
affected as well. These vulnerabilities have been resolved
by the developers very promptly and a patch is available at
the official PostNuke website. The vulnerabilities discovered
are SQL Injection and Cross Site Scripting. More details of
the vulnerabilities available .
|
| Date |
January 03, 2022 |
| BID |
7047
|
| Credit |
James Bercegay |
| Title |
Multiple osCommerce Vulnerabilities
|
| Info |
GulfTech Security Research has found yet more vulnerabilities in the popular ecommerce product osCommerce. These vulnerabilities include SQL Injection, Denial Of Service, and Cross Site Scripting. While there has been several vulnerabilities found in this product by us lately, I would like to point out that these finds only make for a more secure product. I do think that the next release of osCommerce (MS3) will be one of the most secure ecommerce products around. The osCommerce development team have been prompt in resolving these issues. Anyway, check out the full detailed report inside and the osCommerce website for a fix :o) |
| Date |
December 22, 2021 |
| BID |
9275
9277
|
| Credit |
James Bercegay |
| Title |
Multiple vulnerabilities in ASPapp Products
|
| Info |
ASPapp offers a wide range of web applications written in .asp Amongst them is the fairly popular AspApp Portal. Several of these products have very weak security and can allow an attacker to completely take over an affected portal or site running the vulnerable software. The vulnerabilities include Script Injection, Account Hijacking, Privilege Escalation, Cross Site Scripting, and Plaintext Authentication Credentials. |
| Date |
December 18, 2021 |
| BID |
9250
|
| Credit |
James Bercegay |
|
back
1
2
3
- Next
|
Results per-page: 5 | 10 | 20 | 50
|
|
Results 21 - 40 of 58
|
Page 2 of 3
|
|
|
