|
|
Search
|
|
You can use the form below to search our site. Just enter the
keywords to search.
|
|
 |
| Title |
Phorum 5.0.3 Beta And Earlier XSS Vulnerabilities
|
| Info |
Phorum is a popular web based message board written in PHP. Phorum is designed with high availability and visitor ease of use in mind. Features such as mailing list integration, easy customization and simple installation make Phorum a powerful add-in to any website. There are a number of XSS (Cross Site Scripting) issues in forum which may allow an attacker or malicious user to run code or script in the context of a users browser which could result in credential disclosure, and more.
|
| Date |
March 15, 2022 |
| BID |
9882
|
| Credit |
James Bercegay |
| Title |
phpBB 2.0.6d && Earlier Security Issues
|
| Info |
phpBB is a great forum system used by many millions of people. It is one of the more secure of the forum systems, but has a few issues still present; both of which allow for XSS (Cross Site Scripting). This problem presents itself in two different places. One of these places is viewtopic.php and the other is viewforum.php Shown are examples along with a brief explanation on how to replicate this issue. I have also released a fix, and will post official patch information as soon as it is made available. Thanks to the phpBB team for thier quick response! |
| Date |
March 12, 2022 |
| BID |
9865
9866
|
| Credit |
James Bercegay |
| Title |
Non Critical Invision Power Board Vulnerabilities
|
| Info |
This is being released in response to the "vulnerability" recently
discovered in Invision Power Board as seen here. We found a very
similar vulnerability at the end of last year while researching IPB,
but did not report it publicly as we did not see it as exploitable.
We recently contacted BugTraq about this but the message was never
published or rejected. Long story short you can find details of this
"vulnerability" within. Also in this post is a flaw we discovered
late last year that discloses the installation path in Invision Power
Board. Neither of these vulnerabilities are critical and webmasters
need not be alarmed. Upgrade is advised though as soon as a fix is
available. |
| Date |
March 02, 2022 |
| BID |
9810
|
| Credit |
James Bercegay |
| Title |
Possible Credential Exposure In Trillian Pro v2.01
|
| Info |
Trillian is a multinetwork chat client that currently
supports mIRC, AIM, ICQ, MSN, and Yahoo Messenger. It
supports docking, multiline edit boxes, buddy alerts,
multiple connections to the same medium, a powerful
skinning language, easy importing of your existing
contacts, skinnable emoticons, logging, global
away/invisible features, and a unified contact list.
It has a direct connection for AIM, support for user
profiles, complete type formatting, buddy icons, proxy
support, emotisounds, encrypted instant messaging to
ICQ and AIM, AIM group chats, and shell extensions for
file transfers. Unfortunately the automated email checking
feature in Trillian leaves behind user credintials in a
temporary file. To make matters worse these credentials are
stored in the temporary file in plaintext, and may be
accessed by other users on the host, or network depending
on user permissions.
|
| Date |
March 01, 2022 |
| BID |
Not Available
|
| Credit |
James Bercegay |
| Title |
Multiple Vulnerabilities In phpShop
|
| Info |
phpShop is a PHP-based e-commerce application and PHP development
framework. phpShop offers the basic features needed to run a
successful e-commerce web site and to extend its capabilities for
multiple purposes. phpShop uses a nice development framework that
allows web developers to easily extend its functionality through
the use of modules. Its web-box architecture makes it easy to
understand and work with, while providing powerful function management
capabilities for your web application needs. It is one of the most
popular php SQL driven e-commerce solutions available today. There are
several vulnerabilities present in phpShop. The vulnerabilities are
believed to affect all versions of phpShop currently distributed, and
include SQL Injection, Arbitrary Customer Information Disclosure, Cross
Site Scripting, and Script Injection. A fix for these vulnerabilities
should be available shortly. Please visit the official phpShop website
for more details as they are made available. |
| Date |
January 15, 2022 |
| BID |
9437
|
| Credit |
James Bercegay |
|
|
|
|
|
