|
|
Search
|
|
You can use the form below to search our site. Just enter the
keywords to search.
|
|
 |
| Title |
QPC MegaBrowser Multiple Vulnerabilities
|
| Info |
QPC MegaBrowser is a webserver / FTP server in one.
Aimed at home users and small business who would like
to run their own FTP and HTTP servers. However it is
vulnerable to a directory traversal vulnerability
which allows access to any file on the system as well
as directory viewing of the root web directory. There
is also a user enumeration vulnerability in the FTP
server that allows an attacker to enumerate valid
usernames. |
| Date |
June 04, 2022 |
| BID |
7802
7803
|
| Credit |
James Bercegay |
| Title |
Vulns In Pablo Software Solutions FTP Service 1.2
|
| Info |
FTPService.exe is a service-version of Pablo's FTP Server. This service enables you to have the Pablo FTP server active even when you're not logged into Windows. By default this application is totally open to compromise, and also leaves the users machine open to attacks by allowing access to any file in the C drive. This can be prevented by changing privileges of, or disabling access to the anonymous account. The passwords for Pablo FTP Service are also stored in plaintext, which can definitely be a big threat if the default anonymous account is enabled.
|
| Date |
June 03, 2022 |
| BID |
7799
7801
|
| Credit |
James Bercegay |
| Title |
WinMX Plaintext Password Vulnerabilities
|
| Info |
WinMX 2.6 is an older version of the popular file
sharing client WinMX. While the current version is
3.31, 2.6 still remains quite popular. Especially
amongst users on private networks. I believe this
is largely due to the fact that 2.6 does not have
the option to output .wsx file (WinMX server list
files) This helps keep the addresses for private
OpenNap servers out of the hands of uninvited users
(amongst other reasons). The problems with WinMX 2.6
is that it provides pretty much NO password protection.
This can be exploited both locally and remotely. Again,
I think all of us have seen the bad habit that most
people have of using the same password for multiple
accounts etc etc. |
| Date |
June 02, 2022 |
| BID |
7771
|
| Credit |
James Bercegay |
| Title |
Vulnerabilities In P-Synch Password Management
|
| Info |
P-Synch is a total password management solution. It is intended to
reduce the cost of ownership of password systems, and simultaneously
improve the security of password protected systems. This is done
through: Password Synchronization. Enforcing an enterprise wide
password strength policy. Allowing authenticated users to reset their
own forgotten passwords and enable their locked out accounts.
Streamlining help desk call resolution for password resets. P-Synch is
available for both internal use, on the corporate Intranet, as well as
for the Internet deployment in B2B and B2C applications. There are a few
vulnerabilities in P-Synch such as path disclosure, cross site scripting,
and arbitrary file inclusion. Users should upgrade immediately. |
| Date |
May 30, 2022 |
| BID |
7740
7745
7747
|
| Credit |
James Bercegay |
| Title |
Invision Board Plaintext Password Vulnerability
|
| Info |
Invision Board has been stores restricted forum credentials as plain text
embedded in cookie data. These are the forums where you need a password to
get access into the forum. If the Invision Board admin 'pass protected'
option is activated for a specific forum, on attempted access to the
controlled area, the restricted forum password is stored as plaintext in a
local cookie. This is dangerous because if an attacker can steal the legit
users cookie via cross site scripting or some other method, then they can
gain access to the restricted forum(s). This vulnerability affects all
versions of Invision Power Board. Users should under no circumstances
disclose any sensitive or personal information on these "restricted" forums,
as they are not secure and prone to attack.
|
| Date |
April 25, 2022 |
| BID |
7440
|
| Credit |
James Bercegay |
|
|
|
|
|
