|
|
Search
|
|
You can use the form below to search our site. Just enter the
keywords to search.
|
|
 |
|
Results 51 - 58 of 58
|
Page 2 of 2
|
|
back
1
2
|
Results per-page: 5 | 10 | 20 | 50
|
| Title |
QPC MegaBrowser Multiple Vulnerabilities
|
| Info |
QPC MegaBrowser is a webserver / FTP server in one.
Aimed at home users and small business who would like
to run their own FTP and HTTP servers. However it is
vulnerable to a directory traversal vulnerability
which allows access to any file on the system as well
as directory viewing of the root web directory. There
is also a user enumeration vulnerability in the FTP
server that allows an attacker to enumerate valid
usernames. |
| Date |
June 04, 2022 |
| BID |
7802
7803
|
| Credit |
James Bercegay |
| Title |
Vulns In Pablo Software Solutions FTP Service 1.2
|
| Info |
FTPService.exe is a service-version of Pablo's FTP Server. This service enables you to have the Pablo FTP server active even when you're not logged into Windows. By default this application is totally open to compromise, and also leaves the users machine open to attacks by allowing access to any file in the C drive. This can be prevented by changing privileges of, or disabling access to the anonymous account. The passwords for Pablo FTP Service are also stored in plaintext, which can definitely be a big threat if the default anonymous account is enabled.
|
| Date |
June 03, 2022 |
| BID |
7799
7801
|
| Credit |
James Bercegay |
| Title |
WinMX Plaintext Password Vulnerabilities
|
| Info |
WinMX 2.6 is an older version of the popular file
sharing client WinMX. While the current version is
3.31, 2.6 still remains quite popular. Especially
amongst users on private networks. I believe this
is largely due to the fact that 2.6 does not have
the option to output .wsx file (WinMX server list
files) This helps keep the addresses for private
OpenNap servers out of the hands of uninvited users
(amongst other reasons). The problems with WinMX 2.6
is that it provides pretty much NO password protection.
This can be exploited both locally and remotely. Again,
I think all of us have seen the bad habit that most
people have of using the same password for multiple
accounts etc etc. |
| Date |
June 02, 2022 |
| BID |
7771
|
| Credit |
James Bercegay |
| Title |
Vulnerabilities In P-Synch Password Management
|
| Info |
P-Synch is a total password management solution. It is intended to
reduce the cost of ownership of password systems, and simultaneously
improve the security of password protected systems. This is done
through: Password Synchronization. Enforcing an enterprise wide
password strength policy. Allowing authenticated users to reset their
own forgotten passwords and enable their locked out accounts.
Streamlining help desk call resolution for password resets. P-Synch is
available for both internal use, on the corporate Intranet, as well as
for the Internet deployment in B2B and B2C applications. There are a few
vulnerabilities in P-Synch such as path disclosure, cross site scripting,
and arbitrary file inclusion. Users should upgrade immediately. |
| Date |
May 30, 2022 |
| BID |
7740
7745
7747
|
| Credit |
James Bercegay |
| Title |
Invision Board Plaintext Password Vulnerability
|
| Info |
Invision Board has been stores restricted forum credentials as plain text
embedded in cookie data. These are the forums where you need a password to
get access into the forum. If the Invision Board admin 'pass protected'
option is activated for a specific forum, on attempted access to the
controlled area, the restricted forum password is stored as plaintext in a
local cookie. This is dangerous because if an attacker can steal the legit
users cookie via cross site scripting or some other method, then they can
gain access to the restricted forum(s). This vulnerability affects all
versions of Invision Power Board. Users should under no circumstances
disclose any sensitive or personal information on these "restricted" forums,
as they are not secure and prone to attack.
|
| Date |
April 25, 2022 |
| BID |
7440
|
| Credit |
James Bercegay |
| Title |
JpegX Password Bypass Vulnerability
|
| Info |
Jpegx is a modern day application of steganography. It will
encrypt and hide messages in jpeg files to provide ample medium
for sending secure information. The images remain visually
unchanged but the code inside is altered to hide your message.
Anyone with the Jpegx program could read your message as long
as they know the password that you encrypted it with. There lies
a vulnerability that allows the password feature to be pretty
much useless, as it will accept any password. Users should upgrade
immediately. |
| Date |
April 20, 2022 |
| BID |
7298
|
| Credit |
James Bercegay |
| Title |
Multiple Vulnerabilities In PHP Links
|
| Info |
phpLinks is an open source free PHP script. phpLinks
allows you to run a very powerful link farm or search
engine. phpLinks has multilevel site categorization,
infinite threaded search capabilities and more. phpLinks
is prone to HTML injection due to a vulnerability in
the search feature. Search queries are not sufficiently
sanitized of HTML and script code. These search queries
may potentially be displayed to other users when the
most popular searches are viewed. If an attacker
includes malicious HTML or script code in these queries,
it is possible that the attacker-supplied code may be
rendered in the web client software of other users. This
is just one of several code injection issues in phpLinks. |
| Date |
January 17, 2022 |
| BID |
6632
6633
|
| Credit |
James Bercegay |
| Title |
Vulnerabilities In PHP Topsites
|
| Info |
PHP TopSites is a PHP/MySQL-based customizable TopList script.
Main features include: Easy configuration config file; MySQL
database backend; unlimited categories, Site rating on incoming
votes; Special Rating from Webmaster; anti-cheating gateway;
Random link; Lost password function; Webmaster Site-approval;
Edit site; ProcessingTime display; Cookies Anti-Cheating; Site
Reviews; Linux Cron Free; Frame Protection and much more. We
have discovered this application has several vulnerabilities.
These vulnerabilities include, but are not limited to: Cross
Site Scripting vulnerabilities, SQL Injection, Script Injection,
and Plaintext password weakness. Users are advised to upgrade
immediately. The most recent version of iTop PHP Topsites can
be found at thier official website. |
| Date |
January 13, 2022 |
| BID |
6621
6622
6623
6625
|
| Credit |
James Bercegay |
|
back
1
2
|
Results per-page: 5 | 10 | 20 | 50
|
|
Results 51 - 58 of 58
|
Page 2 of 2
|
|
|
|
|
|
