Thursday September 9, 2010
Languages
Most Viewed Items
  1 PHPXMLRPC Library Remote Code Execution
  2 XMB Forums Multiple Vulnerabilities
  3 Multiple Invision Power Board Vulnerabilities
  4 Mambo Multiple Vulnerabilities
  5 MySQL Eventum Multiple Vulnerabilities
  6 Gallery 2 Multiple Vulnerabilities
  7 Geeklog Remote Code Execution
  8 RunCMS Multiple Vulnerabilities
  9 Kayako LiveResponse Multiple Vulnerabilities
10 phpRPC Library Remote Code Execution
Quick Search
You can use the form below to search our site. Just enter the keywords to search.
Home Research About Contact
1 2 3 4 5 6 7 8 9 10 11 12 13 - Next Results per-page: 5 | 10 | 20 | 50
Results 1 - 10 of 125 Page 1 of 13
Title WebSVN <= 2.0 Multiple Vulnerabilities
Info WebSVN is an online SVN repository viewer. The description taken from the project website reads "WebSVN offers a view onto your subversion repositories that's been designed to reflect the Subversion methodology. You can view the log of any file or directory and see a list of all the files changed, added or deleted in any given revision. You can also view the differences between 2 versions of a file so as to see exactly what was changed in a particular revision." Unfortunately there are a several issues in WebSVN may allow for an attacker to conduct cross site scripting attacks, and create arbitrary files. There is also a code execution issue in the v1 branch.
Date October 20, 2008
BID Not Available  
Credit James Bercegay
Title AEF Forum <= 1.0.6 Remote Code Execution
Info Advanced Electron Forum also known as AEF Forum is a full featured online forum system written in php that allows webmasters and site owners to host their own discussion forums within their website. The Advanced Electron Forum software comes bundled with the popular MKPortal package, but is also available as a free stand alone forum. Unfortunately there are multiple remote code execution issues within AEF that allow for an attacker to execute arbitrary php code with privileges of the affected webserver. This is due to the improper handling of evaluated bbcode within AEF Forum. Users should upgrade their forums as soon as possible.
Date September 20, 2008
BID Not Available  
Credit James Bercegay
Title UBB.threads <= 7.3.1 SQL Injection
Info UBB.threads is a popular online forum system written in php that allows webmasters and site owners to host their own discussion forums within their website. Unfortunately UBB.threads is vulnerable to an SQL Injection in it's search functionality that may allow for an attacker to execute arbitrary SQL queries on the underlying database. An updated version of UBB.threads has been released to address this issue and users should upgrade as soon as possible.
Date September 8, 2008
BID Not Available  
Credit James Bercegay
Title Zen Cart <= 1.3.8a SQL Injection
Info Zen Cart is a full featured open source ecommerce web application written in php that allows users to build, run and promote their own online store. Unfortunately there are multiple SQL Injection issues in Zen Cart that may allow an attacker to execute arbitrary SQL queries on the underlying database. This may allow for an attacker to gather username and password information, among other things. An updated version of Zen Cart has been released to address these issues and users are encouraged to upgrade as soon as possible.
Date September 4, 2008
BID Not Available  
Credit James Bercegay
Title CS-Cart <= 1.3.5 SQL Injection
Info CS-Cart Cart is a full featured online ecommerce application written in php that allows users to build, run and promote an online store. There is unfortunately a fairly serious SQL Injection issue within CS-Cart that can be used to easily take over user and administrator accounts, as well as used to retrieve arbitrary data from the database. The CS-Cart team have released an updated version of CS-Cart to resolve this issue, and users should upgrade as soon as possible.
Date September 2, 2008
BID Not Available  
Credit James Bercegay
Title Crafty Syntax Live Help <= 2.14.6 SQL Injection
Info Crafty Syntax Live Help is a full featured, open source, online support system written in php that allows the visitors of a website to interact in real time with the site owners. There is a couple of high risk SQL Injections in Crafty Syntax Live Help that allows for an attacker to read arbitrary database contents such as user credentials, or administrator credentials. An updated version of Crafty Syntax Live Help is now available and users should upgrade as soon as possible.
Date August 25, 2008
BID Not Available  
Credit James Bercegay
Title Vanilla <= 1.1.4 Input Validation Vulnerabilities
Info Vanilla is an open-source, standards-compliant, multi-lingual, fully extensible web based discussion forum. Unfortunately there are a couple of issues within Vanilla that allow for a malicious user to steal client based credentials such as cookies. These issues include both script injection and cross site scripting. An updated version of Vanilla has been released and users should upgrade their Vanilla installation as soon as possible.
Date August 19, 2008
BID Not Available  
Credit James Bercegay
Title SunShop <= 4.1.4 SQL Injection
Info SunShop shopping cart is a full featured ecommerce solution written in php that allows for web masters to run their own online ecommerce operation. Unfortunately there are a number of SQL Injection issues in SunShop that allow for an attacker to have arbitrary access to the SunShop database where they can access information such as customer and administrator details. An updated version of SunShop has been released to address these issues, and users should upgrade soon.
Date August 18, 2008
BID Not Available  
Credit James Bercegay
Title PHP Live Helper Multiple Vulnerabilities
Info PHP Live Helper is an online support system written in php that allows the visitors of a website to interact in real time with the site owners. There are a number of issues in PHP Live Helper that allow for several different attacks such as SQL Injection, Variable Overwriting, and remote code execution. The issues require no authentication to exploit, and users are encouraged to upgrade as soon as possible.
Date August 16, 2008
BID Not Available  
Credit James Bercegay
Title Kayako SupportSuite <= 3.20.02 Multiple Vulnerabilities
Info Kayako SupportSuite is a very popular online eSupport application that consists of several well known Kayako products such as Kayako LiveResponse and Kayako eSupport. Unfortunately there are several security issues in Kayako SupportSuite that may allow for an attacker to gain access to a staff account and then escalate their privileges to administrator. These issues include Cross Site Scripting, Script Injection, and SQL Injection. All of these issues are resolved in Kayako SupportSuite 3.30 and users should upgrade as soon as possible.
Date August 9, 2008
BID Not Available  
Credit James Bercegay
1 2 3 4 5 6 7 8 9 10 11 12 13 - Next Results per-page: 5 | 10 | 20 | 50
Results 1 - 10 of 125 Page 1 of 13
Terms of Use | Disclaimer
Copyright 2010 GulfTech Research And Development, LLC. All Rights Reserved