Category Archive for ‘Security Vulnerabilities’ at Justin Samuel

Archive for the 'Security Vulnerabilities' Category

Vulnerability: AWBS magic_quotes_gpc “Off” SQL Injection and XSS

Published

on June 10, 2007

. 0 Comments

Advisory: AWBS magic_quotes_gpc “Off” SQL Injection and XSS Vulnerabilities
Release Date: 2007-06-10
Last Modified: 2007-07-26
Author: Justin Samuel [http://www.justinsamuel.com]

Application: AWBS < 2.6.0
Severity: Highly Critical
Impact: Disclosure of sensitive information
Cross site scripting
Vendor Status: Vendor released version 2.6.0 to address issue. Testing still needed to verify that issue is corrected.

Vendor: Total Online Solutions, Inc.
App. Website: http://www.awbs.com/
References: http://www.justinsamuel.com/2007/06/10/awbs-magic_quotes_gpc-off-sql-injection-and-xss-vulnerabilities/

————————————————————————–

Description:

Advanced Webhost Billing System (AWBS) contains multiple SQL injection and XSS
vulnerabilities due to a lack of user input validation.
Continue reading ‘Vulnerability: AWBS magic_quotes_gpc “Off” SQL Injection and XSS’

Vulnerability: AWBS Dedicated Server Info Visible to All Users

Published

justin

on June 10, 2007

in Security Vulnerabilities

. 0 Comments

Advisory: AWBS Dedicated Server Info Visible to All Users
Release Date: 2007-06-10
Last Modified: 2007-07-26
Author: Justin Samuel [http://www.justinsamuel.com]

Application: AWBS < 2.6.0
Severity: Less Critical
Impact: Disclosure of sensitive information
Vendor Status: Vendor released version 2.6.0 to address issue. Testing still needed to verify that issue is corrected.

Vendor: Total Online Solutions, Inc.
App. Website: http://www.awbs.com/
References: http://www.justinsamuel.com/2007/06/10/awbs-dedicated-server-info-visible-to-all-users-vulnerability/

————————————————————————–

Description:

Advanced Webhost Billing System (AWBS) allows any user access to the details of
all dedicated servers sold through AWBS.
Continue reading ‘Vulnerability: AWBS Dedicated Server Info Visible to All Users’

Vulnerability: ModernBill Insecure CURL Settings

Published

justin

on July 11, 2006

in Security Vulnerabilities

. 0 Comments

#################################################################

Vulnerability discovered by: Justin Samuel (www.justinsamuel.com)
Discovery Date: 2006-07-11
Severity: Less Critical
Impact: Exposure of sensitive information

Product: ModernBill
Affected Versions: 5.0.1
Vendor: ModernGigabyte, LLC (www.moderngigabyte.com)
Product Link: http://www.modernbill.com/

#################################################################
Continue reading ‘Vulnerability: ModernBill Insecure CURL Settings’

Justin Samuel

Archive for the 'Security Vulnerabilities' Category

Vulnerability: AWBS magic_quotes_gpc “Off” SQL Injection and XSS

Vulnerability: AWBS Dedicated Server Info Visible to All Users

Vulnerability: ModernBill Insecure CURL Settings

Pages

Categories

Recent Posts

General

Security