Archive for the ‘Vulnerabilities’ Category

Vulnerability: AWBS magic_quotes_gpc “Off” SQL Injection and XSS

Posted on June 10, 2007, 9:01 am, by justin, under Vulnerabilities.

Advisory: AWBS magic_quotes_gpc “Off” SQL Injection and XSS Vulnerabilities Release Date: 2007-06-10 Last Modified: 2007-07-26 Author: Justin Samuel [http://www.justinsamuel.com] Application: AWBS < 2.6.0 Severity: Highly Critical Impact: Disclosure of sensitive information Cross site scripting Vendor Status: Vendor released version 2.6.0 to address issue. Testing still needed to verify that issue is corrected. Vendor: Total Online [...]

Tags: , ,
No Comments | Read the rest of this entry »

Vulnerability: AWBS Dedicated Server Info Visible to All Users

Posted on June 10, 2007, 9:00 am, by justin, under Vulnerabilities.

Advisory: AWBS Dedicated Server Info Visible to All Users Release Date: 2007-06-10 Last Modified: 2007-07-26 Author: Justin Samuel [http://www.justinsamuel.com] Application: AWBS < 2.6.0 Severity: Less Critical Impact: Disclosure of sensitive information Vendor Status: Vendor released version 2.6.0 to address issue. Testing still needed to verify that issue is corrected. Vendor: Total Online Solutions, Inc. App. [...]

Tags: ,
No Comments | Read the rest of this entry »

Vulnerability: ModernBill Insecure CURL Settings

Posted on July 11, 2006, 12:48 pm, by justin, under Vulnerabilities.

################################################################# Vulnerability discovered by: Justin Samuel (www.justinsamuel.com) Discovery Date: 2006-07-11 Severity: Less Critical Impact: Exposure of sensitive information Product: ModernBill Affected Versions: 5.0.1 Vendor: ModernGigabyte, LLC (www.moderngigabyte.com) Product Link: http://www.modernbill.com/ #################################################################

No Comments | Read the rest of this entry »