Categories

Applications (151)
Blogs (3)
Content Management (101)
Customer Relationship (2)
Discussion Boards (19)
E-Commerce (8)
General Purpose Directories (1)
Image Galleries (15)
Mailing Lists (1)
Tips (3)
Vulnerabilities (249)
Access Bypass (42)
Cross Site Scripting (94)
Denial Of Service (2)
File Inclusion (40)
Information Disclosure (13)
Privilege Escalation (2)
Remote Command Execution (12)
Session Hijacking (1)
SQL Injection (84)

Author Archive for KM Chow

Coppermine Photo Gallery YABBSE.INC.PHP Remote File Include Vulnerability

Published by KM Chow August 30th, 2007 in Applications, File Inclusion, Image Galleries and Vulnerabilities.

Application Affected :
Coppermine Photo Gallery 1.4
Coppermine Photo Gallery 1.3.4
Coppermine Photo Gallery 1.3.3
Coppermine Photo Gallery 1.3.2
Coppermine Photo Gallery 1.3.1

Vendor’s URL: CopperMine HomePage
Bug Type: Input Validation
Risk Level: Medium

Solution: The fix will be included in newer version of Coppermine Photo Gallery 1.4.2 .

WordPress PHP_Self Cross-Site Scripting Vulnerability

Published by KM Chow August 27th, 2007 in Applications, Blogs and Cross Site Scripting.

Application Affected:
WordPress WordPress 2.1.2
WordPress WordPress 2.1.1
WordPress WordPress 2.0.10
WordPress WordPress 2.0.7
WordPress WordPress 2.0.6
WordPress WordPress 2.0.5
WordPress WordPress 2.0.4
WordPress WordPress 2.0.3
WordPress WordPress 2.0.2
WordPress WordPress 2.0.1
WordPress WordPress 2.0
WordPress WordPress 2.2 Revision 5003
WordPress WordPress 2.2 Revision 5002
WordPress WordPress 2.1.3-RC1
WordPress WordPress 2.1
WordPress WordPress 2.0.10-RC1

Vendor’s URL: WordPress HomePage
Bug Type: Input Validation
Risk Level: Medium

Solution: The fix will be included in newer version of WordPress 2.2.2 .

Joomla Mod_Forum Component Remote File Inclusion

Published by KM Chow July 7th, 2007 in Content Management and File Inclusion.

Application: Joomla/Mambo component, com_forum com_forum 0
Vendor’s URL: Joomla & Mambo
Bug Type: File Inclusion
Risk Level: High

Solution:
Best practice for user is disable the component until the update of the component with latest version is available and deployed.

Wrapper.PHP for OsCommerce Local File Include Vulnerability

Published by KM Chow July 7th, 2007 in Applications, E-Commerce, File Inclusion and Vulnerabilities.

Application: OsCommerce 0
Vendor’s URL: http://www.oscommerce.com/
Bug Type: File Inclusion
Risk Level: High

Solution:
User must upgrade or migrate to latest version of OsCommerce.

About

Archive for KM Chow.

K.M.Chow functions as a Senior System Engineer. He has been using Microsoft based computer for a long time (since DOS 6.22) =) Currently, expanding his computer literacy in Linux and computer security. Like his peers can be contacted via helpdesk.

Longer entries are truncated. Click the headline of an entry to read it in its entirety.

Subscribe

Latest

Archives



Valid XHTML 1.0 Transitional