Real Name | James Bercegay |
---|---|
Email address | private |
Website | www.gulftech.org |
First Active | 2003-12-23 |
Last Active | 2019-09-23 |
SquirrelMail versions 1.4.5-RC1 and below suffer from a variable overwriting flaw that can lead to further security issues.
dd93dad744255baae13b5e7d772f48087ad64980f12a51f292bbf9ebbc089175
Sitepanel2 versions 2.6.1 and below suffer from cross site scripting, directory traversal, and various file manipulation flaws.
bf1bec8fd01bb8241debc401e8eb81f226ce350eea7f6f5ab751654f1137bcfb
osTicket is susceptible to SQL injection vulnerabilities. All versions are affected.
342e3812e317e1b0abd7304b7bd758488e158450bc02ecdbc5034c31a27f2569
PHPXMLRPC is vulnerable to a very high risk remote PHP code execution vulnerability that may allow for an attacker to compromise a vulnerable webserver. The vulnerability is the result of unsanitized data being passed directly into an eval() call in the parseRequest() function of the XMLRPC server. Versions 1.1 and below are affected.
d532a52f4c4eceb2ed9ed85e0b453c9a1a6711801fbca08c4ff753d2696e5281
PEAR XML_RPC is vulnerable to a very high risk PHP code injection vulnerability due to unsanitized data being passed into an eval() call. Versions 1.3.0 and below are affected.
3793d7664e029e03c9787f198abb53e4415460735b9d7326c818daf85564aa6a
XOOPS versions 2.0.11 and below suffer from cross site scripting and SQL injection vulnerabilities.
995347caf747d52dca1138bd2c3907d98055ceab0134658d7840bc799b717b16
WordPress 1.5.1.2 XMLRPC Interface SQL injection exploit that allows for remote command execution.
0d2c48cea2bf0d696287eeafda65fcc517d602730a6e2070cae0a4bee4becbb2
WordPress versions 1.5.1.2 and below suffer from cross site scripting and SQL injection flaw.
0d9676599c50adec9da70f3ea1503329707c8994a189703f19cc5e715513bc65
UBB Threads versions 6.5.2 Beta and below are susceptible to cross site scripting, SQL injection, HTTP response splitting, and local file inclusion vulnerabilities.
03bac2769a62f36cb6fdc9f020883c7bde95626e6a76311cdfd26304409ccfb2
phpBB suffers from SQL injection vulnerabilities.
ca458f33b9f3016fe72402ab33dfbbd57fcb02856066cf26233223b8394b26ef
paFaq version 1.0 Beta 4 add administrator proof of concept exploit.
14d1fab8be7b49e5b3ddba7f95173d88d0bae71b6edfda345710df0777ec61e5
paFaq version 1.0 Beta 4 suffers from SQL injection and remote command execution vulnerabilities.
857e5523c32704ae5bef2804a3ddd90ad4b5070e6bc0a0ccbcfafb8a75be050f
paFileDB versions 3.1 and below suffer from multiple cross site scripting, SQL injection, and local file inclusion vulnerabilities.
0427960de653354efd8c4d33d81c78d90121dc6b3653b5afe2097495b775a352
FusionBB versions .11 Beta and earlier suffer from local file inclusion and SQL injection flaws.
24550f3df2baa0ef6d78a486eea8df52ca8d90111ec586881b6e272f2e6bfd8d
osCommerce versions 2.2-MS2 and below suffer from an HTTP response splitting vulnerability.
531b316f510afad812574cbcce1b9e82817e91becc82a9c728033ba7b98c441f
Invision Gallery versions prior to 1.3.1 suffer from cross site scripting and SQL injection vulnerabilities. Exploitation details included.
cab84da4a86eb75dd0850fa421865bc4a8a258f54008812d358752470a8235fa
Invision Blog versions prior to 1.1.2 Final suffer from cross site scripting and SQL injection vulnerabilities. Exploitation details provided.
7bef5c8eac4a95a9f16a59d1af902a88074e0c7960573fa8242abdbee636e191
eGroupewar versions below 1.0.0.007 suffer from multiple cross site scripting and SQL injection vulnerabilities.
17b0c9fae94df3b9ba7e1a7b70639e656620493755d4ff5de56650d241cc96c8
AZBB versions 1.0.07d and below suffer from arbitrary file deletion and enumeration flaws.
6306c8d12777015f47460895fa5507cfd12177435797106e750bf523bbff3697
ModernBill versions 4.3.0 and below suffer from file inclusion and cross site scripting vulnerabilities.
8172830d3e3f3a1b826acf07ac2c2a7b87cbce06b47b5f36cc43a041ac135017
Double Choco Latte versions 0.9.4.3 and below are vulnerable to a remote code execution due to unsafe eval() calls.
a6f3c4c7579830d982c789e45c0e507f819449ebd4898caf751de5bfd0a96616
There is a file inclusion and three SQL injection vulnerabilities in phpCoin versions 1.2.1b and below.
d6579531282b1a8088e4d5550da01401eba64f0a8ff0d86e00542107fdeb91a9
Kayako eSupport version 2.3 is susceptible to multiple cross site scripting attacks.
433bd9398ed07d24408452d9263c4e07d0a1558eff3bb4650a7e42616ed4146e
GulfTech Security Research - PhotoPost PHP versions 4.8.6 and below suffer from cross site scripting and SQL injection flaws. Sample exploitation given.
9164a527e96037d4f91e6259533d1963896e29011c65db9f5aa50c5115976686
GulfTech Security Research - ReviewPost PHP Pro versions below 2.84 suffer from cross site scripting and SQL injection attacks. Sample exploitation given.
1685976453b7ca1ae8a01d59a18c0a465312052235bf84006810e857c2489436