Security Information and Review

Collection of security information and review

Archive for November, 2009

CubeCart SQL Injection Vulnerability

Author : Admin

The latest vulnerabilities has been reported in CubeCart. With this vulnerability, an attacker can exploit CubeCart to manipulate and inject SQL queries. This vulnerability is caused input validation error in “includes/content/viewProd.inc.php” when processing the productId parameter. This issue is not going to happen if input passed to the productId parameter is properly sanitized before being used in SQL queries. This vulnerability is reported by sangteamtham and it’s confirmed in version 4.3.6 and prior versions may also be affected. … continue reading : CubeCart SQL Injection Vulnerability.

20 November 2009 at 06:58 - Comments

DOS Vulnerability in Home FTP Server

Author : Admin

Home FTP Server is a FTP Server program that allows use to share any files directly form our PC. With this program, we can build and implementation a FTP server easily. Home FTP Server use web based administration support, so we can manage, monitoring and add user very easy. Home FTP Server supports implicit or explicit Transport Secure Layer ( TSL ), virtual directories and banned IP address. Home FTP server has all feature that even some of the commercial FTP server but It’s free without any limitations and very efficient.

In November 16, 2009, a vulnerability has been discovered … continue reading : DOS Vulnerability in Home FTP Server.

18 November 2009 at 15:58 - Comments

Wordpress 2.8.5 XSS and File Upload Vulnerability

Author : Admin

The latest vulnerability was discovered on Wordpress v2.8.5 with XSS ( cross site scripting ) and file upload vulnerability. A security issue and vulnerability in Wordress, which can be exploited by an attacker with malicious code to conduct script insertion attacks and compromise a vulnerable system.

The first vulnerability issue is be caused by input passed not properly sanitized before being displayed to the user. … continue reading : Wordpress 2.8.5 XSS and File Upload Vulnerability.

15 November 2009 at 23:50 - Comments

The Latest Linksys WAP4400N Vulnerability

Author : Admin

Linksys WAP4400N uses the draft version of the upcoming 802.11n standard that is claimed with data transfer rate 300 Mbps. This access point has full feature such support HTTP/HTTPS protocol, SNMP v1, SNMP v2c or SNMP v3 and work at frequency 2.4 GHz. Others feature in this machine : DHCP support, load balancing, syslog, MAC filtering and others, support WPA, WPA2, WPA-PSK, 64-bit WEP and 128-bit WEP algorithm. Get more detail about this product at Cisco / Linksys web site.

The latest Linksys WAP4400N vulnerability was discovered. … continue reading : The Latest Linksys WAP4400N Vulnerability.

15 November 2009 at 23:13 - Comments