SOURCE: ScanAlert

February 07, 2007 09:25 ET

HACKER SAFE Labs Announces Five Zero Day Web Application Vulnerabilities

Vulnerabilities Plaguing Web Applications Common Targets for Hackers

NAPA, CA -- (MARKET WIRE) -- February 7, 2007 -- A week after its unveiling, HACKER SAFE Labs announced today the discovery of five security risks affecting a variety of common ecommerce software, ranging from business intelligence to CRM applications. These Server Side Include flaws in open source applications can, in some cases, lead to complete control of compromised systems.

"These five are the first in what will be on-going contributions to the IT security and vendor communities," said ScanAlert Vice President of Security Services Brett Oliphant, who directs HACKER SAFE Labs. "We look forward to acting as an active and responsible security researcher, as well as using discoveries such as these to continually refine our HACKER SAFE technology."

HACKER SAFE Labs conducts proprietary research to uncover new vulnerabilities and publishes these findings in the form of security advisories. Below is each affected product, the product type, and the severity of each vulnerability:

Product                   Product Type             Severity
                          ------------------------ ------------------------
                          Application framework
                          and content management
Blueshoes 4.5             system                   High
                          ------------------------ ------------------------
BROWSERCRM 4.615.11       Web-based CRM            High
                          ------------------------ ------------------------
PGOSD                     Object generator         Medium
                          ------------------------ ------------------------
                          PHP Code Snippet Library
                          stores favorite code
                          snippets, functions and
PHP-CSL                   classes                  High
                          ------------------------ ------------------------
PHP List                  Newsletter manager       High
                          ------------------------ ------------------------
Each vulnerability could allow an attacker to load and execute code on the targeted server. Upon validating the vulnerabilities, HACKER SAFE Labs personnel reported the discoveries to the respective vendors to address the vulnerabilities and issue remediation solutions. ScanAlert also updated its HACKER SAFE technology to protect its customers from possible exploitation of these security risks.

Vulnerability Disclosure Policy

Scan Alert's disclosure policy is designed to educate vendors of problems relating to their product(s), inform ScanAlert clients about the problem and possible mitigation strategies, and finally inform the public at large about the problem and mitigation options. ScanAlert believes that it is in the best interest of the security community when the vendor participates in the process of disclosure and has sufficient time to respond effectively. After providing vendors with ample opportunity to make changes to prevent exploitation in future releases, ScanAlert will formally and publicly release security advisories on its website and various security mailing lists (BugTraq, VulnWatch, Full-Disclosure, etc.).


ScanAlert's HACKER SAFE Labs is an in-house team of information security researchers tasked with discovering previously unknown security risks in ecommerce platforms and applications. HACKER SAFE Labs combines "in-the-lab" testing with data derived from the real-world security issues of tens of thousands of subscribers to ScanAlert's HACKER SAFE service, to contribute research and exploit prevention knowledge to the IT security community. To subscribe to information disclosures and announcements and reports, please visit

About ScanAlert

Founded in 2001 and headquartered in Napa, CA, ScanAlert secures organizations of all sizes against threats to their network infrastructure and then certifies them to the HACKER SAFE standard -- the world's Internet security benchmark. Offered as a Software as a Service (SaaS) solution, HACKER SAFE certification is used by more than 75,000 organizations, including ESPN, The American Red Cross, Toshiba, Warner Brothers, and well over half of the 500 largest online retailers in the USA. ScanAlert also operates HACKER SAFE Labs, the industry's only research group focused on ecommerce application security. More information is available at

Contact Information

  • ScanAlert Contact:

    Nigel Ravenhill
    Dir of Marketing Communications
    Tel: 707-224-7656 X1111