CVE-2008-2353

Directory traversal vulnerability in admin.php in GNU/Gallery 1.1.1.0 and earlier allows remote attackers to include and execute arbitrary local files via a .. dot dot in the show parameter...

CVE-2008-2353

Directory traversal vulnerability in admin.php in GNU/Gallery 1.1.1.0 and earlier allows remote attackers to include and execute arbitrary local files via a .. dot dot in the show parameter...

gnugallery-lfi.txt

--==+================================================================================+==-- --==+ GNU/Gallery Vulnerability: http://site.com/admin.php?show=../../../../../../../etc/passwd NOTE/TIP: fair amount of sites running, althou no good dork. GREETZ: milw0rm.com, h4ck-y0u.org, CipherCrew !...

GNU/Gallery <= 1.1.1.0 (admin.php) Local File Inclusion Vulnerability

No description provided by source. --==+================================================================================+==-- --==+ GNU/Gallery = 1.1.1.0 admin.php Local File Inclusion Vulnerability +==-- --==+================================================================================+==--...

Authentication flaw

Admin.php in Web Slider 0.6 allows remote attackers to bypass authentication and gain privileges by setting the admin cookie to 1...

CVE-2008-2282

admin.php in Internet Photoshow and Internet Photoshow Special Edition SE allows remote attackers to bypass authentication by setting the loginadmin cookie to true...

CVE-2008-2282

admin.php in Internet Photoshow and Internet Photoshow Special Edition SE allows remote attackers to bypass authentication by setting the loginadmin cookie to true...

CVE-2008-2297

The admin.php file in Rantx allows remote attackers to bypass authentication and gain privileges by setting the logininfo cookie to "", which is present in the password file and probably passes an insufficient comparison...

CVE-2008-2298

CVE-2008-2298 affects Web Slider 0.6. The vulnerability arises in Admin.php where a remote attacker can bypass authentication and gain elevated privileges by setting the admin cookie to 1. The issue is a cookie-based auth bypass, enabling unauthorized access to privileged functionality. The provi...

GNUGallery 1.1.1.0 - admin.php Local File Inclusion

GNUGallery 1.1.1.0 - admin.php Local File Inclusion --==+================================================================================+==-- --==+ GNU/Gallery Vulnerability: http://site.com/admin.php?show=../../../../../../../etc/passwd NOTE/TIP: fair amount of sites running, althou no good dor...

GNU/Gallery <= 1.1.1.0 (admin.php) Local File Inclusion Vulnerability

Exploit for unknown platform in category web applications ===================================================================== GNU/Gallery Vulnerability: http://site.com/admin.php?show=../../../../../../../etc/passwd NOTE/TIP: fair amount of sites running, althou no good dork. 0day.today 2018-04...

GNU/Gallery 1.1.1.0 - &#039;admin.php&#039; Local File Inclusion

--==+================================================================================+==-- --==+ GNU/Gallery Vulnerability: http://site.com/admin.php?show=../../../../../../../etc/passwd NOTE/TIP: fair amount of sites running, althou no good dork. GREETZ: milw0rm.com, h4ck-y0u.org, CipherCrew !...

internetphotoshow-cookie.txt

--==+================================================================================+==-- --==+ Internet Photoshow Special Edition Insecure Cookie Handling +==-- --==+================================================================================+==-- Discovered By: t0pP8uZz Discovered On: 14 M...

Cross site scripting

Cross-site scripting XSS vulnerability in admin.php in LifeType 1.2.8 allows remote attackers to inject arbitrary web script or HTML via the newBlogUserName parameter in an addBlogUser action, a different vector than CVE-2008-2178...

CVE-2008-2196

The CVE-2008-2196 entry concerns a Cross-Site Scripting (XSS) flaw in LifeType; specifically admin.php handles addBlogUser via the newBlogUserName parameter (LifeType 1.2.8). The vulnerability allows remote attackers to inject arbitrary script/HTML, a vector distinct from CVE-2008-2178. Public re...

CVE-2008-2196

Cross-site scripting XSS vulnerability in admin.php in LifeType 1.2.8 allows remote attackers to inject arbitrary web script or HTML via the newBlogUserName parameter in an addBlogUser action, a different vector than CVE-2008-2178...

Internet PhotoShow (Special Edition) - Insecure Cookie Handling

--==+================================================================================+==-- --==+ Internet Photoshow Special Edition Insecure Cookie Handling +==-- --==+================================================================================+==-- Discovered By: t0pP8uZz Discovered On: 14 M...

Cross site scripting

Cross-site scripting XSS vulnerability in admin.php in LifeType 1.2.7 allows remote attackers to inject arbitrary web script or HTML via the searchTerms parameter in an editArticleCategories operation aka an admin category search...

CVE-2008-2178

Technical details for CVE-2008-2178 are not publicly available in the provided documents; monitor for updates.

Sql injection

SQL injection vulnerability in admin/news.php in PHP Forge 3.0 beta 2 allows remote attackers to execute arbitrary SQL commands via the id parameter in the news module to admin.php...