EUVD-2008-6862

Malware in sbrugna...

EUVD-2008-6867

Malware in sbrugna...

EUVD-2008-6861

Malware in sbrugna...

Sql injection

Multiple SQL injection vulnerabilities in checkuser.php in 2532designs 2532|Gigs 1.2.2 Stable, when magicquotesgpc is disabled, allow remote attackers to execute arbitrary SQL commands via the 1 username and 2 password parameters, as accessible from a form generated by index.php...

CVE-2008-6907

Multiple SQL injection vulnerabilities in checkuser.php in 2532designs 2532|Gigs 1.2.2 Stable, when magicquotesgpc is disabled, allow remote attackers to execute arbitrary SQL commands via the 1 username and 2 password parameters, as accessible from a form generated by index.php...

CVE-2008-6907

Multiple SQL injection vulnerabilities in checkuser.php in 2532designs 2532|Gigs 1.2.2 Stable, when magicquotesgpc is disabled, allow remote attackers to execute arbitrary SQL commands via the 1 username and 2 password parameters, as accessible from a form generated by index.php...

CVE-2008-6907

CVE-2008-6907 affects 2532designs/2532|Gigs 1.2.2 Stable. Vulnerable component: checkuser.php; issue arises when magic_quotes_gpc is disabled. Attackers can manipulate the (1) username and (2) password parameters via the login form (index.php) to cause SQL injection. OpenVAS entries describe thes...

Unrestricted file upload

Unrestricted file upload vulnerability in uploadflyer.php in 2532designs 2532|Gigs 1.2.2 Stable allows remote attackers to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in flyers/...

CVE-2008-6901

Multiple directory traversal vulnerabilities in 2532designs 2532|Gigs 1.2.2 Stable, when registerglobals is enabled and magicquotesgpc is disabled, allow remote attackers to include and execute arbitrary local files via a .. dot dot in the language parameter to 1 settings.php, 2 deleteuser.php, 3...

CVE-2008-6902

CVE-2008-6902 affects the 2532|Gigs product (2532designs) <= 1.2.2 Stable. The vulnerability is an unrestricted file upload in upload_flyer.php that allows a remote attacker to upload a file with an executable extension and access it under flyers/, potentially enabling arbitrary code execution...

CVE-2008-6901

CVE-2008-6901 maps to directory traversal vulnerabilities in 2532designs 2532|Gigs 1.2.2 Stable. The issue allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the language parameter to multiple PHP scripts (settings.php, deleteuser.php, mini_calendar.php, ma...

CVE-2008-6199

2532designs 2532|Gigs 1.2.2 and earlier allows remote attackers to trigger a backup and obtain sensitive information via a direct request to backup.php, which creates backup.sql under the web root with insufficient access control...

CVE-2008-6199

The CVE affects 2532designs 2532|Gigs version 1.2.2 and earlier. A remote attacker can trigger a backup via a direct request to backup.php, which writes backup.sql in the web root with insufficient access control. This implies potential exposure of sensitive data. The provided documents do not sp...