13 matches found
EUVD-2008-6867
Malware in sbrugna...
EUVD-2008-6862
Malware in sbrugna...
EUVD-2008-6861
Malware in sbrugna...
Sql injection
Multiple SQL injection vulnerabilities in checkuser.php in 2532designs 2532|Gigs 1.2.2 Stable, when magicquotesgpc is disabled, allow remote attackers to execute arbitrary SQL commands via the 1 username and 2 password parameters, as accessible from a form generated by index.php...
CVE-2008-6907
Multiple SQL injection vulnerabilities in checkuser.php in 2532designs 2532|Gigs 1.2.2 Stable, when magicquotesgpc is disabled, allow remote attackers to execute arbitrary SQL commands via the 1 username and 2 password parameters, as accessible from a form generated by index.php...
CVE-2008-6907
Multiple SQL injection vulnerabilities in checkuser.php in 2532designs 2532|Gigs 1.2.2 Stable, when magicquotesgpc is disabled, allow remote attackers to execute arbitrary SQL commands via the 1 username and 2 password parameters, as accessible from a form generated by index.php...
CVE-2008-6907
CVE-2008-6907 affects 2532designs/2532|Gigs 1.2.2 Stable. Vulnerable component: checkuser.php; issue arises when magic_quotes_gpc is disabled. Attackers can manipulate the (1) username and (2) password parameters via the login form (index.php) to cause SQL injection. OpenVAS entries describe thes...
CVE-2008-6901
Multiple directory traversal vulnerabilities in 2532designs 2532|Gigs 1.2.2 Stable, when registerglobals is enabled and magicquotesgpc is disabled, allow remote attackers to include and execute arbitrary local files via a .. dot dot in the language parameter to 1 settings.php, 2 deleteuser.php, 3...
Unrestricted file upload
Unrestricted file upload vulnerability in uploadflyer.php in 2532designs 2532|Gigs 1.2.2 Stable allows remote attackers to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in flyers/...
CVE-2008-6901
CVE-2008-6901 maps to directory traversal vulnerabilities in 2532designs 2532|Gigs 1.2.2 Stable. The issue allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the language parameter to multiple PHP scripts (settings.php, deleteuser.php, mini_calendar.php, ma...
CVE-2008-6902
CVE-2008-6902 affects the 2532|Gigs product (2532designs) <= 1.2.2 Stable. The vulnerability is an unrestricted file upload in upload_flyer.php that allows a remote attacker to upload a file with an executable extension and access it under flyers/, potentially enabling arbitrary code execution...
CVE-2008-6199
2532designs 2532|Gigs 1.2.2 and earlier allows remote attackers to trigger a backup and obtain sensitive information via a direct request to backup.php, which creates backup.sql under the web root with insufficient access control...
CVE-2008-6199
The CVE affects 2532designs 2532|Gigs version 1.2.2 and earlier. A remote attacker can trigger a backup via a direct request to backup.php, which writes backup.sql in the web root with insufficient access control. This implies potential exposure of sensitive data. The provided documents do not sp...