21 matches found
EUVD-2006-5490
Malware in sbrugna...
EUVD-2004-1412
Malware in sbrugna...
2BGal 2.5.1 - Remote SQL Injection Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/12083/info A remote SQL injection vulnerability reportedly affects 2Bgal. This issue is due to a failure of the application to properly sanitize user-supplied input prior to including it in an SQL query. An attacker may...
2BGal 3.1.2 phpinfo() Disclosure
========================================================================================== o 2BGal 3.1.2 phpinfo Disclosure Vulnerability Software : 2BGal version 3.1.2 Vendor : http://www.ben3w.com/ Download : http://www.ben3w.com/multimedia/devphp2bgal.php Author : NoGe Contact :...
Remote file inclusion
Multiple PHP remote file inclusion vulnerabilities in 2BGal 3.1.1 allow remote attackers to execute arbitrary PHP code via a URL in the langfilename parameter to 1 index.php or 2 backupdb.inc.php in admin/, or other unspecified files, different vectors than CVE-2006-5505. NOTE: this issue has bee...
CVE-2007-1852
Multiple PHP remote file inclusion vulnerabilities in 2BGal 3.1.1 allow remote attackers to execute arbitrary PHP code via a URL in the langfilename parameter to 1 index.php or 2 backupdb.inc.php in admin/, or other unspecified files, different vectors than CVE-2006-5505. NOTE: this issue has bee...
CVE-2007-1852
Multiple PHP remote file inclusion vulnerabilities in 2BGal 3.1.1 allow remote attackers to execute arbitrary PHP code via a URL in the langfilename parameter to 1 index.php or 2 backupdb.inc.php in admin/, or other unspecified files, different vectors than CVE-2006-5505. NOTE: this issue has bee...
CVE-2007-1852
CVE-2007-1852 affects 2BGal 3.1.1 with multiple PHP remote file inclusion vulnerabilities exposed via the URL parameter (lang_filename) to admin/index.php or admin/backupdb.inc.php (and other files). Root cause notes that lang_filename is defined before use, a detail disputed by CVE. Connected PT...
PT-2007-3204 · 2Bgal · 2Bgal
Name of the Vulnerable Software and Affected Versions: 2BGal version 3.1.1 Description: The issue allows remote attackers to execute arbitrary PHP code via a URL in the lang filename parameter to 1 "index.php" or 2 "backupdb.inc.php" in admin/, or other unspecified files. Recommendations: For 2BG...
2BGal 3.1.1 <= (admin/index.php) Remote File Include Vulnerability
=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+= 2BGal 3.1.1 = admin/index.php Remote File Include Vulnerability Script: 2BGal Version: 3.1.1 Download: http://www.ben3w.com/multimedia/2bgal.zip Discover: BorN To K!LL =+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+= Bug in:...
2bgal-rfi.txt
=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+= 2BGal 3.1.1 Code: require$langfilename; =+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+= ExploiT: wWw.site.cOm/path/admin/index.php?langfilename= BorN-SHell wWw.site.cOm/path/admin/backupdb.inc.php?langfilename= BorN-SHell...
2BGal 3.0 - adminconfiguration.inc.php Local File Inclusion
2BGal 3.0 - adminconfiguration.inc.php Local File Inclusion !/usr/bin/perl 2BGal 3.0 Remote Command Execution Exploit linK : http://www.ben3w.com/multimedia/devphp2bgal.php cod3d and f0unded by Kw3RLn from Romanian Security Team a.K.A http://RST-CREW.NET Contact: ciriboflacsATYaHOo.com or...
CVE-2006-5505
Multiple PHP file inclusion vulnerabilities in 2BGal 3.0 allow remote attackers to execute arbitrary PHP code via the lang parameter to 1 admin/configuration.inc.php, 2 admin/creeralbum.inc.php, 3 admin/changepwd.php.inc, and unspecified other files. NOTE: the provenance of this information is...
CVE-2006-5505
Multiple PHP file inclusion vulnerabilities in 2BGal 3.0 allow remote attackers to execute arbitrary PHP code via the lang parameter to 1 admin/configuration.inc.php, 2 admin/creeralbum.inc.php, 3 admin/changepwd.php.inc, and unspecified other files. NOTE: the provenance of this information is...
CVE-2006-5505
CVE-2006-5505 describes multiple PHP file inclusion vulnerabilities in 2BGal 3.0 that allow remote attackers to execute arbitrary PHP code via the lang parameter to several admin scripts (admin/configuration.inc.php, admin/creer_album.inc.php, admin/changepwd.php.inc, and other files). The underl...
CVE-2004-1415
SQL injection vulnerability in 1 dispalbum.php and possibly 2 dispimg.php in 2Bgal 2.4 and 2.5.1 allows remote attackers to execute arbitrary SQL commands via the idalbum parameter...
CVE-2004-1415
CVE-2004-1415 – 2BGal SQL Injection affects 2BGal photo gallery (versions 2.4 and 2.5.1) via the PHP script modules, notably disp_album.php (and possibly disp_img.php). The root cause is failure to sanitize the id_album parameter, allowing remote attackers to inject arbitrary SQL commands. Conseq...
CVE-2004-1415
SQL injection vulnerability in 1 dispalbum.php and possibly 2 dispimg.php in 2Bgal 2.4 and 2.5.1 allows remote attackers to execute arbitrary SQL commands via the idalbum parameter...
2bgalSQL.txt
2Bgal 2.5.1 SQL injection Vulnerability http://www.ben3w.com/ 12/22/2004 ---------------------------------------------------------------------- Description: ---------------------------------------------------------------------- 2Bgal is fully customizable photo gallery. It's seems to be vulnerabl...
2Bgal : 2.4 & 2.5.1 SQL injection Vulnerability
2Bgal 2.5.1 SQL injection Vulnerability http://www.ben3w.com/ 12/22/2004 ---------------------------------------------------------------------- Description: ---------------------------------------------------------------------- 2Bgal is fully customizable photo gallery. It's seems to be vulnerabl...