EUVD-2004-1412

Malware in sbrugna...

EUVD-2006-5490

Malware in sbrugna...

2BGal 2.5.1 - Remote SQL Injection Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/12083/info A remote SQL injection vulnerability reportedly affects 2Bgal. This issue is due to a failure of the application to properly sanitize user-supplied input prior to including it in an SQL query. An attacker may...

2BGal 3.1.2 phpinfo() Disclosure

========================================================================================== o 2BGal 3.1.2 phpinfo Disclosure Vulnerability Software : 2BGal version 3.1.2 Vendor : http://www.ben3w.com/ Download : http://www.ben3w.com/multimedia/devphp2bgal.php Author : NoGe Contact :...

CVE-2007-1852

Multiple PHP remote file inclusion vulnerabilities in 2BGal 3.1.1 allow remote attackers to execute arbitrary PHP code via a URL in the langfilename parameter to 1 index.php or 2 backupdb.inc.php in admin/, or other unspecified files, different vectors than CVE-2006-5505. NOTE: this issue has bee...

Remote file inclusion

Multiple PHP remote file inclusion vulnerabilities in 2BGal 3.1.1 allow remote attackers to execute arbitrary PHP code via a URL in the langfilename parameter to 1 index.php or 2 backupdb.inc.php in admin/, or other unspecified files, different vectors than CVE-2006-5505. NOTE: this issue has bee...

CVE-2007-1852

Multiple PHP remote file inclusion vulnerabilities in 2BGal 3.1.1 allow remote attackers to execute arbitrary PHP code via a URL in the langfilename parameter to 1 index.php or 2 backupdb.inc.php in admin/, or other unspecified files, different vectors than CVE-2006-5505. NOTE: this issue has bee...

CVE-2007-1852

CVE-2007-1852 affects 2BGal 3.1.1 with multiple PHP remote file inclusion vulnerabilities exposed via the URL parameter (lang_filename) to admin/index.php or admin/backupdb.inc.php (and other files). Root cause notes that lang_filename is defined before use, a detail disputed by CVE. Connected PT...

PT-2007-3204 · 2Bgal · 2Bgal

Name of the Vulnerable Software and Affected Versions: 2BGal version 3.1.1 Description: The issue allows remote attackers to execute arbitrary PHP code via a URL in the lang filename parameter to 1 "index.php" or 2 "backupdb.inc.php" in admin/, or other unspecified files. Recommendations: For 2BG...

2BGal 3.1.1 <= (admin/index.php) Remote File Include Vulnerability

=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+= 2BGal 3.1.1 = admin/index.php Remote File Include Vulnerability Script: 2BGal Version: 3.1.1 Download: http://www.ben3w.com/multimedia/2bgal.zip Discover: BorN To K!LL =+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+= Bug in:...

2bgal-rfi.txt

=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+= 2BGal 3.1.1 Code: require$langfilename; =+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+= ExploiT: wWw.site.cOm/path/admin/index.php?langfilename= BorN-SHell wWw.site.cOm/path/admin/backupdb.inc.php?langfilename= BorN-SHell...

2BGal 3.0 - adminconfiguration.inc.php Local File Inclusion

2BGal 3.0 - adminconfiguration.inc.php Local File Inclusion !/usr/bin/perl 2BGal 3.0 Remote Command Execution Exploit linK : http://www.ben3w.com/multimedia/devphp2bgal.php cod3d and f0unded by Kw3RLn from Romanian Security Team a.K.A http://RST-CREW.NET Contact: ciriboflacsATYaHOo.com or...

CVE-2006-5505

Multiple PHP file inclusion vulnerabilities in 2BGal 3.0 allow remote attackers to execute arbitrary PHP code via the lang parameter to 1 admin/configuration.inc.php, 2 admin/creeralbum.inc.php, 3 admin/changepwd.php.inc, and unspecified other files. NOTE: the provenance of this information is...

CVE-2006-5505

Multiple PHP file inclusion vulnerabilities in 2BGal 3.0 allow remote attackers to execute arbitrary PHP code via the lang parameter to 1 admin/configuration.inc.php, 2 admin/creeralbum.inc.php, 3 admin/changepwd.php.inc, and unspecified other files. NOTE: the provenance of this information is...

CVE-2006-5505

CVE-2006-5505 describes multiple PHP file inclusion vulnerabilities in 2BGal 3.0 that allow remote attackers to execute arbitrary PHP code via the lang parameter to several admin scripts (admin/configuration.inc.php, admin/creer_album.inc.php, admin/changepwd.php.inc, and other files). The underl...

CVE-2004-1415

CVE-2004-1415 – 2BGal SQL Injection affects 2BGal photo gallery (versions 2.4 and 2.5.1) via the PHP script modules, notably disp_album.php (and possibly disp_img.php). The root cause is failure to sanitize the id_album parameter, allowing remote attackers to inject arbitrary SQL commands. Conseq...

CVE-2004-1415

SQL injection vulnerability in 1 dispalbum.php and possibly 2 dispimg.php in 2Bgal 2.4 and 2.5.1 allows remote attackers to execute arbitrary SQL commands via the idalbum parameter...

CVE-2004-1415

SQL injection vulnerability in 1 dispalbum.php and possibly 2 dispimg.php in 2Bgal 2.4 and 2.5.1 allows remote attackers to execute arbitrary SQL commands via the idalbum parameter...

2bgalSQL.txt

2Bgal 2.5.1 SQL injection Vulnerability http://www.ben3w.com/ 12/22/2004 ---------------------------------------------------------------------- Description: ---------------------------------------------------------------------- 2Bgal is fully customizable photo gallery. It's seems to be vulnerabl...

2BGal disp_album.php id_album Parameter SQL Injection

The remote host appears to be running 2BGal, a photo gallery software written in PHP. There is a flaw in the 'dispalbum.php' script which fails to sanitize input to the 'idalbum' field. This may allow anyone to inject arbitrary SQL commands. An attacker could exploit this to obtain sensitive...