Lucene search
K

146 matches found

CVE
CVE
added 2006/06/07 10:0 a.m.45 views

CVE-2006-2890

Pixelpost 1-5rc1-2 and earlier are affected when register_globals is enabled. An attacker can set _SESSION["pixelpost_admin"] = 1 in admin scripts (e.g., admin/view_info.php) to gain administrator privileges and perform other attacks. No explicit remediation is provided in the provided documents.

5.1CVSS6.9AI score0.01456EPSS
Exploits1References5Affected Software1
Tenable Nessus
Tenable Nessus
added 2006/06/06 12:0 a.m.91 views

Pixelpost index.php category Parameter SQL Injection

The remote host is running Pixelpost, a photo blog application based on PHP and MySQL. The version of Pixelpost installed on the remote fails to sanitize user-supplied input to the 'category' parameter of the 'index.php' script before using it to construct database queries. Provided PHP's...

5.1CVSS5.7AI score0.01136EPSS
Exploits1References3
Packet Storm
Packet Storm
added 2006/06/05 12:0 a.m.24 views

pixelpost_15rc1-2.txt

!/usr/bin/php -q -d shortopentag=on ? echo "Pixelpost = 1-5rc1-2 privilege escalation exploit\r\n"; echo "by rgod [email protected]\r\n"; echo "site: http://retrogod.altervista.org\r\n"; echo "dork: pixelpost "RSS 2.0" "ATOM feed" "Valid xHTML / Valid CSS"\r\n\r\n"; / works with:...

7.4AI score
Exploits0
seebug.org
seebug.org
added 2006/06/03 12:0 a.m.47 views

Pixelpost <= 1-5rc1-2 Remote Privilege Escalation Exploit

No description provided by source. !/usr/bin/php -q -d shortopentag=on ? echo "Pixelpost = 1-5rc1-2 privilege escalation exploit\r\n"; echo "by rgod [email protected]\r\n"; echo "site: http://retrogod.altervista.org\r\n"; echo "dork: pixelpost "RSS 2.0" "ATOM feed" "Valid xHTML / Valid...

7.1AI score
Exploits0
exploitpack
exploitpack
added 2006/06/03 12:0 a.m.38 views

PixelPost 1-5rc1-2 - Privilege Escalation

PixelPost 1-5rc1-2 - Privilege Escalation !/usr/bin/php -q -d shortopentag=on ? echo "Pixelpost = 1-5rc1-2 privilege escalation exploit\r\n"; echo "by rgod [email protected]\r\n"; echo "site: http://retrogod.altervista.org\r\n"; echo "dork: pixelpost "RSS 2.0" "ATOM feed" "Valid xHTML / Valid...

0.3AI score
Exploits0
Tenable Nessus
Tenable Nessus
added 2006/03/13 12:0 a.m.66 views

Pixelpost < 1.5 RC1 showimage Parameter SQL Injection

The remote host is running Pixelpost, a photo blog application based on PHP and MySQL. The version of Pixelpost installed on the remote host fails to sanitize input to the 'showimage' parameter of the 'index.php' script before using it to construct database queries. Provided PHP's 'magicquotesgpc...

7.5CVSS6.2AI score0.01477EPSS
Exploits1References3
NVD
NVD
added 2006/03/09 1:6 p.m.15 views

CVE-2006-1104

Multiple SQL injection vulnerabilities in Pixelpost 1.5 beta 1 and earlier allow remote attackers to execute arbitrary SQL commands via 1 the showimage parameter in index.php; and the 2 USERAGENT, 3 HTTPREFERER, and 4 HTTPHOST HTTP header fields as used in the bookvistor function in...

7.5CVSS8.5AI score0.01477EPSS
Exploits1References7
NVD
NVD
added 2006/03/09 1:6 p.m.16 views

CVE-2006-1105

Pixelpost 1.5 beta 1 and earlier allows remote attackers to obtain configuration information via a direct request to includes/phpinfo.php, which calls the phpinfo function. NOTE: the vendor has disputed some issues from the original disclosure, but due to the vagueness of the dispute, it is not...

5CVSS6.3AI score0.01665EPSS
Exploits1References6
Prion
Prion
added 2006/03/09 1:6 p.m.11 views

Cross site scripting

Cross-site scripting XSS vulnerability in Pixelpost 1.5 beta 1 and earlier allows remote attackers to inject arbitrary web script or HTML via the 1 message, 2 name, 3 url, and 4 email parameters when commenting on a post. NOTE: the vendor has disputed some issues from the original disclosure, but...

4.3CVSS6.2AI score0.01976EPSS
Exploits0References6Affected Software1
Prion
Prion
added 2006/03/09 1:6 p.m.23 views

Sql injection

Multiple SQL injection vulnerabilities in Pixelpost 1.5 beta 1 and earlier allow remote attackers to execute arbitrary SQL commands via 1 the showimage parameter in index.php; and the 2 USERAGENT, 3 HTTPREFERER, and 4 HTTPHOST HTTP header fields as used in the bookvistor function in...

7.5CVSS8.9AI score0.01477EPSS
Exploits1References7Affected Software1
NVD
NVD
added 2006/03/09 1:6 p.m.18 views

CVE-2006-1106

Cross-site scripting XSS vulnerability in Pixelpost 1.5 beta 1 and earlier allows remote attackers to inject arbitrary web script or HTML via the 1 message, 2 name, 3 url, and 4 email parameters when commenting on a post. NOTE: the vendor has disputed some issues from the original disclosure, but...

4.3CVSS5.7AI score0.01976EPSS
Exploits0References6
Prion
Prion
added 2006/03/09 1:6 p.m.10 views

Design/Logic Flaw

Pixelpost 1.5 beta 1 and earlier allows remote attackers to obtain configuration information via a direct request to includes/phpinfo.php, which calls the phpinfo function. NOTE: the vendor has disputed some issues from the original disclosure, but due to the vagueness of the dispute, it is not...

5CVSS6.9AI score0.01665EPSS
Exploits1References6Affected Software1
Cvelist
Cvelist
added 2006/03/09 11:0 a.m.19 views

CVE-2006-1104

Multiple SQL injection vulnerabilities in Pixelpost 1.5 beta 1 and earlier allow remote attackers to execute arbitrary SQL commands via 1 the showimage parameter in index.php; and the 2 USERAGENT, 3 HTTPREFERER, and 4 HTTPHOST HTTP header fields as used in the bookvistor function in...

8.5AI score0.01477EPSS
Exploits1References7
CVE
CVE
added 2006/03/09 11:0 a.m.37 views

CVE-2006-1106

The CVE-2006-1106 issue concerns a Cross-site Scripting (XSS) vulnerability in Pixelpost versions 1.5 beta 1 and earlier. The vulnerability arises in the commenting path, where input fields (message, name, url, email) can be manipulated to inject arbitrary web script/HTML due to insufficient inpu...

4.3CVSS5.7AI score0.01976EPSS
Exploits0References6Affected Software1
CVE
CVE
added 2006/03/09 11:0 a.m.38 views

CVE-2006-1105

CVE-2006-1105 affects Pixelpost 1.5 beta 1 and earlier. A direct request to includes/phpinfo.php causes the phpinfo function to reveal configuration information, exposing sensitive server details to remote attackers. The vendor disputes some aspects of the original disclosure, but the available d...

5CVSS6.4AI score0.01665EPSS
Exploits1References6Affected Software1
CVE
CVE
added 2006/03/09 11:0 a.m.42 views

CVE-2006-1104

Pixelpost

7.5CVSS8.5AI score0.01477EPSS
Exploits1References7Affected Software1
Cvelist
Cvelist
added 2006/03/09 11:0 a.m.15 views

CVE-2006-1106

Cross-site scripting XSS vulnerability in Pixelpost 1.5 beta 1 and earlier allows remote attackers to inject arbitrary web script or HTML via the 1 message, 2 name, 3 url, and 4 email parameters when commenting on a post. NOTE: the vendor has disputed some issues from the original disclosure, but...

5.7AI score0.01976EPSS
Exploits0References6
Cvelist
Cvelist
added 2006/03/09 11:0 a.m.18 views

CVE-2006-1105

Pixelpost 1.5 beta 1 and earlier allows remote attackers to obtain configuration information via a direct request to includes/phpinfo.php, which calls the phpinfo function. NOTE: the vendor has disputed some issues from the original disclosure, but due to the vagueness of the dispute, it is not...

6.3AI score0.01665EPSS
Exploits1References6
Packet Storm
Packet Storm
added 2006/01/29 12:0 a.m.25 views

pixelpostXSS.txt

New eVuln Advisory: Pixelpost Photoblog XSS Vulnerability http://evuln.com/vulns/45/summary.html --------------------Summary---------------- Software: Pixelpost Photoblog Sowtware's Web Site: http://www.pixelpost.org/ Versions: 1.4.3 Critical Level: Moderate Type: Cross-Site Scripting Class: Remo...

7.4AI score
Exploits0
securityvulns
securityvulns
added 2006/01/29 12:0 a.m.47 views

[eVuln] Pixelpost Photoblog XSS Vulnerability

New eVuln Advisory: Pixelpost Photoblog XSS Vulnerability http://evuln.com/vulns/45/summary.html --------------------Summary---------------- Software: Pixelpost Photoblog Sowtware's Web Site: http://www.pixelpost.org/ Versions: 1.4.3 Critical Level: Moderate Type: Cross-Site Scripting Class: Remo...

1.2AI score
Exploits0
Rows per page
Query Builder