146 matches found
CVE-2006-2890
Pixelpost 1-5rc1-2 and earlier are affected when register_globals is enabled. An attacker can set _SESSION["pixelpost_admin"] = 1 in admin scripts (e.g., admin/view_info.php) to gain administrator privileges and perform other attacks. No explicit remediation is provided in the provided documents.
Pixelpost index.php category Parameter SQL Injection
The remote host is running Pixelpost, a photo blog application based on PHP and MySQL. The version of Pixelpost installed on the remote fails to sanitize user-supplied input to the 'category' parameter of the 'index.php' script before using it to construct database queries. Provided PHP's...
pixelpost_15rc1-2.txt
!/usr/bin/php -q -d shortopentag=on ? echo "Pixelpost = 1-5rc1-2 privilege escalation exploit\r\n"; echo "by rgod [email protected]\r\n"; echo "site: http://retrogod.altervista.org\r\n"; echo "dork: pixelpost "RSS 2.0" "ATOM feed" "Valid xHTML / Valid CSS"\r\n\r\n"; / works with:...
Pixelpost <= 1-5rc1-2 Remote Privilege Escalation Exploit
No description provided by source. !/usr/bin/php -q -d shortopentag=on ? echo "Pixelpost = 1-5rc1-2 privilege escalation exploit\r\n"; echo "by rgod [email protected]\r\n"; echo "site: http://retrogod.altervista.org\r\n"; echo "dork: pixelpost "RSS 2.0" "ATOM feed" "Valid xHTML / Valid...
PixelPost 1-5rc1-2 - Privilege Escalation
PixelPost 1-5rc1-2 - Privilege Escalation !/usr/bin/php -q -d shortopentag=on ? echo "Pixelpost = 1-5rc1-2 privilege escalation exploit\r\n"; echo "by rgod [email protected]\r\n"; echo "site: http://retrogod.altervista.org\r\n"; echo "dork: pixelpost "RSS 2.0" "ATOM feed" "Valid xHTML / Valid...
Pixelpost < 1.5 RC1 showimage Parameter SQL Injection
The remote host is running Pixelpost, a photo blog application based on PHP and MySQL. The version of Pixelpost installed on the remote host fails to sanitize input to the 'showimage' parameter of the 'index.php' script before using it to construct database queries. Provided PHP's 'magicquotesgpc...
CVE-2006-1104
Multiple SQL injection vulnerabilities in Pixelpost 1.5 beta 1 and earlier allow remote attackers to execute arbitrary SQL commands via 1 the showimage parameter in index.php; and the 2 USERAGENT, 3 HTTPREFERER, and 4 HTTPHOST HTTP header fields as used in the bookvistor function in...
CVE-2006-1105
Pixelpost 1.5 beta 1 and earlier allows remote attackers to obtain configuration information via a direct request to includes/phpinfo.php, which calls the phpinfo function. NOTE: the vendor has disputed some issues from the original disclosure, but due to the vagueness of the dispute, it is not...
Cross site scripting
Cross-site scripting XSS vulnerability in Pixelpost 1.5 beta 1 and earlier allows remote attackers to inject arbitrary web script or HTML via the 1 message, 2 name, 3 url, and 4 email parameters when commenting on a post. NOTE: the vendor has disputed some issues from the original disclosure, but...
Sql injection
Multiple SQL injection vulnerabilities in Pixelpost 1.5 beta 1 and earlier allow remote attackers to execute arbitrary SQL commands via 1 the showimage parameter in index.php; and the 2 USERAGENT, 3 HTTPREFERER, and 4 HTTPHOST HTTP header fields as used in the bookvistor function in...
CVE-2006-1106
Cross-site scripting XSS vulnerability in Pixelpost 1.5 beta 1 and earlier allows remote attackers to inject arbitrary web script or HTML via the 1 message, 2 name, 3 url, and 4 email parameters when commenting on a post. NOTE: the vendor has disputed some issues from the original disclosure, but...
Design/Logic Flaw
Pixelpost 1.5 beta 1 and earlier allows remote attackers to obtain configuration information via a direct request to includes/phpinfo.php, which calls the phpinfo function. NOTE: the vendor has disputed some issues from the original disclosure, but due to the vagueness of the dispute, it is not...
CVE-2006-1104
Multiple SQL injection vulnerabilities in Pixelpost 1.5 beta 1 and earlier allow remote attackers to execute arbitrary SQL commands via 1 the showimage parameter in index.php; and the 2 USERAGENT, 3 HTTPREFERER, and 4 HTTPHOST HTTP header fields as used in the bookvistor function in...
CVE-2006-1106
The CVE-2006-1106 issue concerns a Cross-site Scripting (XSS) vulnerability in Pixelpost versions 1.5 beta 1 and earlier. The vulnerability arises in the commenting path, where input fields (message, name, url, email) can be manipulated to inject arbitrary web script/HTML due to insufficient inpu...
CVE-2006-1105
CVE-2006-1105 affects Pixelpost 1.5 beta 1 and earlier. A direct request to includes/phpinfo.php causes the phpinfo function to reveal configuration information, exposing sensitive server details to remote attackers. The vendor disputes some aspects of the original disclosure, but the available d...
CVE-2006-1104
Pixelpost
CVE-2006-1106
Cross-site scripting XSS vulnerability in Pixelpost 1.5 beta 1 and earlier allows remote attackers to inject arbitrary web script or HTML via the 1 message, 2 name, 3 url, and 4 email parameters when commenting on a post. NOTE: the vendor has disputed some issues from the original disclosure, but...
CVE-2006-1105
Pixelpost 1.5 beta 1 and earlier allows remote attackers to obtain configuration information via a direct request to includes/phpinfo.php, which calls the phpinfo function. NOTE: the vendor has disputed some issues from the original disclosure, but due to the vagueness of the dispute, it is not...
pixelpostXSS.txt
New eVuln Advisory: Pixelpost Photoblog XSS Vulnerability http://evuln.com/vulns/45/summary.html --------------------Summary---------------- Software: Pixelpost Photoblog Sowtware's Web Site: http://www.pixelpost.org/ Versions: 1.4.3 Critical Level: Moderate Type: Cross-Site Scripting Class: Remo...
[eVuln] Pixelpost Photoblog XSS Vulnerability
New eVuln Advisory: Pixelpost Photoblog XSS Vulnerability http://evuln.com/vulns/45/summary.html --------------------Summary---------------- Software: Pixelpost Photoblog Sowtware's Web Site: http://www.pixelpost.org/ Versions: 1.4.3 Critical Level: Moderate Type: Cross-Site Scripting Class: Remo...