MyBulletinBoard (MyBB) <= 1.2.3 - Remote Code Execution Exploit

No description provided by source. !/usr/bin/php ?php errorreportingEALL ^ ENOTICE; http://www.milw0rm.com/exploits/2012 They corrected not all a lot of SQL requests which use the ipaddress, with $db-escapestring. They don't corrected the function this is a choice ... the bad and they forgot to...

phpwebgallery-hijackexec.txt

$b'.$sort.';' 64. ; An attacker could be able to inject and execute PHP code through $GET'sort', that is passed to createfunction at line 63 see http://www.securityfocus.com/bid/31398. Only admin can access to the plugins management interface, but the attacker might be able to retrieve a valid...

PhpWebGallery <= 1.7.2 Session Hijacking / Code Execution Exploit

Exploit for unknown platform in category web applications ================================================================= PhpWebGallery $b'.$sort.';' 64. ; An attacker could be able to inject and execute PHP code through $GET'sort', that is passed to createfunction at line 63 see...