18 matches found
EUVD-2008-3372
Malware in sbrugna...
EUVD-2018-6857
Malware in sbrugna...
CVE-2018-14975
An issue was discovered in QCMS 3.0.1. upload/System/Controller/backend/album.php has XSS...
Cross site scripting
An issue was discovered in QCMS 3.0.1. upload/System/Controller/backend/album.php has XSS...
CVE-2018-14975
An issue was discovered in QCMS 3.0.1. upload/System/Controller/backend/album.php has XSS...
Dream Gallery 1.0 SQL Injection
Dream Gallery 是国外一个相册程序,album.php 页面通过传入参数 id 的值来查看不同的专辑,由于没有对传入的 id 的值进行过滤,导致存在 SQL 注入,可获取数据名等。 分析 存在问题的文件位置: query "select from albuns order by albumname asc" -fetchAll; if $db-rows = 1 $albuns = $db-data; foreach $albuns as $album $a = object $album; $db-query "select from fotos where fotoalbu...
specialolympics.it XSS vulnerability
Vulnerable URL: http://www.specialolympics.it/europeanyouthgames2006/album.php?idnodo=6 Details: Description| Value ---|--- Patched:| Yes, at 22.11.2017 Latest check for patch:| 22.11.2017 14:43 GMT Vulnerability type:| XSS Vulnerability status:| Publicly disclosed Alexa Rank| 1843477 Google...
CMS ContWEB SQL Injection
Sql Injection on CMS ContWEB - ATI + Date: 02/07/2014 + CWE Number : CWE-89 + Risk: High + Author: Felipe Andrian Peixoto + Vendor Homepage: http://www.ati.pi.gov.br/ + Contact: [email protected] + Tested on: Windows 7 and Linux + Vulnerable File: album.php + Dork : inurl:album.php?id= +...
Yogurt Social Network 3.2 rc1 Module for XOOPS album.php uid Parameter XSS
No description provided by source...
camera life 2.6.2b4 (sql/xss) Multiple Vulnerabilities
No description provided by source. Cameralife 2.6.2b4 SQL/XSS Multiple Remote Vulnerabilities Script:Cameralife 2.6.2b4 Download:http://nchc.dl.sourceforge.net/sourceforge/fdcl/cameralife-2.6.2b4.zip Author:BackDoor Bug 1;album.php Remote SQL Injection Vulnerability...
ThinkSAAS 最新版SQL注入之一
简要描述: ThinkSAAS 最新版2.1,官方2月15日更新,SQL注入第一弹 详细说明: 文件/app/photo/action/album.php //批量修改执行 case "infodo": //用户是否登录 $userid = aac'user'-isLogin; $albumid = intval$POST'albumid'; $albumface = tsClean$POST'albumface';//进行了过滤,但未过滤完全 $arrPhotoId = intval$POST'photoid'; $arrPhotoDesc = $POST'photodesc';...
Lava SQL Injection
IRANIAN THE BEST HACKERS IN THE WORLD Remote SQL injection Vulnerability Lava newsitem.php?id album.php?id basket.php?baction AuTh0r : EhsanHp200 H0ME : www.ehsanhp.blogsky.com Email : [email protected] Vendor : http://www.lava.com.ua/ Persian Gulf 4 Ever! Dork : "Разработано в компании...
A1 Dezine New Zealand Sql Injection Vunerability
Exploit for php platform in category web applications + Exploit Title : A1 Dezine New Zealand web development Firm Sql Injection Vunerability Author : eXeSoul Contact : email protected Date : 14-02-2011 HomePage : www.indishell.in Version : all Tested on : stloop source Vulnerability Style : PHP...
DM FileManager 3.9.4 Remote File Inclusion
DM FileManager 3.9.4 Remote File Include Vulnerability + Author : Septemb0x + www.Cyber-Warrior.Org - Information Technology's World + Greetz : BARCOD3 And All Friends... + Dork : Yok Dork Mork :D + Download Script : http://uploaded.to/file/3z84ie + Product Site : http://www.dutchmonkey.com +...
Camera Life 2.6.2b4 - SQL Injection / Cross-Site Scripting
Cameralife 2.6.2b4 SQL/XSS Multiple Remote Vulnerabilities Script:Cameralife 2.6.2b4 Download:http://nchc.dl.sourceforge.net/sourceforge/fdcl/cameralife-2.6.2b4.zip Author:BackDoor Bug 1;album.php Remote SQL Injection Vulnerability...
Sql injection
SQL injection vulnerability in album.php in Atomic Photo Album APA 1.1.0pre4 allows remote attackers to execute arbitrary SQL commands via the apaalbumID parameter...
Unfixed XSS vulnerability at www.thriftstoreskiparty.com
Security researcher IHZTEAM, has submitted on 06/10/2008 a cross-site-scripting XSS vulnerability affecting www.thriftstoreskiparty.com, which at the time of submission ranked 0 on the web according to Alexa. We manually validated and published a mirror of this vulnerability on 13/09/2009. It is...
CVE-2008-1162
SQL injection vulnerability in album.php in PHP WEB SCRIPT Dynamic Photo Gallery 1.02 allows remote attackers to execute arbitrary SQL commands via the albumID parameter...