CVE-2022-27428

A stored cross-site scripting XSS vulnerability in /index.php/album/add of GalleryCMS v2.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the albumname parameter...

EUVD-2022-31931

Malicious code in bioql PyPI...

Plex Unpickle Dict Windows Remote Code Execution Exploit

This Metasploit module exploits an authenticated Python unsafe pickle.load of a Dict file. An authenticated attacker can create a photo library and add arbitrary files to it. After setting the Windows only Plex variable LocalAppDataPath to the newly created photo library, a file named Dict will b...

CVE-2008-0129

SQL injection vulnerability in starnet/addons/slideshowfull.php in Site@School 2.3.10 and earlier allows remote attackers to execute arbitrary SQL commands via the albumname parameter...

Site@School slideshow_full.php album_name Parameter SQL Injection

The remote host is running Site@School, an open source, PHP-based, content management system intended for primary schools. The version of this software installed on the remote host fails to sanitize user-supplied input to the 'albumname' parameter of the 'starnet/addons/slideshowfull.php' script...