PHPMyBibli 1.32 Init.Inc.PHP Remote File Include Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/23599/info PHPMyBibli is prone to a remote file-include vulnerability because it fails to sufficiently sanitize user-supplied input. Exploiting this issue may allow an attacker to compromise the application and the...

Directory traversal

Multiple directory traversal vulnerabilities in PhpWebGallery 1.3.4 allow remote attackers to include and execute arbitrary local files via a .. dot dot in the 1 userlanguage and 2 usertemplate parameters to a init.inc.php, and b the userlanguage parameter to isadmin.inc.php...

CVE-2008-4702

Multiple directory traversal vulnerabilities in PhpWebGallery 1.3.4 allow remote attackers to include and execute arbitrary local files via a .. dot dot in the 1 userlanguage and 2 usertemplate parameters to a init.inc.php, and b the userlanguage parameter to isadmin.inc.php...

cpg-lfiexec.txt

authenticate; ... 301. // Process language selection if present in URI or in user profile or try 302. // autodetection if default charset is utf-8 303. if !empty$GET'lang' 304. 305. $USER'lang' = ereg"^a-z0-9-$", $GET'lang' ? $GET'lang' : $CONFIG'lang'; 306. 307. 308. if isset$USER'lang' &&...

Coppermine Photo Gallery 1.4.18 - Local File Inclusion Remote Code Execution

Coppermine Photo Gallery 1.4.18 - Local File Inclusion Remote Code Execution authenticate; ... 301. // Process language selection if present in URI or in user profile or try 302. // autodetection if default charset is utf-8 303. if !empty$GET'lang' 304. 305. $USER'lang' = ereg"^a-z0-9-$",...

pmb-rfi.txt

PHPMyBibli [email protected] Homepage: http://www.MoHaNdKo.cOm Exploit:Path/includes/init.inc.php?basepath=Shell Greetz To: Tryag-Team & AsbMay's Group & Xp10 TeAm & CiTy GhOsTs TeAm Greetz To: mY Love Dr.hacker BiG seso...

cpg_143_incl_xpl

this works regardless of any php.ini settings, you need a normal user account with upload rights in personal albums and at least one album usage: launch from Apache, fill in requested fields, then go! Sun-Tzu: "The direct and the indirect lead on to each other in turn. It is like moving in a...

CVE-2005-1172

CVE-2005-1172 describes a cross-site scripting (XSS) vulnerability in Coppermine Photo Gallery 1.3.x, specifically in the file init.inc.php. The issue allows remote attackers to inject arbitrary web script or HTML via the X-Forwarded-For parameter. Multiple connected sources corroborate this as a...