EUVD-2007-2639

Malware in sbrugna...

EUVD-2006-1586

Malware in sbrugna...

Monalbum 0.8.7 - Remote Code Execution Exploit

No description provided by source. ?php / \|/// \ - - // @ @ ----oOOo---oOOo--------------------------------------------------- Y! Underground Group [email protected] Dj7xpl.2600.ir ----ooooO-----Ooooo-------------------------------------------------- \ / \ /...

monalbum-exec.txt

"; if isset$mod //submit $fichier = "../conf/config.inc.php"; $fd = fopen$fichier, "w"; $gcfgBase = $POST'gcfgBase'; $gcfgUser = $POST'gcfgUser'; $gcfgPass = $POST'gcfgPass'; $gcfgHote = $POST'gcfgHote'; $gpage = $POST'gpage'; $grepertoire = $POST'grepertoire'; $gfond = $POST'gfond'; $gtitre =...

CVE-2007-2647

Static code injection vulnerability in admin/adminconfiguration.php in Monalbum 0.8.7 allows remote authenticated users to inject arbitrary PHP code into the conf/config.inc.php file via the 1 gadmpass, 2 gadmuser, 3 gcfgHote, 4 gcfgPass, 5 gcfgUser, 6 gclassementrep, 7 gcontour, 8 gfond, 9...

Code injection

Static code injection vulnerability in admin/adminconfiguration.php in Monalbum 0.8.7 allows remote authenticated users to inject arbitrary PHP code into the conf/config.inc.php file via the 1 gadmpass, 2 gadmuser, 3 gcfgHote, 4 gcfgPass, 5 gcfgUser, 6 gclassementrep, 7 gcontour, 8 gfond, 9...

CVE-2007-2647

CVE-2007-2647 affects Monalbum 0.8.7. A static code injection vulnerability in admin/admin_configuration.php allows remote authenticated users to inject arbitrary PHP code into conf/config.inc.php by manipulating one of 28 parameters (e.g., gadm_pass, gadm_user, gcfgBase, etc.). The NVD entry doc...

CVE-2007-2647

Static code injection vulnerability in admin/adminconfiguration.php in Monalbum 0.8.7 allows remote authenticated users to inject arbitrary PHP code into the conf/config.inc.php file via the 1 gadmpass, 2 gadmuser, 3 gcfgHote, 4 gcfgPass, 5 gcfgUser, 6 gclassementrep, 7 gcontour, 8 gfond, 9...

Monalbum 0.8.7 Remote Code Execution Exploit

No description provided by source. ?php / \|/// \ - - // @ @ ----oOOo---oOOo--------------------------------------------------- Y! Underground Group [email protected] Dj7xpl.2600.ir ----ooooO-----Ooooo-------------------------------------------------- \ / \ /...

Monalbum 0.8.7 - Remote Code Execution

Monalbum 0.8.7 - Remote Code Execution "; if isset$mod //submit $fichier = "../conf/config.inc.php"; $fd = fopen$fichier, "w"; $gcfgBase = $POST'gcfgBase'; $gcfgUser = $POST'gcfgUser'; $gcfgPass = $POST'gcfgPass'; $gcfgHote = $POST'gcfgHote'; $gpage = $POST'gpage'; $grepertoire =...

Monalbum 0.8.7 Remote Code Execution Exploit

Exploit for unknown platform in category web applications ============================================ Monalbum 0.8.7 Remote Code Execution Exploit ============================================ "; if isset$mod //submit $fichier = "../conf/config.inc.php"; $fd = fopen$fichier, "w"; $gcfgBase =...

Monalbum 0.8.7 - Remote Code Execution

"; if isset$mod //submit $fichier = "../conf/config.inc.php"; $fd = fopen$fichier, "w"; $gcfgBase = $POST'gcfgBase'; $gcfgUser = $POST'gcfgUser'; $gcfgPass = $POST'gcfgPass'; $gcfgHote = $POST'gcfgHote'; $gpage = $POST'gpage'; $grepertoire = $POST'grepertoire'; $gfond = $POST'gfond'; $gtitre =...

[SA19503] MonAlbum Multiple SQL Injection Vulnerabilities

TITLE: MonAlbum Multiple SQL Injection Vulnerabilities SECUNIA ADVISORY ID: SA19503 VERIFY ADVISORY: http://secunia.com/advisories/19503/ CRITICAL: Moderately critical IMPACT: Manipulation of data WHERE: From remote SOFTWARE: Monalbum 0.x http://secunia.com/product/9121/ DESCRIPTION: undefined1 h...

CVE-2006-1585

Multiple SQL injection vulnerabilities in MonAlbum 0.8.7 allow remote attackers to execute arbitrary SQL commands via 1 the pc parameter in a index.php and 2 pnom, 3 pcourriel, and 4 pcommentaire parameters in b imageagrandir.php...

Sql injection

Multiple SQL injection vulnerabilities in MonAlbum 0.8.7 allow remote attackers to execute arbitrary SQL commands via 1 the pc parameter in a index.php and 2 pnom, 3 pcourriel, and 4 pcommentaire parameters in b imageagrandir.php...

CVE-2006-1585

CVE-2006-1585 affects MonAlbum 0.8.7, with multiple SQL injection vulnerabilities exposing the app to remote command execution through user-supplied input in the following parameters: pc (index.php) and pnom , pcourriel , pcommentaire (image_agrandir.php). The root cause is unsafely constructed S...

CVE-2006-1585

Multiple SQL injection vulnerabilities in MonAlbum 0.8.7 allow remote attackers to execute arbitrary SQL commands via 1 the pc parameter in a index.php and 2 pnom, 3 pcourriel, and 4 pcommentaire parameters in b imageagrandir.php...

MonAlbum 0.8.7 SQL Injection

advisory by undefined1 @ bash-x.net/undef/ Mon Album 0.8.7 http://www.3dsrc.com/monalbum/ There are 2 sql injection flaws in MonAlbum 0.8.7. First in index.php line 99 if isset$GET"pc" $pc = $GET"pc"; ... no sanity checks if isset$pc && $grechinactive $result = executerequete"select idrub, nom,...