22 matches found
EUVD-2006-2859
Malware in sbrugna...
EUVD-2007-3057
Malware in sbrugna...
EUVD-2007-2954
Malware in sbrugna...
Particle Gallery 1.0 Search.PHP Cross-Site Scripting Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/24236/info Particle Gallery is prone to a cross-site scripting vulnerability because the application fails to properly sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script code in...
Sql injection
SQL injection vulnerability in viewimage.php in Particle Soft Particle Gallery 1.0.1 and earlier allows remote attackers to execute arbitrary SQL commands via the editcomment parameter, a different version and vector than CVE-2006-2862...
CVE-2007-3065
SQL injection vulnerability in viewimage.php in Particle Soft Particle Gallery 1.0.1 and earlier allows remote attackers to execute arbitrary SQL commands via the editcomment parameter, a different version and vector than CVE-2006-2862...
CVE-2007-3065
SQL injection vulnerability in viewimage.php in Particle Soft Particle Gallery 1.0.1 and earlier allows remote attackers to execute arbitrary SQL commands via the editcomment parameter, a different version and vector than CVE-2006-2862...
CVE-2007-3065
CVE-2007-3065 describes a SQL injection vulnerability in viewimage.php of Particle Gallery 1.0.1 and earlier. The vulnerability allows remote attackers to execute arbitrary SQL commands via the editcomment parameter (a vector/version different from CVE-2006-2862). Affected software is Particle Ga...
pg-sql.txt
!/usr/bin/php -q -d shortopentag=on setvar"COMMENTID", ""; if $GET"editcomment" "" $sql = "SELECT FROM " . $dbprefix . "comments WHERE commentid = " . dbSecure$GET"editcomment"; $cme = $db-execute$sql; if $usr-Access 1 || $SESSION"userid" == $cme-fields"userid" // allow user to edit the comment...
Particle Gallery <= 1.0.1 Remote SQL Injection Exploit
Exploit for unknown platform in category web applications ====================================================== Particle Gallery setvar"COMMENTID", ""; if $GET"editcomment" "" $sql = "SELECT FROM " . $dbprefix . "comments WHERE commentid = " . dbSecure$GET"editcomment"; $cme = $db-execute$sql; i...
Cross site scripting
Cross-site scripting XSS vulnerability in search.php in Particle Gallery 1.0.1 and earlier allows remote attackers to inject arbitrary web script or HTML via the order parameter...
CVE-2007-2962
Cross-site scripting XSS vulnerability in search.php in Particle Gallery 1.0.1 and earlier allows remote attackers to inject arbitrary web script or HTML via the order parameter...
CVE-2007-2962
Cross-site scripting XSS vulnerability in search.php in Particle Gallery 1.0.1 and earlier allows remote attackers to inject arbitrary web script or HTML via the order parameter...
CVE-2007-2962
CVE-2007-2962 affects Particle Gallery 1.0.1 and earlier, with a cross-site scripting vulnerability in search.php via the order parameter. The underlying issue is a reflected XSS allowing remote attackers to inject arbitrary script/HTML into victims’ browsers. Exploitation details are not provide...
Particle Gallery 1.0 - 'search.php' Cross-Site Scripting
source: https://www.securityfocus.com/bid/24236/info Particle Gallery is prone to a cross-site scripting vulnerability because the application fails to properly sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting use...
Particle Gallery 1.0 - search.php Cross-Site Scripting
Particle Gallery 1.0 - search.php Cross-Site Scripting source: https://www.securityfocus.com/bid/24236/info Particle Gallery is prone to a cross-site scripting vulnerability because the application fails to properly sanitize user-supplied input. An attacker may leverage this issue to execute...
Practicle Gallery 1.0.1 XSS
Application: Particle Gallery Web Site: http://www.particlesoft.net/particlegallery/ Versions: 1.0.1 and below Platform: linux, windows, freebsd, sun Bug: Cross site Scripting XSS Fix Available: No ------------------------------------------------------- 1 Introduction 2 Bug 3 The Code 4 Fix 5 Abo...
Particle Gallery v1.0.0
Homepage: http://www.particlesoft.net/particlegallery/ Effected files: viewimage.php viewalbum.php SQL Injection: http://www.example.com/viewimage.php?imageid=' XSS Vulnerability proof of concept: http://www.example.com/viewimage.php?imageid=iframe20src=http://evilsite.com/scriptlet.html Possible...
Sql injection
SQL injection vulnerability in viewimage.php in Particle Gallery 1.0.0 and earlier allows remote attackers to execute arbitrary SQL commands via the imageid parameter...
CVE-2006-2862
SQL injection vulnerability in viewimage.php in Particle Gallery 1.0.0 and earlier allows remote attackers to execute arbitrary SQL commands via the imageid parameter...