EUVD-2006-5042

Malware in sbrugna...

WordPress Portrait-Archiv.com Photostore 5.0.4 Cross Site Scripting Vulnerability

Exploit for php platform in category web applications WordPress Portrait-Archiv.com Photostore 5.0.4 Cross Site Scripting Vulnerability Class Input Validation Error Remote Yes Credit Ricardo Sanchez Vulnerable Portrait-Archiv.com Photostore 5.0.4 Portrait-Archiv.com is prone to a reflected...

Portrait-Archiv.com Photostore <= 3.1 - Unauthenticated Reflected XSS

The 'pDetails' GET parameter from the js/imageDetails.php was vulnerable to an unauthenticated reflected XSS attack. http://www.example.com/wp-content/plugins/portrait-archiv-shop/js/imageDetails.php?pDetails=;;alert"XSS"...

Portrait-Archiv.com Photostore <= 3.1 - Unauthenticated Reflected XSS

The 'pDetails' GET parameter from the js/imageDetails.php was vulnerable to an unauthenticated reflected XSS attack. PoC http://www.example.com/wp-content/plugins/portrait-archiv-shop/js/imageDetails.php?pDetails=;;alert"XSS"...

CVE-2016-4337

SQL injection vulnerability in the mgr.login.php file in Ktools.net Photostore before 4.7.5 allows remote attackers to execute arbitrary SQL commands via the email parameter in a recoverlogin action...

CVE-2016-4337

SQL injection vulnerability in the mgr.login.php file in Ktools.net Photostore before 4.7.5 allows remote attackers to execute arbitrary SQL commands via the email parameter in a recoverlogin action...

Ktools Photostore 4.7.5 - Blind SQL Injection

Ktools Photostore 4.7.5 - Blind SQL Injection Title : Ktools Photostore = 4.7.5 Pre-Authentication Blind SQL Injection CVE-ID : CVE-2016-4337 Google Dork: inurl:mgr.login.php Product : Photostore Affected : Versions prior to 4.7.5 Impact : Critical Remote : Yes Website link: http://www.ktools.net...

Ktools Photostore 4.7.5 - Blind SQL Injection

Title : Ktools Photostore = 4.7.5 Pre-Authentication Blind SQL Injection CVE-ID : CVE-2016-4337 Google Dork: inurl:mgr.login.php Product : Photostore Affected : Versions prior to 4.7.5 Impact : Critical Remote : Yes Website link: http://www.ktools.net Reported : 02/06/2016 Authors : Gal Goldshtei...

PhotoStore view_photog.php photogid Parameter XSS

No description provided by source. source: http://www.securityfocus.com/bid/20172/info Photostore is prone to multiple cross-site scripting vulnerabilities because it fails to sufficiently sanitize user-supplied input data. An attacker may leverage these issues to have arbitrary script code execu...

PhotoStore details.php gid Parameter XSS

No description provided by source. source: http://www.securityfocus.com/bid/20172/info Photostore is prone to multiple cross-site scripting vulnerabilities because it fails to sufficiently sanitize user-supplied input data. An attacker may leverage these issues to have arbitrary script code execu...

PhotoStore Arbitrary Shell upload Vulnerability

Exploit for php platform in category web applications Exploit Title:PhotoStore Arbitrary Shell upload Google Dork: "site:photocity.co.za" Exploit Author: Index Php Tested on: Windows, PHP 5.2 exploit "@$uploadfile", 'folder'='/'; curlsetopt$ch, CURLOPTRETURNTRANSFER, 1; $postResult = curlexec$ch;...

PhotoStore 4.0.7. Shell Upload

​ . \ /| | \ \ \ \ | | | | / \ / \ /\ / \ / / / / / \ /\ / \ / / / | | | Y \ / \ | | \ /\ \ \ | | /\ /\ / || || /\ \ /|| / /// \ /|| \ // / / / / / / http://tcc.sch.id ​ Exploit title : PhotoStore 4.0.7 shell upload Author : Gabby Dork : use ur brain ; Vendor Site :...

ktools-sql.txt

'/ -.- -------------------------oOO------OOo------------------------- | Ktools Photostore = v3.5.2 crumbs.php Remote SQL Injection | | works only with magic quotes = off | | coded by DNX | ----------------------------------------------------------------- ! Discovered.: DNX ! Vendor.....:...

Ktools PhotoStore &lt;= 3.5.2 Multiple SQL Injection Vulnerabilities

No description provided by source. '/ -.- -------------------------oOO------OOo------------------------- | Ktools Photostore = v3.5.2 crumbs.php Remote SQL Injection | | works only with magic quotes = off | | coded by DNX | ----------------------------------------------------------------- !...

Ktools PhotoStore <= 3.5.2 Multiple SQL Injection Vulnerabilities

Exploit for unknown platform in category web applications ================================================================= Ktools PhotoStore = 3.5.2 Multiple SQL Injection Vulnerabilities ================================================================= '/ -.-...

Ktools PhotoStore &lt;= 3.5.1 (gallery.php gid) SQL Injection Vulnerability

No description provided by source. Remote SQL Injection Vulnerability PhotoStore 3.4.3 gallery.php gid Script NAME : PhotoStore VERSION : 3.4.3 DOWNLOAD : http://www.ktools.net/ AuTh0r : Mr.SQL H0ME : WwW.PaL-HaCkEr.CoM Email : [email protected] D0rk :: n/a ; ExPlo!t For ADMIN INFO : ===...

CVE-2006-5057

Multiple cross-site scripting XSS vulnerabilities in Ktools.net PhotoStore allow remote attackers to inject arbitrary web script or HTML via the 1 gid parameter in details.php, or the 2 photogid parameter in viewphotog.php...

[SA22122] PhotoStore Cross-Site Scripting Vulnerabilities

TITLE: PhotoStore Cross-Site Scripting Vulnerabilities SECUNIA ADVISORY ID: SA22122 VERIFY ADVISORY: http://secunia.com/advisories/22122/ CRITICAL: Less critical IMPACT: Cross Site Scripting WHERE: From remote SOFTWARE: PhotoStore 2.x http://secunia.com/product/12118/ DESCRIPTION: meto5757 has...

CVE-2006-5057

Multiple cross-site scripting XSS vulnerabilities in Ktools.net PhotoStore allow remote attackers to inject arbitrary web script or HTML via the 1 gid parameter in details.php, or the 2 photogid parameter in viewphotog.php...

PhotoStore Multiple Cross-Site Scripting Vulnerabilities

PhotoStore Multiple Cross-Site Scripting Vulnerabilities ------------------------------------------------- site : http://www.ktools.net/photostore/ ------------------------------------------------- Exploiting these issues could allow an attacker to steal cookie-based authentication credentials an...