MiniGal Nano 跨站脚本漏洞

MiniGal Nano is a PHP album program developed by Rybber’s individual developer. Versions of MiniGal Nano prior to 0.3.5 contained a cross-site scripting vulnerability. This vulnerability stemmed from the dir parameter in the index.php file, which allowed for reflective cross-site scripting,...

EUVD-2010-2718

Malware in sbrugna...

EUVD-2010-2719

Malware in sbrugna...

EUVD-2006-1839

Malware in sbrugna...

PHP Album <= 0.3.2.3 - Remote Command Execution Exploit

No description provided by source. !/usr/bin/php -q -d shortopentag=on ? echo PHP Album = 0.3.2.3 remote cmmnds xctn\r\n; echo by rgod [email protected]\r\n; echo site: http://retrogod.altervista.org\r\n; echo - this works with magicquotesgpc=Off & registerglobals=On\r\n; echo dork: \powered by...

TCW PHP Album Multiple Vulnerabilities

No description provided by source. 1 1 0 I'm L0rd CrusAd3r member from Inj3ct0r Team 1 1 0 0-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=1 Author: L0rd CrusAd3r aka VSN [email protected] Exploit Title: TCW PHP Album Multiple Vulnerability Vendor...

TCW PHP Album 'album' Parameter Multiple Vulnerabilities

TCW PHP Album is prone to multiple input validation vulnerabilities. SPDX-FileCopyrightText: 2010 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CVE-2010-2714

SQL injection vulnerability in photos/index.php in TCW PHP Album 1.0 allows remote attackers to execute arbitrary SQL commands via the album parameter...

CVE-2010-2715

Cross-site scripting XSS vulnerability in photos/index.php in TCW PHP Album 1.0 allows remote attackers to inject arbitrary web script or HTML via the album parameter...

Sql injection

SQL injection vulnerability in photos/index.php in TCW PHP Album 1.0 allows remote attackers to execute arbitrary SQL commands via the album parameter...

Cross site scripting

Cross-site scripting XSS vulnerability in photos/index.php in TCW PHP Album 1.0 allows remote attackers to inject arbitrary web script or HTML via the album parameter...

CVE-2010-2715

CVE-2010-2715 describes a cross-site scripting (XSS) vulnerability in TCW PHP Album 1.0, specifically in photos/index.php via the album parameter, allowing remote attackers to inject arbitrary web script/HTML. The NVD entry records a CVSSv2 base score of 4.3 (Medium). The connected OpenVAS entry ...

CVE-2010-2715

Cross-site scripting XSS vulnerability in photos/index.php in TCW PHP Album 1.0 allows remote attackers to inject arbitrary web script or HTML via the album parameter...

CVE-2010-2714

TCW PHP Album 1.0 is affected by an SQL injection in the photos/index.php handler, exploitable via the album parameter. Root cause: improper input handling on the album parameter leads to arbitrary SQL execution. Impact: remote attackers can run arbitrary SQL commands (no authentication required ...

TCW PHP Album SQL injection Vulnerabilty

Exploit for php platform in category web applications ======================================== TCW PHP Album SQL injection Vulnerabilty ======================================== Name : TCW PHP Album SQL iNjection Vulnerabilty Critical Level :VERY HIGH vendor URL...

TCW PHP Album - Multiple Vulnerabilities

1 1 0 I'm L0rd CrusAd3r member from Inj3ct0r Team 1 1 0 0-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=1 Author: L0rd CrusAd3r aka VSN [email protected] Exploit Title: TCW PHP Album Multiple Vulnerability Vendor url:http://tcwphpalbum.sourceforge.net/ Version:1...

TCW PHP Album - Multiple Vulnerabilities

TCW PHP Album - Multiple Vulnerabilities 1 1 0 I'm L0rd CrusAd3r member from Inj3ct0r Team 1 1 0 0-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=1 Author: L0rd CrusAd3r aka VSN [email protected] Exploit Title: TCW PHP Album Multiple Vulnerability Vendor...

Remote file inclusion

PHP remote file inclusion vulnerability in language.php in PHP Album 0.3.2.3, when registerglobals is enabled, allows remote attackers to execute arbitrary code via an FTP URL in the datadir parameter, which satisfies the fileexists function call...

PHP Album <= 0.3.2.3 Remote Command Execution Exploit

Exploit for unknown platform in category web applications ===================================================== PHP Album this works with magicquotesgpc=Off & registerglobals=On\r\n"; echo "dork: "powered by php photo album" -demo2 -pitanje\r\n\r\n"; if $argc "next", "IDPREV" = "previous",...

PHP Album 0.3.2.3 - Remote Command Execution

PHP Album 0.3.2.3 - Remote Command Execution !/usr/bin/php -q -d shortopentag=on this works with magicquotesgpc=Off & registerglobals=On\r\n"; echo "dork: "powered by php photo album" -demo2 -pitanje\r\n\r\n"; if $argc "next", "IDPREV" = "previous", "IDNEXTPAGE" = "next page", "IDPREVPAGE" =...