48 matches found
EUVD-2007-2363
Malware in sbrugna...
EUVD-2006-3280
Malware in sbrugna...
EUVD-2006-1676
Malware in sbrugna...
liquid.formedica.com.pl XSS vulnerability
Open Bug Bounty ID: OBB-544269 Description| Value ---|--- Affected Website:| liquid.formedica.com.pl Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1...
Piwigo 2.6.0 /picture.php SQL注入漏洞
/include/functionsrate.inc.php if !isset$rate or !$conf'rate' or !inarray$rate, $conf'rateitems' return false; …….. pwgquery$query; $query = ' INSERT INTO '.RATETABLE.' userid,anonymousid,elementid,rate,date VALUES ' .$user'id'.',' .'''.$anonymousid.'',' .$imageid.',' .$rate .',NOW ;';...
CVE-2014-9115
SQL injection vulnerability in the ratepicture function in include/functionsrate.inc.php in Piwigo before 2.5.5, 2.6.x before 2.6.4, and 2.7.x before 2.7.2 allows remote attackers to execute arbitrary SQL commands via the rate parameter to picture.php, related to an improper data type in a...
CVE-2014-9115
SQL injection vulnerability in the ratepicture function in include/functionsrate.inc.php in Piwigo before 2.5.5, 2.6.x before 2.6.4, and 2.7.x before 2.7.2 allows remote attackers to execute arbitrary SQL commands via the rate parameter to picture.php, related to an improper data type in a...
CVE-2014-9115
SQL injection vulnerability in the ratepicture function in include/functionsrate.inc.php in Piwigo before 2.5.5, 2.6.x before 2.6.4, and 2.7.x before 2.7.2 allows remote attackers to execute arbitrary SQL commands via the rate parameter to picture.php, related to an improper data type in a...
Piwigo 'rate' Parameter SQLi Vulnerability
Piwigo is prone to an SQL injection SQLi vulnerability. SPDX-FileCopyrightText: 2014 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:piwigo:piwigo";...
WebSPELL <= 4.01.02 (picture.php) File Disclosure Vulnerability
No description provided by source. WebSPELL = 4.01.02 picture.php Remote File Disclosure Vulnerability Discovered by: Trex Visit: www.Trex-Online.net / www.UnderGround.ag Comment: Happy easter! / \ / \ / / / \ \ / \ /\ // / GIVE ME A CARROT OR I WILL \ \O O/ \ BLOW UP YOUR HOUSE / / ^ \ / / /...
Lazarus Guestbook 1.6 picture.php img Parameter XSS
No description provided by source. source: http://www.securityfocus.com/bid/18956/info Lazarus Guestbook is prone to multiple cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input. An attacker may leverage these issues to have arbitrary script code execute...
webSPELL <= 4.2.0d Local File Disclosure Exploit (.c linux)
No description provided by source. / webSPELL = 4.2.0d Local File Disclosure Exploit .c linux by Juri Gianni aka yeat - stakerathotmaildotit Description ----------- webSPELL contains one flaw that allows an attacker to disclose a local file. The issue is due to 'picture.php' script not properly...
piwigo v.2.3.3 SQL Injector
Exploit for php platform in category web applications +--------------------------------------------------------------------------------------------------------------------------------+ Exploit Title : piwigo SQL comments.php?displaymode=albums SQL 1 myerror...
webSPELL <= 4.2.0d Local File Disclosure Exploit (.c linux)
No description provided by source. / webSPELL = 4.2.0d Local File Disclosure Exploit .c linux by Juri Gianni aka yeat - stakerathotmaildotit Description ----------- webSPELL contains one flaw that allows an attacker to disclose a local file. The issue is due to 'picture.php' script not properly...
webSPELL 4.2.0d (Linux) - Local File Disclosure
/ webSPELL ------------------------------ Possible Fix: $file = pregreplace'/^a-zA-Z0-9/','',addslashes$GET'id'; otherwise if $GET...
webSPELL 4.2.0d (Linux) - Local File Disclosure (C)
webSPELL 4.2.0d Linux - Local File Disclosure C / webSPELL ------------------------------ Possible Fix: $file = pregreplace'/^a-zA-Z0-9/','',addslashes$GET'id'; otherwise if $...
webSPELL 4.2.0d Local File Disclosure
/ webSPELL ------------------------------ Possible Fix: $file = pregreplace'/^a-zA-Z0-9/','',addslashes$GET'id'; otherwise if $GET'id' variable is an...
phpwebgallery-sql.txt
---------------------------------------------------------------- Script : PhpWebGallery 1.3.4 Type : Vulnerabilities blind sql injection Author : Stack Google Dork : inurl:"picture.php?cat=" "Powered by PhpWebGallery 1.3.4" ---------------------------------------------------------------- Download...
PhpWebGallery 1.3.4 (cat) Blind SQL Injection Vulnerability
No description provided by source. ---------------------------------------------------------------- Script : PhpWebGallery 1.3.4 Type : Vulnerabilities blind sql injection Author : Stack Google Dork : inurl:"picture.php?cat=" "Powered by PhpWebGallery 1.3.4"...
PHPWebGallery 1.3.4 - Blind SQL Injection (2)
!/usr/bin/perl -W PhpWebGallery 1.3.4 Blind SQL Injection Exploit Download: http://puzzle.dl.sourceforge.net/sourceforge/phpwebgallery/phpwebgallery-1.3.4.tar.bz2 File affected: picture.php exploit written by ka0x D.O.M Labs - Security Researchers - www.domlabs.org - ka0x@domlabs:/codes$...