20 matches found
EUVD-2018-16975
Malware in sbrugna...
EUVD-2008-3774
Malware in sbrugna...
EUVD-2006-6076
Malware in sbrugna...
EUVD-2008-3772
Malware in sbrugna...
PicturesPro Photo Cart Arbitrary User Access Vulnerability
PicturesPro Photo Cart is a system for online trading of photos. A security vulnerability exists in PicturesPro Photo Cart versions 6 and 7. The vulnerability can be exploited by a remote attacker to gain access to arbitrary users with the help of a changed cookie...
Code injection
PicturesPro Photo Cart 6 and 7 before Security-Patch-2018-B allows remote attackers to access arbitrary customer accounts via a modified cookie, related to pchead.php, pclogin.php, and pcloginpage.php...
CVE-2018-5190
PicturesPro Photo Cart 6 and 7 before Security-Patch-2018-B allows remote attackers to access arbitrary customer accounts via a modified cookie, related to pchead.php, pclogin.php, and pcloginpage.php...
CVE-2018-5190
PicturesPro Photo Cart 6 and 7 before Security-Patch-2018-B allows remote attackers to access arbitrary customer accounts via a modified cookie, related to pchead.php, pclogin.php, and pcloginpage.php...
CVE-2018-5190
PicturesPro Photo Cart 6 and 7 before Security-Patch-2018-B allows remote attackers to access arbitrary customer accounts via a modified cookie, related to pchead.php, pclogin.php, and pcloginpage.php...
Sql injection
Multiple SQL injection vulnerabilities in PICTURESPRO Photo Cart 3.9, when magicquotesgpc is disabled, allow remote attackers to execute arbitrary SQL commands via the 1 qtitle, 2 qid, and 3 qyear parameters to a search.php, and the 4 email and 5 password parameters to b login.php...
Cross site scripting
Cross-site scripting XSS vulnerability in index.php in PICTURESPRO Photo Cart 3.9 allows remote attackers to inject arbitrary web script or HTML via the qtitle parameter aka "Gallery or event name" field in a search action...
CVE-2008-3788
Multiple SQL injection vulnerabilities in PICTURESPRO Photo Cart 3.9, when magicquotesgpc is disabled, allow remote attackers to execute arbitrary SQL commands via the 1 qtitle, 2 qid, and 3 qyear parameters to a search.php, and the 4 email and 5 password parameters to b login.php...
CVE-2008-3788
Multiple SQL injection vulnerabilities in PICTURESPRO Photo Cart 3.9, when magicquotesgpc is disabled, allow remote attackers to execute arbitrary SQL commands via the 1 qtitle, 2 qid, and 3 qyear parameters to a search.php, and the 4 email and 5 password parameters to b login.php...
CVE-2008-3786
The CVE-2008-3786 entry concerns a Cross-site Scripting (XSS) vulnerability in index.php of PICTURESPRO Photo Cart 3.9. The issue arises from the qtitle parameter (Gallery or event name) in a search action, where user-supplied input is not properly sanitized, enabling an attacker to inject arbitr...
CVE-2008-3788
CVE-2008-3788 affects PICTURESPRO Photo Cart 3.9. Multiple SQL injection vulnerabilities exist when magic_quotes_gpc is disabled. Attack vectors include remote requests to search.php with qtitle, qid, qyear and to _login.php with email/password, enabling arbitrary SQL execution. Overall CVSS 2.0 ...
PicturesPro Photo Cart SQL注入漏洞
BUGTRAQ ID: 30786 CNCAN ID:CNCAN-2008082207 PICTURESPRO Photo Cart是一款基于PHP的WEB应用程序。 PICTURESPRO Photo Cart不正确过滤用户提交的输入,远程攻击者可以利用漏洞进行SQL注入攻击,获得敏感信息或操作数据库。 问题是脚本对用户提交的WEB参数缺少过滤,提交恶意SQL查询作为参数数据,可更改原来的SQL逻辑,获得敏感信息或操作数据库。 PICTURESPRO Photo Cart 3.9 目前没有解决方案提供: http://www.picturespro.com/...
PicturesPro Photo Cart AdminPrint.PHP远程文件包含漏洞
PicturesPro Photo Cart是一款基于php的WEB应用程序。 PicturesPro Photo Cart不正确过滤用户提交的URI数据,远程攻击者可以利用漏洞以WEB进程权限执行任意命令。 问题是由于'AdminPrint.PHP'脚本对用户提交的WEB参数缺少过滤,提交恶意的远程服务器作为包含对象,可导致以WEB进程权限执行任意PHP代码。 PICTURESPRO Photo Cart 3.9 目前没有解决方案提供: http://www.picturespro.com/...
CVE-2006-6093
Multiple PHP remote file inclusion vulnerabilities in adminprint.php in PicturesPro Photo Cart 3.9 allow remote attackers to execute arbitrary PHP code via a URL in the 1 adminfolder and 2 path parameters...
CVE-2006-6093
CVE-2006-6093 affects PicturesPro Photo Cart 3.9. The flaw is in adminprint.php where remote PHP code execution is possible via a URL in the (1) admin_folder and (2) path parameters, exploiting PHP remote file inclusion. CVSS v2 base score 7.5 (HIGH) driven by network access, low attack complexit...
photocart39.txt
--0-1006808724-1164114500=:98901 Content-Type: text/plain; charset=iso-8859-1 Content-Transfer-Encoding: 8bit PhotoCart 3.9 adminprint.php Remote File Include Vulnerability Script site: http://www.picturespro.com/store/programs/129-photocart.html Dork : inurl :/PhotoCart/ Bug Found By : irvian...