12 matches found
CVE-2026-30289
Tinybeans Private Family Album App v5.9.5-prod is affected by an arbitrary file overwrite vulnerability via the file import process. Multiple connected sources (Red Hat CVE, ENISA EUVD, NVD/NVD mirrors, CNNVD, CVE list) describe that attackers could overwrite critical internal files, potentially ...
EUVD-2017-2327
Malware in sbrugna...
EUVD-2017-2326
Malware in sbrugna...
Improper Privilege Management in opensource-socialnetwork/opensource-socialnetwork
💥 BUG unprivileged user can like to private album . 💥 IMPACT user who does not have permiison in private album still can comment in that album. 💥 STEP TO RERPODUCE There is two user called user-A and user-B.\ 1. First goto user-A account and create a private album . \ Lets album url is...
Improper Privilege Management in opensource-socialnetwork/opensource-socialnetwork
💥 BUG unprivileged user can comment to private album . 💥 IMPACT user who does not have permiison in private album still can comment in that album. 💥 STEP TO RERPODUCE There is two user called user-A and user-B.\ 1. First goto user-A account and create a private album . \ Lets album url is...
Piwigo Cross-Site Request Forgery Vulnerability
Piwigo is a web-based photo album software from the Piwigo team. The software supports photo publishing, management, multiple browsing options categories, tags, time, and more. A cross-site request forgery vulnerability exists in Piwigo 2.9.1 and earlier versions. A remote attacker can exploit th...
CVE-2017-10680
Cross-site request forgery CSRF vulnerability in Piwigo through 2.9.1 allows remote attackers to hijack the authentication of users for requests to change a private album to public via a crafted request...
CVE-2017-10679
Piwigo through 2.9.1 allows remote attackers to obtain sensitive information about the descriptive name of a permalink by examining the redirect URL that is returned in a request for the permalink ID number of a private album. The permalink ID numbers are easily guessed...
Design/Logic Flaw
Piwigo through 2.9.1 allows remote attackers to obtain sensitive information about the descriptive name of a permalink by examining the redirect URL that is returned in a request for the permalink ID number of a private album. The permalink ID numbers are easily guessed...
CVE-2017-10680
Cross-site request forgery CSRF vulnerability in Piwigo through 2.9.1 allows remote attackers to hijack the authentication of users for requests to change a private album to public via a crafted request...
cpg1414-sql.txt
table prefix\n"; print " - hostname\n"; print " - web dirname \n"; print " - force mode - '0' - for Off or "album number" for force mode On \n"; print " table prefix - prefix of sql tables\n"; print " example: " . $argv0 . " coppermine.site photo/ 1 cpg1410\n"; credits; / FUNCTIONS / if...
Coppermine Photo Gallery <= 1.4.14 Remote SQL Injection Exploit
No description provided by source. ?php RST/GHC PRIVATE CPG 1.4.10 sql injection exploit Date: 17.05.07 bug: SQL injection in private album function through array indexes with COOKIE errorreporting EERROR; iniset"maxexecutiontime",0; intro; if $argc 4 print " Usage: " . $argv0 . " host dir force...