31 matches found
CVE-2006-2912
CVE-2006-2912 affects SelectaPix 1.31. Multiple SQL injection vulnerabilities exist in the web interface: parameters albumID (view_album.php, index.php), imageID (popup.php), and username/password (admin/member.php). Remote attackers could inject SQL commands to access or modify the database. Pro...
[SA20134] SelectaPix Cross-Site Scripting and SQL Injection Vulnerabilities
---------------------------------------------------------------------- Want to join the Secunia Security Team? Secunia offers a position as a security specialist, where your daily work involves reverse engineering of software and exploit code, auditing of source code, and analysis of vulnerabilit...
Sql injection
SQL injection vulnerability in viewalbum.php in SelectaPix 1.4 allows remote attackers to execute arbitrary SQL commands via unknown vectors. NOTE: the provenance of this information is unknown; the details are obtained solely from third party sources...
CVE-2006-2722
SQL injection vulnerability in viewalbum.php in SelectaPix 1.4 allows remote attackers to execute arbitrary SQL commands via unknown vectors. NOTE: the provenance of this information is unknown; the details are obtained solely from third party sources...
CVE-2006-2722
CVE-2006-2722 : The connected documents confirm a SQL injection vulnerability in SelectaPix 1.4, affecting the view_album.php component. The vulnerability allows remote attackers to execute arbitrary SQL commands via unknown vectors. The exact exploit path, affected versions beyond 1.4, and remed...
CVE-2006-2722
SQL injection vulnerability in viewalbum.php in SelectaPix 1.4 allows remote attackers to execute arbitrary SQL commands via unknown vectors. NOTE: the provenance of this information is unknown; the details are obtained solely from third party sources...
SelectaPix System SQL Injection
SelectaPix System SQL Injection Vulnerabilities SpC-x Credit : SpC-X Site : http://www.Cyber-security.org Code : http://www.site.com/path/viewalbum.php?albumID=SQL Example : http://www.outofthetrees.co.uk/selectapix/demo/viewalbum.php?albumID=SQL /SpC-x -- Get your free email from...
Design/Logic Flaw
viewalbum.php in SelectaPix 1.31 and earlier allows remote attackers to obtain the installation path via a certain request, which displays the path in an error message, possibly due to an invalid or missing parameter...
CVE-2006-2463
viewalbum.php in SelectaPix 1.31 and earlier allows remote attackers to obtain the installation path via a certain request, which displays the path in an error message, possibly due to an invalid or missing parameter...
CVE-2006-2463
viewalbum.php in SelectaPix 1.31 and earlier allows remote attackers to obtain the installation path via a certain request, which displays the path in an error message, possibly due to an invalid or missing parameter...
CVE-2006-2463
CVE-2006-2463 affects SelectaPix 1.31 and earlier. The vulnerability stems from view_album.php where an invalid or missing parameter causes an error message to reveal the installation path, exposing sensitive directory information. The available sources confirm the affected product/version and th...