Crafty Syntax Live Help 2.9.9 - Multiple Remote File Inclusions

source: https://www.securityfocus.com/bid/20711/info Crafty Syntax Live Help is prone to multiple remote file-include vulnerabilities because it fails to sufficiently sanitize user-supplied data. Exploiting these issues may allow an attacker to compromise the application and the underlying system...

Invision Gallery 2.0.7 - readfile() SQL Injection

Invision Gallery 2.0.7 - readfile SQL Injection / | || || | | |/ / | || | | / - | | ' 2.0.7 ReadFile & SQL injection exploit +-------------+ | Uzage: | +-------------+ + ReadFile: - syntax: readfile 1 readfile 2 // try it if readfile1 failed ; - params: - path to local file ../file, for example:...

Invision Gallery <= 2.0.7 ReadFile() & SQL Injection Exploit

No description provided by source. / | || || | | |/ / | || | | / - | | ' | ' | / | ' \ - |||||||\|||, |||// hellknights.void.ru |/ coded by 1nf3ct0r Invision Gallery = 2.0.7 ReadFile & SQL injection exploit +-------------+ | Uzage: | +-------------+ + ReadFile: - syntax: readfile 1 host...

blsXSS.txt

----------------------------------------------------------------------------------------- Found by: PrOtOn & digi7al64 Date: May 20th 2006 Critical Level: High Type: Multiple Cross Site Scripting XSS vunerabilities...

DSA-1134-1 mozilla-thunderbird - several vulnerabilities

Bulletin has no description...

[SECURITY] [DSA 1118-1] New Mozilla packages fix several vulnerabilities

-------------------------------------------------------------------------- Debian Security Advisory DSA 1118-1 [email protected] http://www.debian.org/security/ Martin Schulze July 22nd, 2006 http://www.debian.org/security/faq -...

"View Image" local resource linking (Windows) — Mozilla

Normally Mozilla-based clients prevent web content from linking to local files but Eric Foley reports a partial bypass of this restriction by using Windows filename syntax on a Windows computer rather than a file:/// URL as the SRC= attribute. The image will not be loaded on the web page--it will...

PT-2006-2923 · Ethereal · Ethereal

Name of the Vulnerable Software and Affected Versions: Ethereal versions 0.9.x through 0.10.14 Description: The issue allows remote attackers to cause a denial of service, resulting in a crash due to a null dereference. This can be achieved via an invalid display filter or through various...

Design/Logic Flaw

newimage.php in Eric Gerdes Crafty Syntax Image Gallery CSIG aka PHP thumbnail Photo Gallery 3.1g and earlier allows remote authenticated users to upload and execute arbitrary PHP code via a multipart/form-data POST with a .jpg filename in the fullimage parameter and the ext parameter set to .php...

CVE-2006-1667

Summary: CVE-2006-1667 affects Eric Gerdes Crafty Syntax Image Gallery (CSIG) up to version 3.1g. The vulnerability is a SQL injection in slides.php caused when the variable $projectid is less than 1, which prevents the limitquery_s parameter from being set. This enables remote authenticated user...

PT-2006-2662 · Eric Gerdes · Crafty Syntax Image Gallery

Name of the Vulnerable Software and Affected Versions: Eric Gerdes Crafty Syntax Image Gallery CSIG versions 3.1g and earlier Description: The issue allows remote authenticated users to upload and execute arbitrary PHP code. This can be achieved by sending a multipart/form-data POST request with ...

Crafty Syntax Image Gallery <= 3.1g Remote Code Execution Exploit

No description provided by source. !/usr/bin/perl This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 2 of the License, or at your option any later version. This...

Crafty Syntax Image Gallery <= 3.1g Remote Code Execution Exploit

Exploit for unknown platform in category web applications ================================================================= Crafty Syntax Image Gallery = 4.0 + creating user account + user: 98fe56123 password: 7652L4M3l39q email: emai...

Crafty Syntax Image Gallery 3.1g - Remote Code Execution

Crafty Syntax Image Gallery 3.1g - Remote Code Execution !/usr/bin/perl This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 2 of the License, or at your option any...

CVE-2006-0727

CVE-2006-0727 describes a SQL injection in mstrack.php of MusOX DF MSAnalysis (DFMSA), used with CPG-Nuke Dragonfly CMS. An attacker can trigger path disclosure via a SQL syntax error and may be able to execute arbitrary SQL commands. The affected software is MusOX DF MSAnalysis as used in Dragon...

CVE-2006-0590

MyTopix 1.2.3 allows remote attackers to obtain the installation path via an invalid hl parameter to index.php, which leads to path disclosure, possibly related to invalid SQL syntax...

Path traversal

MyTopix 1.2.3 allows remote attackers to obtain the installation path via an invalid hl parameter to index.php, which leads to path disclosure, possibly related to invalid SQL syntax...

CVE-2006-0590

MyTopix 1.2.3 allows remote attackers to obtain the installation path via an invalid hl parameter to index.php, which leads to path disclosure, possibly related to invalid SQL syntax...

CVE-2005-4346

Invalid SQL syntax error in blog.php in phpBB Blog 2.2.2 and earlier allows remote attackers to obtain the full path of the application via an invalid permalink parameter to index.php, which produces an invalid SQL query that leaks the full pathname in a SQL syntax error message. NOTE: this was...

CVE-2005-4346

Invalid SQL syntax error in blog.php in phpBB Blog 2.2.2 and earlier allows remote attackers to obtain the full path of the application via an invalid permalink parameter to index.php, which produces an invalid SQL query that leaks the full pathname in a SQL syntax error message. NOTE: this was...