{"published": "2012-05-13T00:00:00", "id": "1337DAY-ID-18261", "cvss": {"score": 0.0, "vector": "NONE"}, "history": [{"differentElements": ["sourceHref", "sourceData", "href"], "edition": 1, "lastseen": "2016-04-20T02:23:41", "bulletin": {"published": "2012-05-13T00:00:00", "id": "1337DAY-ID-18261", "cvss": {"score": 0.0, "vector": "NONE"}, "history": [], "enchantments": {"score": {"value": 3.6, "modified": "2016-04-20T02:23:41"}}, "hash": "9c6aff635ba649b6ff911249660b8ffab2985d3ed4dcac26d1ce9ce4cd1552d4", "description": "Exploit for php platform in category web applications", "type": "zdt", "lastseen": "2016-04-20T02:23:41", "edition": 1, "title": "Galette (picture.php) SQL Injection Vulnerability", "href": "http://0day.today/exploit/description/18261", "modified": "2012-05-13T00:00:00", "bulletinFamily": "exploit", "viewCount": 0, "cvelist": [], "sourceHref": "http://0day.today/exploit/18261", "references": [], "reporter": "Sofian Brabez", "sourceData": "Source: http://www.securityfocus.com/bid/53463/info\r\n \r\nGalette is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query.\r\n \r\nExploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.\r\n \r\nVersions prior to Galette 0.7.x are vulnerable.\r\n \r\nAttackers can use a browser to exploit this issue.\r\n \r\nThe following example URIs are available.\r\n \r\nhttp://server/picture.php?id_adh=0+and+1=0+union+select+@@version,null\r\n \r\nhttp://server/picture.php?id_adh=0+and+1=0+union+select+group_concat(table_name,char(10)),null+from+information_schema.tables\r\n\r\n\n\n# 0day.today [2016-04-20] #", "hashmap": [{"hash": "1e8ac2c9cf22a0dd889513ad692bd812", "key": "reporter"}, {"hash": "708697c63f7eb369319c6523380bdf7a", "key": "bulletinFamily"}, {"hash": "c0b483b1ef2cadddcf43c7e3f62ed4bf", "key": "sourceHref"}, {"hash": "0678144464852bba10aa2eddf3783f0a", "key": "type"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "references"}, {"hash": "abae37fe0a42c3f9280ea3b0751db9de", "key": "href"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "cvelist"}, {"hash": "dba09efb295c80f9a91a040bdbb62d55", "key": "title"}, {"hash": "8cd4821cb504d25572038ed182587d85", "key": "cvss"}, {"hash": "14748d74c62a742ddda9a1f39f57b8b5", "key": "sourceData"}, {"hash": "5a3be5e1d052b2a38da4280278e78b00", "key": "modified"}, {"hash": "5a3be5e1d052b2a38da4280278e78b00", "key": "published"}, {"hash": "8a1b9d67edd161eba6df1d6d4a1ba4bc", "key": "description"}], "objectVersion": "1.0"}}], "description": "Exploit for php platform in category web applications", "hash": "5096e7dd8784fe8e3baab78a7bf056e7c8c6c3a9f100ed668182d741bbf427c5", "enchantments": {"score": {"value": 7.5, "vector": "NONE"}, "dependencies": {"references": [], "modified": "2018-02-15T19:10:24"}, "vulnersScore": 7.5}, "type": "zdt", "lastseen": "2018-02-15T19:10:24", "edition": 2, "title": "Galette (picture.php) SQL Injection Vulnerability", "href": "https://0day.today/exploit/description/18261", "modified": "2012-05-13T00:00:00", "bulletinFamily": "exploit", "viewCount": 2, "cvelist": [], "sourceHref": "https://0day.today/exploit/18261", "references": [], "reporter": "Sofian Brabez", "sourceData": "Source: http://www.securityfocus.com/bid/53463/info\r\n \r\nGalette is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query.\r\n \r\nExploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.\r\n \r\nVersions prior to Galette 0.7.x are vulnerable.\r\n \r\nAttackers can use a browser to exploit this issue.\r\n \r\nThe following example URIs are available.\r\n \r\nhttp://server/[email\u00a0protected]@version,null\r\n \r\nhttp://server/picture.php?id_adh=0+and+1=0+union+select+group_concat(table_name,char(10)),null+from+information_schema.tables\r\n\r\n\n\n# 0day.today [2018-02-15] #", "hashmap": [{"hash": "708697c63f7eb369319c6523380bdf7a", "key": "bulletinFamily"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "cvelist"}, {"hash": "8cd4821cb504d25572038ed182587d85", "key": "cvss"}, {"hash": "8a1b9d67edd161eba6df1d6d4a1ba4bc", "key": "description"}, {"hash": "b124d196ec49e59f5dbae9542e8cc27b", "key": "href"}, {"hash": "5a3be5e1d052b2a38da4280278e78b00", "key": "modified"}, {"hash": "5a3be5e1d052b2a38da4280278e78b00", "key": "published"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "references"}, {"hash": "1e8ac2c9cf22a0dd889513ad692bd812", "key": "reporter"}, {"hash": "8479d8983e98d3d0ce9213b39363f826", "key": "sourceData"}, {"hash": "6a35f2e510a2a23c5b464e99121d8f0c", "key": "sourceHref"}, {"hash": "dba09efb295c80f9a91a040bdbb62d55", "key": "title"}, {"hash": "0678144464852bba10aa2eddf3783f0a", "key": "type"}], "objectVersion": "1.3"}

{"securityvulns": [{"lastseen": "2018-08-31T11:10:15", "bulletinFamily": "software", "description": "\r\nTITLE:\r\nImageMagick Utilities Image Filename Shell Command Injection\r\n\r\nSECUNIA ADVISORY ID:\r\nSA18261\r\n\r\nVERIFY ADVISORY:\r\nhttp://secunia.com/advisories/18261/\r\n\r\nCRITICAL:\r\nModerately critical\r\n\r\nIMPACT:\r\nSystem access\r\n\r\nWHERE:\r\n>From remote\r\n\r\nSOFTWARE:\r\nImageMagick 6.x\r\nhttp://secunia.com/product/3763/\r\n\r\nDESCRIPTION:\r\nFlorian Weimer has discovered a vulnerability in ImageMagick, which\r\npotentially can be exploited by malicious people to compromise a\r\nuser's system.\r\n\r\nThe vulnerability is caused due to an error in the delegate code used\r\nby various ImageMagick utilities (e.g. display, identify) when\r\nhandling an image filename. This can be exploited to execute\r\narbitrary commands when an image file with a filename containing\r\nshell command is opened either via the command line or from the file\r\nopen dialog box.\r\n\r\nSuccessful exploitation requires that the user is e.g. tricked into\r\ndownloading and saving an image file with a specially crafted\r\nfilename and opening it.\r\n\r\nThe vulnerability has been confirmed in version 6.2.5 compiled from\r\nsource (with default options). Other versions may also be affected.\r\n\r\nSOLUTION:\r\nDo not open image files with suspicious looking filenames.\r\n\r\nPROVIDED AND/OR DISCOVERED BY:\r\nFlorian Weimer\r\n\r\nORIGINAL ADVISORY:\r\nDebian:\r\nhttp://bugs.debian.org/cgi-bin/bugreport.cgi?bug=345238\r\n\r\n----------------------------------------------------------------------\r\n\r\nAbout:\r\nThis Advisory was delivered by Secunia as a free service to help\r\neverybody keeping their systems up to date against the latest\r\nvulnerabilities.\r\n\r\nSubscribe:\r\nhttp://secunia.com/secunia_security_advisories/\r\n\r\nDefinitions: (Criticality, Where etc.)\r\nhttp://secunia.com/about_secunia_advisories/\r\n\r\n\r\nPlease Note:\r\nSecunia recommends that you verify all advisories you receive by\r\nclicking the link.\r\nSecunia NEVER sends attached files with advisories.\r\nSecunia does not advise people to install third party patches, only\r\nuse those supplied by the vendor.\r\n", "modified": "2005-12-30T00:00:00", "published": "2005-12-30T00:00:00", "id": "SECURITYVULNS:DOC:10856", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:10856", "title": "[SA18261] ImageMagick Utilities Image Filename Shell Command Injection", "type": "securityvulns", "cvss": {"score": 0.0, "vector": "NONE"}}]}