|
 |
| SecurityReason | ||
| WLB | ||
| Services | ||
| RSS | ||
| Corporate | ||
| Note | ||
If you have found a vulnerability, please send to our SecurityAlert Database : |
||
Home  SecurityAlert Database |
||||
SecurityAlert : 660 CVE : CVE-2006-1585 SecurityRisk : Medium  (About) Remote Exploit : Yes Local Exploit : No Exploit Given : Yes Credit : undefined1 Published : 01.04.2006
Advisory Text : advisory by undefined1_ @ bash-x.net/undef/ Mon Album 0.8.7 http://www.3dsrc.com/monalbum/ There are 2 sql injection flaws in MonAlbum 0.8.7. First in index.php (line 99) if (isset($_GET["pc"])) $pc = $_GET["pc"]; ... (no sanity checks) if (isset($pc) && $grech_inactive) $result = execute_requete("select id_rub, nom, commentaire from monalbum_rubrique where ( nom like "%$pc%" or commentaire like "%$pc%" ) and (id_rub_mere <> 0 and id_rub <> 0) limit " . $deb . ", ". ($ghor*$gvert)); The second flaw is located in the comments system in image_agrandir.php (line 228) $pnom = $_POST['pnom']; $pcourriel = $_POST['pcourriel']; $pcommentaire = $_POST['pcommentaire']; ... (no sanity checks) execute_requete("insert into monalbum_commentaire (id_image, nom, courriel, commentaire, date_com) values ($id_image, "$pnom","$pcourriel", "".addslashes($pcommentaire)."", "".date("Y-m-d")."" )");  Feedback : If you have additional information or notice any errors regarding this security advisory, please use contact form or email us at info()securityreason()com. |
||||
| Alert | ||
Multiple Vendors libc/gdtoa printf(3) Array Overrun
SecurityReason realised new advisory about vulnerabilities libc/gdtoa... |
||
| Apache |  |
|
» Apache Tomcat |
||
» Apache Tomcat User |
||
| PHP | |
|
» PHP |
||
- 2009-05-30| Copyright © SecurityReason.com. All Rights Reserved. |