Morocco Security Team

10 exploits Active since Mar 2006
CVE-2006-1557 EXPLOITDB text WRITEUP
X-Changer 0.2 - SQL Injection via From/Into/ID Parameters
Multiple SQL injection vulnerabilities in X-Changer 0.2 allow remote attackers to execute arbitrary SQL commands via the (1) from and (2) into parameters in a calculate action, and the (3) id parameter in an edit action to index.php.
CVE-2006-1995 EXPLOITDB text WORKING POC
Scry Gallery 1.1 - Directory Traversal via p Parameter
Directory traversal vulnerability in index.php in Scry Gallery 1.1 allows remote attackers to read arbitrary files via ".." sequences in the p parameter, which is not properly sanitized due to an rtrim function call with the arguments in the wrong order.
CVE-2006-1536 EXPLOITDB text WRITEUP
Phoetux.net PhxContacts <0.93.1 - SQL Injection
Multiple SQL injection vulnerabilities in Phoetux.net PhxContacts 0.93.1 beta and earlier allow remote attackers to execute arbitrary SQL commands via the (1) motclef and (2) nbr_line_view parameters in (a) carnet.php, and the (3) id_contact parameter in (b) contact_view.php.
CVE-2006-1536 EXPLOITDB text WRITEUP
Phoetux.net PhxContacts <0.93.1 - SQL Injection
Multiple SQL injection vulnerabilities in Phoetux.net PhxContacts 0.93.1 beta and earlier allow remote attackers to execute arbitrary SQL commands via the (1) motclef and (2) nbr_line_view parameters in (a) carnet.php, and the (3) id_contact parameter in (b) contact_view.php.
CVE-2006-1572 EXPLOITDB text WRITEUP
Oxygen 1.1.3 - SQL Injection via fid Parameter in newthread Action
SQL injection vulnerability in post.php in Oxygen 1.1.3 allows remote attackers to execute arbitrary SQL commands via the fid parameter in a newthread action.
CVE-2006-1573 EXPLOITDB text WRITEUP
MediaSlash Gallery - Remote File Inclusion via rub Parameter
PHP remote file inclusion vulnerability in index.php in MediaSlash Gallery allows remote attackers to execute arbitrary PHP code via a URL in the rub parameter (part of the $page_menu variable).
CVE-2006-2397 EXPLOITDB text WRITEUP
GPhotos <= 1.5 - Cross-Site Scripting via rep or image Parameter
Multiple cross-site scripting (XSS) vulnerabilities in GPhotos 1.5 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) rep parameter to (a) index.php or (b) diapo.php or (2) image parameter to (c) affich.php. NOTE: item 1a might be resultant from directory traversal.
CVE-2006-2398 EXPLOITDB text WRITEUP
GPhotos < 1.5 - Directory Traversal via Rep Parameter
Directory traversal vulnerability in index.php in GPhotos 1.5 and earlier allows remote attackers to read arbitrary files via a .. (dot dot) in the rep parameter.
CVE-2006-2397 EXPLOITDB text WRITEUP
GPhotos <= 1.5 - Cross-Site Scripting via rep or image Parameter
Multiple cross-site scripting (XSS) vulnerabilities in GPhotos 1.5 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) rep parameter to (a) index.php or (b) diapo.php or (2) image parameter to (c) affich.php. NOTE: item 1a might be resultant from directory traversal.
CVE-2006-2397 EXPLOITDB text WRITEUP
GPhotos <= 1.5 - Cross-Site Scripting via rep or image Parameter
Multiple cross-site scripting (XSS) vulnerabilities in GPhotos 1.5 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) rep parameter to (a) index.php or (b) diapo.php or (2) image parameter to (c) affich.php. NOTE: item 1a might be resultant from directory traversal.