Morocco Security Team

10 exploits Active since Mar 2006
CVE-2006-1557 EXPLOITDB text WRITEUP
X-Changer 0.2 - SQL Injection
Multiple SQL injection vulnerabilities in X-Changer 0.2 allow remote attackers to execute arbitrary SQL commands via the (1) from and (2) into parameters in a calculate action, and the (3) id parameter in an edit action to index.php.
CVE-2006-1995 EXPLOITDB text WORKING POC
Scry Gallery - Path Traversal
Directory traversal vulnerability in index.php in Scry Gallery 1.1 allows remote attackers to read arbitrary files via ".." sequences in the p parameter, which is not properly sanitized due to an rtrim function call with the arguments in the wrong order.
CVE-2006-1536 EXPLOITDB text WRITEUP
Phoetux.net PhxContacts <0.93.1 - SQL Injection
Multiple SQL injection vulnerabilities in Phoetux.net PhxContacts 0.93.1 beta and earlier allow remote attackers to execute arbitrary SQL commands via the (1) motclef and (2) nbr_line_view parameters in (a) carnet.php, and the (3) id_contact parameter in (b) contact_view.php.
CVE-2006-1536 EXPLOITDB text WRITEUP
Phoetux.net PhxContacts <0.93.1 - SQL Injection
Multiple SQL injection vulnerabilities in Phoetux.net PhxContacts 0.93.1 beta and earlier allow remote attackers to execute arbitrary SQL commands via the (1) motclef and (2) nbr_line_view parameters in (a) carnet.php, and the (3) id_contact parameter in (b) contact_view.php.
CVE-2006-1572 EXPLOITDB text WRITEUP
Oxygen 1.1.3 - SQL Injection
SQL injection vulnerability in post.php in Oxygen 1.1.3 allows remote attackers to execute arbitrary SQL commands via the fid parameter in a newthread action.
CVE-2006-1573 EXPLOITDB text WRITEUP
MediaSlash Gallery - RCE
PHP remote file inclusion vulnerability in index.php in MediaSlash Gallery allows remote attackers to execute arbitrary PHP code via a URL in the rub parameter (part of the $page_menu variable).
CVE-2006-2397 EXPLOITDB text WRITEUP
Gphotos - XSS
Multiple cross-site scripting (XSS) vulnerabilities in GPhotos 1.5 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) rep parameter to (a) index.php or (b) diapo.php or (2) image parameter to (c) affich.php. NOTE: item 1a might be resultant from directory traversal.
CVE-2006-2398 EXPLOITDB text WRITEUP
Gphotos < 1.5 - Path Traversal
Directory traversal vulnerability in index.php in GPhotos 1.5 and earlier allows remote attackers to read arbitrary files via a .. (dot dot) in the rep parameter.
CVE-2006-2397 EXPLOITDB text WRITEUP
Gphotos - XSS
Multiple cross-site scripting (XSS) vulnerabilities in GPhotos 1.5 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) rep parameter to (a) index.php or (b) diapo.php or (2) image parameter to (c) affich.php. NOTE: item 1a might be resultant from directory traversal.
CVE-2006-2397 EXPLOITDB text WRITEUP
Gphotos - XSS
Multiple cross-site scripting (XSS) vulnerabilities in GPhotos 1.5 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) rep parameter to (a) index.php or (b) diapo.php or (2) image parameter to (c) affich.php. NOTE: item 1a might be resultant from directory traversal.