Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
freebsdFreeBSD756DB070-B9D4-11D9-AE81-000AE42E9B93
HistoryApr 18, 2005 - 12:00 a.m.

coppermine -- IP spoofing and XSS vulnerability

2005-04-1800:00:00
vuxml.freebsd.org
18

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

EPSS

0.002

Percentile

64.9%

JSON

GHC team reports about coppermine

The lack of sanitizing of user defined variables may
result in undesirable consequences such as IP spoofing
or XSS attack.
Generally users of Coppermine Gallery can post comments.
Remote address & x-forwarded-for variables are logged
for admin’s eyes. X-Forwarded-for variable does not pass
throu any filtration before logging into database. User
can define/redefine this variable.

OSVersionArchitecturePackageVersionFilename
FreeBSDanynoarchcoppermine< 1.3.2UNKNOWN

Related

openvas 2
cve 1
nessus 2
cvelist 1
nvd 1
openvas
openvas
FreeBSD Ports: coppermine
2008-09-04 00:00:00
FreeBSD Ports: coppermine
2008-09-04 00:00:00
cve
cve
CVE-2005-1172
2005-05-02 04:00:00
nessus
nessus
Coppermine Photo Gallery init.inc.php X-Forwarded-For XSS
2005-04-18 00:00:00
FreeBSD : coppermine -- IP spoofing and XSS vulnerability (756db070-b9d4-11d9-ae81-000ae42e9b93)
2005-07-13 00:00:00
cvelist
cvelist
CVE-2005-1172
2005-04-18 04:00:00
nvd
nvd
CVE-2005-1172
2005-05-02 04:00:00

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

EPSS

0.002

Percentile

64.9%

JSON
Related for 756DB070-B9D4-11D9-AE81-000AE42E9B93
openvas2cve1nessus2cvelist1nvd1