6562 matches found
John Beatty Easy PHP Photo Album 1.0 - 'dir' HTML Injection
source: https://www.securityfocus.com/bid/8977/info It has been reported that Easy PHP Photo Album is prone to a HTML injection vulnerability that may allow an attacker to execute HTML code in a user's browser. The issue is reported to be present in the 'dir' parameter. This problem is due to...
DSA-355 gallery - cross-site scripting
Bulletin has no description...
CVE-2003-1146
Cross-site scripting XSS vulnerability in John Beatty Easy PHP Photo Album 1.0 allows remote attackers to inject arbitrary web script or HTML via the dir parameter...
Coppermine Photo Gallery displayimage.php SQL Injection
The remote host is running Coppermine Gallery - a set of PHP scripts designed to handle galleries of pictures. This product has a vulnerability which allows a remote attacker to execute arbitrary SQL queries. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. include'deprecatednasllevel.inc';...
CVE-2002-1411
Directory traversal vulnerability in update.dpgs in Duma Photo Gallery System DPGS 0.99.4 allows remote attackers to read arbitrary files via .. dot dot sequences in the id parameter...
CVE-2002-1412
Gallery photo album package before 1.3.1 allows local and possibly remote attackers to execute arbitrary code via a modified GALLERYBASEDIR variable that points to a directory or URL that contains a Trojan horse init.php script...
Coppermine Photo Gallery remote compromise
---AFFECTED SOFTWARE--- From the website, http://www.chezgreg.net/coppermine/: "Coppermine Photo Gallery is a picture gallery script. Users can upload pictures with a web browser thumbnails are created on the fly, add comments, send e-cards and view statistics about the pictures. " "The script us...
Coppermine Photo Gallery Multiple Extension File Upload Arbitrary PHP Code Execution
The remote host is running Coppermine Gallery - a set of PHP scripts designed to handle galleries of pictures. This product has a vulnerability which allows an attacker to upload a rogue jpeg file which may contain PHP commands. A remote attacker could use this to execute arbitrary commands in th...
CVE-2002-1411
Directory traversal vulnerability in update.dpgs in Duma Photo Gallery System DPGS 0.99.4 allows remote attackers to read arbitrary files via .. dot dot sequences in the id parameter...
CVE-2002-1411
CVE-2002-1411 concerns a directory traversal vulnerability in the Duma Photo Gallery System (DPGS) 0.99.4, reported as affecting the update.dpgs endpoint. The vulnerability arises from insufficient validation of the id parameter, allowing remote attackers to read arbitrary files via .. (dot dot) ...
Security holes : PHP Image View, NewsPro, Photo DB, As_web, GuestBook
Hi all : 1 PHP Image View 1.0 http://www.onlinetools.org Problems : - XSS - phpinfo; Exploits : - /phpimageview.php?pw=show - /phpimageview.php?pic=javascript:alertdocument.domain 2 NewsPro 1.01 http://www.aspbin.co.uk Problem : - Admin access Exploit : - Set cookie "logged,true" on the...
Gallery Addon for PhpNuke remote file viewing vulnerability
Gallery Addon for PhpNuke remote file viewing vulnerability Problem discovered: 18/10/2001 by Cabezon Aurйlien | [email protected] 1 Description Gallery is an intuitive web based photo gallery with authenticated users and privileged albums. Photo management includes automatic...
bharat Mediratta Gallery 1.11.2 - Directory Traversal
bharat Mediratta Gallery 1.11.2 - Directory Traversal source: https://www.securityfocus.com/bid/3554/info Bharat Mediratta Gallery is a free, open source web-based photo album which may be used as an add-on for the PHPNuke web portal. Due to insufficient validation of user-supplied input, it is b...
CVE-1999-1112
Technical details about CVE-1999-1112 are not publicly provided in the connected documents. The initial description notes a buffer overflow in IrfanView32 3.07 and earlier; monitor for updates.
CVE-2000-0919
Directory traversal vulnerability in PHPix Photo Album 1.0.2 and earlier allows remote attackers to read arbitrary files via a .. dot dot attack...
CVE-2000-0919
CVE-2000-0919 is a directory traversal vulnerability in PHPix Photo Album 1.0.2 and earlier that allows remote attackers to read arbitrary files by prefixing a path with ..%2F..%2F (dot-dot). OpenVAS/Nessus entries confirm the issue with an example payload such as /Album/?mode=album&album=..%2F.....
CVE-2000-0919
Directory traversal vulnerability in PHPix Photo Album 1.0.2 and earlier allows remote attackers to read arbitrary files via a .. dot dot attack...
phpix 1.0 - Directory Traversal
source: https://www.securityfocus.com/bid/1773/info PHPix is a web-based photo-album system written in PHP. It is vulnerable to an attack that allows a malicious remote user to view arbitrary files on the target webserver with the privileges of the webserver. The problem is that "../" character...
[SECURITY] New version of Netscape Communicator/Navigator released
Package: netscape communicator, navigator Vulnerability: remote exploit Debian-specific: no Existing Netscape Communicator/Navigator packages contain the following vulnerabilities: 1. Netscape Communicator JPEG-Comment Heap Overwrite Vulnerability - executes arbitrary code in the comment field of...
Linux news 1.07.00
Linux Kernel pre-patch 2.4.0 test3-pre2 Вышла очередная предварительная, вторая по счету, версия третьего тестового ядра Linux - Linux Kernel pre-patch 2.4.0 test3-pre2. Подробнее: http://www.icewalk.com/softlib/app/app00797.html GPL будут тестировать юристы По мнению Д. Е. Поуэла Dennis E. Powel...