Lucene search
K

99 matches found

NVD
NVD
added 2006/08/29 12:4 a.m.11 views

CVE-2006-4421

Cross-site scripting XSS vulnerability in template/default/thankscomment.php in Yet Another PHP Image Gallery YaPIG 0.95b allows remote attackers to inject arbitrary web script or HTML via the DREFRESHURL parameter...

4.3CVSS5.8AI score0.01632EPSS
Exploits0References4
CVE
CVE
added 2006/08/29 12:0 a.m.61 views

CVE-2006-4421

CVE-2006-4421: Cross-site scripting in Yet Another PHP Image Gallery (YaPiG) 0.95b due to an XSS vulnerability in template/default/thanks_comment.php, exploitable via the D_REFRESH_URL parameter. Remediation/mitigation details are not provided in the supplied documents; only the vulnerability des...

4.3CVSS5.8AI score0.01632EPSS
Exploits0References4Affected Software1
Packet Storm
Packet Storm
added 2006/08/28 12:0 a.m.27 views

yapigXSS.txt

/ Kuon Kuon-at-Armorize.com YaPiG thankscomment.php Cross-Site Scripting Vulnerability Contact : Kuon-at-Armorize.com Link : www.Armorize.com / Armorize Technologies Security Advisory Advisory No: 20061001 Date: 2006/08/25 Affected Software: yapig 0.95b Vulnerability Description: Cross-Site...

7.4AI score
Exploits0
securityvulns
securityvulns
added 2006/08/28 12:0 a.m.306 views

YaPiG thanks_comment.php Cross-Site Scripting Vulnerability

/ Kuon Armorize Security Team Kuon-at-Armorize.com YaPiG thankscomment.php Cross-Site Scripting Vulnerability Contact : Kuon-at-Armorize.com Link : www.Armorize.com / Armorize Technologies Security Advisory Advisory No: 20061001 Date: 2006/08/25 Affected Software: yapig 0.95b Vulnerability...

0.4AI score
Exploits0
CVE
CVE
added 2006/05/15 4:0 p.m.46 views

CVE-2005-4800

The CVE-2005-4800 entry affects Yet Another PHP Image Gallery (YaPIG) versions 0.95b and earlier. The vulnerability is a direct static code injection where remote authenticated administrators can inject arbitrary PHP code via the TestGallery parameter in a mod_info action of modify_gallery.php, w...

9CVSS7.2AI score0.0219EPSS
Exploits1References5Affected Software1
Cvelist
Cvelist
added 2006/05/15 4:0 p.m.24 views

CVE-2005-4799

Multiple cross-site scripting XSS vulnerabilities in Yet Another PHP Image Gallery YaPIG 0.95b and earlier allow remote attackers to inject arbitrary web script or HTML via 1 the Homepage field aka the Website field in an "image-related comment" and 2 the imgsize field in view.php. NOTE: due to...

5.7AI score0.06797EPSS
Exploits1References9
CVE
CVE
added 2006/05/15 4:0 p.m.57 views

CVE-2005-4799

YaPiG ( YaPiG ) is affected by CVE-2005-4799: multiple XSS flaws in YaPiG

5.1CVSS5.9AI score0.06797EPSS
Exploits1References9Affected Software1
CVE
CVE
added 2006/05/15 4:0 p.m.77 views

CVE-2005-4801

CVE-2005-4801 involves multiple cross-site request forgery (CSRF) vulnerabilities in YaPIG (Yet Another PHP Image Gallery) 0.95b and earlier. The issues allow an attacker to trigger actions as a logged-in administrator by convincing the admin to visit a malicious page that performs a mod_info act...

7.5CVSS7.4AI score0.01701EPSS
Exploits1References5Affected Software1
Cvelist
Cvelist
added 2006/05/15 4:0 p.m.19 views

CVE-2005-4800

Direct static code injection vulnerability in Yet Another PHP Image Gallery YaPIG 0.95b and earlier allows remote authenticated administrators to inject arbitrary PHP code via the TestGallery parameter in a modinfo action to modifygallery.php, which inserts the code into guidinfo.php. NOTE: this...

6.9AI score0.0219EPSS
Exploits1References5
NVD
NVD
added 2005/12/31 5:0 a.m.15 views

CVE-2005-4801

Multiple cross-site request forgery CSRF vulnerabilities in Yet Another PHP Image Gallery YaPIG 0.95b and earlier allow remote attackers to perform unauthorized actions as a logged-in user, as demonstrated by tricking the administrator to access a web page that performs a modinfo action in...

7.5CVSS7AI score0.01701EPSS
Exploits1References5
OpenVAS
OpenVAS
added 2005/11/03 12:0 a.m.182 views

YaPiG Multiple Flaws

The remote web server contains a PHP application that is affected by multiple flaws. Description : The remote host is running YaPiG, a web-based image gallery written in PHP. The installed version of YaPiG is vulnerable to multiple flaws: - Remote and local file inclusion. - Cross-site scripting...

7.5CVSS0.03429EPSS
Exploits6References8
OpenVAS
OpenVAS
added 2005/11/03 12:0 a.m.127 views

YaPiG Password Protected Directory Access Flaw

The remote version of YaPiG a flaw that can let a malicious user view images in password protected directories. SPDX-FileCopyrightText: 2005 David Maciejak Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders...

7.5AI score
Exploits0References4
OpenVAS
OpenVAS
added 2005/11/03 12:0 a.m.160 views

YaPiG Multiple Flaws

The remote web server contains a PHP application that is affected by multiple flaws. Description : The remote host is running YaPiG, a web-based image gallery written in PHP. The installed version of YaPiG is vulnerable to multiple flaws: - Remote and local file inclusion. - Cross-site scripting...

7.5CVSS6.5AI score0.03429EPSS
Exploits6References13
OpenVAS
OpenVAS
added 2005/11/03 12:0 a.m.50 views

YaPiG Remote Server-Side Script Execution Vulnerability

The remote version of YaPiG may allow a remote attacker to execute malicious scripts on a vulnerable system. SPDX-FileCopyrightText: 2004 David Maciejak Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifie...

7.3AI score
Exploits0References4
Packet Storm
Packet Storm
added 2005/10/15 12:0 a.m.29 views

TUVSA-0510-001.txt

=========================================================== Yapig: XSS / Code Injection Vulnerability =========================================================== Technical University of Vienna Security Advisory TUVSA-0510-001, October 13, 2005...

7.4AI score
Exploits0
securityvulns
securityvulns
added 2005/10/13 12:0 a.m.231 views

Yapig: XSS / Code Injection Vulnerability

=========================================================== Yapig: XSS / Code Injection Vulnerability =========================================================== Technical University of Vienna Security Advisory TUVSA-0510-001, October 13, 2005...

0.5AI score
Exploits0
exploitpack
exploitpack
added 2005/10/13 12:0 a.m.9 views

YaPiG 0.95b - view.php?img_size Cross-Site Scripting

YaPiG 0.95b - view.php?imgsize Cross-Site Scripting source: https://www.securityfocus.com/bid/15092/info Yapig is prone to a cross-site scripting vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input. An attacker may leverage this issue to have...

6.8AI score
Exploits0
Exploit DB
Exploit DB
added 2005/10/13 12:0 a.m.78 views

YaPiG 0.95b - 'view.php?img_size' Cross-Site Scripting

source: https://www.securityfocus.com/bid/15092/info Yapig is prone to a cross-site scripting vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input. An attacker may leverage this issue to have arbitrary script code executed in the browser of an...

7.4AI score
Exploits0
NVD
NVD
added 2005/08/30 11:45 a.m.15 views

CVE-2005-2736

Cross-site scripting XSS vulnerability in YaPig 0.95 and earlier allows remote attackers to inject arbitrary web script or HTML via EXIF data, such as the Camera Model Tag...

4.3CVSS5.7AI score0.01296EPSS
Exploits0References6
Cvelist
Cvelist
added 2005/08/29 4:0 a.m.23 views

CVE-2005-2736

Cross-site scripting XSS vulnerability in YaPig 0.95 and earlier allows remote attackers to inject arbitrary web script or HTML via EXIF data, such as the Camera Model Tag...

5.7AI score0.01296EPSS
Exploits0References6
Rows per page
Query Builder