99 matches found
CVE-2006-4421
Cross-site scripting XSS vulnerability in template/default/thankscomment.php in Yet Another PHP Image Gallery YaPIG 0.95b allows remote attackers to inject arbitrary web script or HTML via the DREFRESHURL parameter...
CVE-2006-4421
CVE-2006-4421: Cross-site scripting in Yet Another PHP Image Gallery (YaPiG) 0.95b due to an XSS vulnerability in template/default/thanks_comment.php, exploitable via the D_REFRESH_URL parameter. Remediation/mitigation details are not provided in the supplied documents; only the vulnerability des...
yapigXSS.txt
/ Kuon Kuon-at-Armorize.com YaPiG thankscomment.php Cross-Site Scripting Vulnerability Contact : Kuon-at-Armorize.com Link : www.Armorize.com / Armorize Technologies Security Advisory Advisory No: 20061001 Date: 2006/08/25 Affected Software: yapig 0.95b Vulnerability Description: Cross-Site...
YaPiG thanks_comment.php Cross-Site Scripting Vulnerability
/ Kuon Armorize Security Team Kuon-at-Armorize.com YaPiG thankscomment.php Cross-Site Scripting Vulnerability Contact : Kuon-at-Armorize.com Link : www.Armorize.com / Armorize Technologies Security Advisory Advisory No: 20061001 Date: 2006/08/25 Affected Software: yapig 0.95b Vulnerability...
CVE-2005-4800
The CVE-2005-4800 entry affects Yet Another PHP Image Gallery (YaPIG) versions 0.95b and earlier. The vulnerability is a direct static code injection where remote authenticated administrators can inject arbitrary PHP code via the TestGallery parameter in a mod_info action of modify_gallery.php, w...
CVE-2005-4799
Multiple cross-site scripting XSS vulnerabilities in Yet Another PHP Image Gallery YaPIG 0.95b and earlier allow remote attackers to inject arbitrary web script or HTML via 1 the Homepage field aka the Website field in an "image-related comment" and 2 the imgsize field in view.php. NOTE: due to...
CVE-2005-4799
YaPiG ( YaPiG ) is affected by CVE-2005-4799: multiple XSS flaws in YaPiG
CVE-2005-4801
CVE-2005-4801 involves multiple cross-site request forgery (CSRF) vulnerabilities in YaPIG (Yet Another PHP Image Gallery) 0.95b and earlier. The issues allow an attacker to trigger actions as a logged-in administrator by convincing the admin to visit a malicious page that performs a mod_info act...
CVE-2005-4800
Direct static code injection vulnerability in Yet Another PHP Image Gallery YaPIG 0.95b and earlier allows remote authenticated administrators to inject arbitrary PHP code via the TestGallery parameter in a modinfo action to modifygallery.php, which inserts the code into guidinfo.php. NOTE: this...
CVE-2005-4801
Multiple cross-site request forgery CSRF vulnerabilities in Yet Another PHP Image Gallery YaPIG 0.95b and earlier allow remote attackers to perform unauthorized actions as a logged-in user, as demonstrated by tricking the administrator to access a web page that performs a modinfo action in...
YaPiG Multiple Flaws
The remote web server contains a PHP application that is affected by multiple flaws. Description : The remote host is running YaPiG, a web-based image gallery written in PHP. The installed version of YaPiG is vulnerable to multiple flaws: - Remote and local file inclusion. - Cross-site scripting...
YaPiG Password Protected Directory Access Flaw
The remote version of YaPiG a flaw that can let a malicious user view images in password protected directories. SPDX-FileCopyrightText: 2005 David Maciejak Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders...
YaPiG Multiple Flaws
The remote web server contains a PHP application that is affected by multiple flaws. Description : The remote host is running YaPiG, a web-based image gallery written in PHP. The installed version of YaPiG is vulnerable to multiple flaws: - Remote and local file inclusion. - Cross-site scripting...
YaPiG Remote Server-Side Script Execution Vulnerability
The remote version of YaPiG may allow a remote attacker to execute malicious scripts on a vulnerable system. SPDX-FileCopyrightText: 2004 David Maciejak Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifie...
TUVSA-0510-001.txt
=========================================================== Yapig: XSS / Code Injection Vulnerability =========================================================== Technical University of Vienna Security Advisory TUVSA-0510-001, October 13, 2005...
Yapig: XSS / Code Injection Vulnerability
=========================================================== Yapig: XSS / Code Injection Vulnerability =========================================================== Technical University of Vienna Security Advisory TUVSA-0510-001, October 13, 2005...
YaPiG 0.95b - view.php?img_size Cross-Site Scripting
YaPiG 0.95b - view.php?imgsize Cross-Site Scripting source: https://www.securityfocus.com/bid/15092/info Yapig is prone to a cross-site scripting vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input. An attacker may leverage this issue to have...
YaPiG 0.95b - 'view.php?img_size' Cross-Site Scripting
source: https://www.securityfocus.com/bid/15092/info Yapig is prone to a cross-site scripting vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input. An attacker may leverage this issue to have arbitrary script code executed in the browser of an...
CVE-2005-2736
Cross-site scripting XSS vulnerability in YaPig 0.95 and earlier allows remote attackers to inject arbitrary web script or HTML via EXIF data, such as the Camera Model Tag...
CVE-2005-2736
Cross-site scripting XSS vulnerability in YaPig 0.95 and earlier allows remote attackers to inject arbitrary web script or HTML via EXIF data, such as the Camera Model Tag...