99 matches found
CVE-2005-1882
CVE-2005-1882 (YaPiG) — YaPiG is a PHP-based image gallery. The vulnerability is a PHP Remote File Inclusion in last_gallery.php that allows an attacker to execute arbitrary PHP code by supplying a crafted YAPIG_PATH parameter in YaPiG versions 0.93u and 0.94u. The linked OpenVAS/NVD entries corr...
CVE-2005-1882
PHP remote file inclusion vulnerability in lastgallery.php in YaPiG 0.93u and 0.94u allows remote attackers to execute arbitrary PHP code via the YAPIGPATH parameter...
CVE-2005-1881
upload.php in YaPiG 0.92b, 0.93u and 0.94u does not properly restrict the file extension for uploaded image files, which allows remote attackers to upload arbitrary files and execute arbitrary PHP code...
[SA15600] YaPiG Multiple Vulnerabilities
---------------------------------------------------------------------- Bist Du interessiert an einem neuen Job in IT-Sicherheit? Secunia hat zwei freie Stellen als Junior und Senior Spezialist in IT- Sicherheit: http://secunia.com/secuniavacancies/...
CVE-2005-1881
upload.php in YaPiG 0.92b, 0.93u and 0.94u does not properly restrict the file extension for uploaded image files, which allows remote attackers to upload arbitrary files and execute arbitrary PHP code...
CVE-2005-1885
view.php in YaPiG 0.92b, 0.93u and 0.94u allows remote attackers to obtain sensitive information via a phid parameter that is not an integer, which reveals the path in an error message...
YaPiG 0.9x - LocalRemote File Inclusion
YaPiG 0.9x - LocalRemote File Inclusion source: https://www.securityfocus.com/bid/13874/info YaPiG is affected by remote and local file include vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input. An attacker may leverage these issues to...
YaPiG 0.9x - view.php Cross-Site Scripting
YaPiG 0.9x - view.php Cross-Site Scripting source: https://www.securityfocus.com/bid/13875/info YaPiG is prone to a cross-site scripting vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input. An attacker may leverage this issue to have arbitrary...
YaPiG 0.9x - upload.php Directory Traversal
YaPiG 0.9x - upload.php Directory Traversal source: https://www.securityfocus.com/bid/13877/info YaPiG is prone to a directory traversal vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input. An authorized user can add and delete arbitrary...
PT-2005-2838 · Yapig · Yapig
Name of the Vulnerable Software and Affected Versions: YaPiG versions 0.92b through 0.94u Description: The issue concerns the upload.php file in YaPiG, which does not properly restrict the file extension for uploaded image files. This allows remote attackers to upload arbitrary files and execute...
YaPiG 0.9x - Local/Remote File Inclusion
source: https://www.securityfocus.com/bid/13874/info YaPiG is affected by remote and local file include vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input. An attacker may leverage these issues to execute arbitrary server-side script cod...
YaPiG 0.9x - 'upload.php' Directory Traversal
source: https://www.securityfocus.com/bid/13877/info YaPiG is prone to a directory traversal vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input. An authorized user can add and delete arbitrary directories outside of the gallery directory by...
YaPiG 0.9x - 'view.php' Cross-Site Scripting
source: https://www.securityfocus.com/bid/13875/info YaPiG is prone to a cross-site scripting vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input. An attacker may leverage this issue to have arbitrary script code executed in the browser of an...
[SA12858] YaPiG comments Cross-Site Scripting Vulnerability
TITLE: YaPiG comments Cross-Site Scripting Vulnerability SECUNIA ADVISORY ID: SA12858 VERIFY ADVISORY: http://secunia.com/advisories/12858/ CRITICAL: Less critical IMPACT: Cross Site Scripting WHERE: From remote SOFTWARE: YaPiG 0.x http://secunia.com/product/3795/ DESCRIPTION: A vulnerability has...
yapig-php.txt
!/usr/bin/php ? / YaPiG 0.92b addcoment PHP Insertion Proof of Concept By aCiDBiTS acidbitshotmail.com 07-August-2004 Description: YaPiG http://yapig.sourceforge.net/ is a PHP Image Gallery script. This Proof of Concept creates a php file that echoes a notice. First it determines a valid photo...
[UNIX] YaPiG add_comment.php PHP Code Injection
The following security advisory is sent to the securiteam mailing list, and can be found at the SecuriTeam web site: http://www.securiteam.com - - promotion The SecuriTeam alerts list - Free, Accurate, Independent. Get your security news from a reliable source...
YaPiG < 0.92.2 Multiple Scripts Arbitrary Command Execution
The remote host is running YaPiG, a web-based image gallery written in PHP. The remote version of YaPiG may allow a remote attacker to execute malicious scripts on a vulnerable system. This issue exists due to a lack of sanitization of user-supplied data. It is reported that an attacker may be ab...
YaPiG 0.92 - Remote Server-Side Script Execution
YaPiG 0.92 - Remote Server-Side Script Execution source: https://www.securityfocus.com/bid/10891/info A vulnerability is reported to exist in YaPiG that may allow a remote attacker to execute malicious scripts on a vulnerable system. This issue exists due to a lack if sanitization of user-supplie...
YaPiG 0.92 - Remote Server-Side Script Execution
source: https://www.securityfocus.com/bid/10891/info A vulnerability is reported to exist in YaPiG that may allow a remote attacker to execute malicious scripts on a vulnerable system. This issue exists due to a lack if sanitization of user-supplied data. It is reported that an attacker may be ab...