Lucene search
K

99 matches found

CVE
CVE
added 2005/06/07 4:0 a.m.48 views

CVE-2005-1882

CVE-2005-1882 (YaPiG) — YaPiG is a PHP-based image gallery. The vulnerability is a PHP Remote File Inclusion in last_gallery.php that allows an attacker to execute arbitrary PHP code by supplying a crafted YAPIG_PATH parameter in YaPiG versions 0.93u and 0.94u. The linked OpenVAS/NVD entries corr...

7.5CVSS7.6AI score0.02609EPSS
Exploits1References4Affected Software1
Cvelist
Cvelist
added 2005/06/07 4:0 a.m.25 views

CVE-2005-1882

PHP remote file inclusion vulnerability in lastgallery.php in YaPiG 0.93u and 0.94u allows remote attackers to execute arbitrary PHP code via the YAPIGPATH parameter...

7.6AI score0.02609EPSS
Exploits1References4
Cvelist
Cvelist
added 2005/06/07 4:0 a.m.30 views

CVE-2005-1881

upload.php in YaPiG 0.92b, 0.93u and 0.94u does not properly restrict the file extension for uploaded image files, which allows remote attackers to upload arbitrary files and execute arbitrary PHP code...

7.4AI score0.03429EPSS
Exploits1References4
securityvulns
securityvulns
added 2005/06/07 12:0 a.m.55 views

[SA15600] YaPiG Multiple Vulnerabilities

---------------------------------------------------------------------- Bist Du interessiert an einem neuen Job in IT-Sicherheit? Secunia hat zwei freie Stellen als Junior und Senior Spezialist in IT- Sicherheit: http://secunia.com/secuniavacancies/...

1.6AI score
Exploits0
NVD
NVD
added 2005/06/06 4:0 a.m.21 views

CVE-2005-1881

upload.php in YaPiG 0.92b, 0.93u and 0.94u does not properly restrict the file extension for uploaded image files, which allows remote attackers to upload arbitrary files and execute arbitrary PHP code...

7.5CVSS7.4AI score0.03429EPSS
Exploits1References4
NVD
NVD
added 2005/06/06 4:0 a.m.19 views

CVE-2005-1885

view.php in YaPiG 0.92b, 0.93u and 0.94u allows remote attackers to obtain sensitive information via a phid parameter that is not an integer, which reveals the path in an error message...

5CVSS6.1AI score0.01548EPSS
Exploits1References4
exploitpack
exploitpack
added 2005/06/06 12:0 a.m.9 views

YaPiG 0.9x - LocalRemote File Inclusion

YaPiG 0.9x - LocalRemote File Inclusion source: https://www.securityfocus.com/bid/13874/info YaPiG is affected by remote and local file include vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input. An attacker may leverage these issues to...

7.4AI score
Exploits0
exploitpack
exploitpack
added 2005/06/06 12:0 a.m.11 views

YaPiG 0.9x - view.php Cross-Site Scripting

YaPiG 0.9x - view.php Cross-Site Scripting source: https://www.securityfocus.com/bid/13875/info YaPiG is prone to a cross-site scripting vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input. An attacker may leverage this issue to have arbitrary...

6.8AI score
Exploits0
exploitpack
exploitpack
added 2005/06/06 12:0 a.m.19 views

YaPiG 0.9x - upload.php Directory Traversal

YaPiG 0.9x - upload.php Directory Traversal source: https://www.securityfocus.com/bid/13877/info YaPiG is prone to a directory traversal vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input. An authorized user can add and delete arbitrary...

7.4AI score
Exploits0
Positive Technologies
Positive Technologies
added 2005/06/06 12:0 a.m.7 views

PT-2005-2838 · Yapig · Yapig

Name of the Vulnerable Software and Affected Versions: YaPiG versions 0.92b through 0.94u Description: The issue concerns the upload.php file in YaPiG, which does not properly restrict the file extension for uploaded image files. This allows remote attackers to upload arbitrary files and execute...

7.5CVSS7.4AI score0.03429EPSS
Exploits1References7
Exploit DB
Exploit DB
added 2005/06/06 12:0 a.m.54 views

YaPiG 0.9x - Local/Remote File Inclusion

source: https://www.securityfocus.com/bid/13874/info YaPiG is affected by remote and local file include vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input. An attacker may leverage these issues to execute arbitrary server-side script cod...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2005/06/06 12:0 a.m.62 views

YaPiG 0.9x - 'upload.php' Directory Traversal

source: https://www.securityfocus.com/bid/13877/info YaPiG is prone to a directory traversal vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input. An authorized user can add and delete arbitrary directories outside of the gallery directory by...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2005/06/06 12:0 a.m.31 views

YaPiG 0.9x - 'view.php' Cross-Site Scripting

source: https://www.securityfocus.com/bid/13875/info YaPiG is prone to a cross-site scripting vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input. An attacker may leverage this issue to have arbitrary script code executed in the browser of an...

7.4AI score
Exploits0
securityvulns
securityvulns
added 2004/10/18 12:0 a.m.533 views

[SA12858] YaPiG comments Cross-Site Scripting Vulnerability

TITLE: YaPiG comments Cross-Site Scripting Vulnerability SECUNIA ADVISORY ID: SA12858 VERIFY ADVISORY: http://secunia.com/advisories/12858/ CRITICAL: Less critical IMPACT: Cross Site Scripting WHERE: From remote SOFTWARE: YaPiG 0.x http://secunia.com/product/3795/ DESCRIPTION: A vulnerability has...

0.4AI score
Exploits0
Packet Storm
Packet Storm
added 2004/08/19 12:0 a.m.129 views

yapig-php.txt

!/usr/bin/php ? / YaPiG 0.92b addcoment PHP Insertion Proof of Concept By aCiDBiTS acidbitshotmail.com 07-August-2004 Description: YaPiG http://yapig.sourceforge.net/ is a PHP Image Gallery script. This Proof of Concept creates a php file that echoes a notice. First it determines a valid photo...

7.4AI score
Exploits0
securityvulns
securityvulns
added 2004/08/19 12:0 a.m.1047 views

[UNIX] YaPiG add_comment.php PHP Code Injection

The following security advisory is sent to the securiteam mailing list, and can be found at the SecuriTeam web site: http://www.securiteam.com - - promotion The SecuriTeam alerts list - Free, Accurate, Independent. Get your security news from a reliable source...

0.1AI score
Exploits0
Tenable Nessus
Tenable Nessus
added 2004/08/13 12:0 a.m.233 views

YaPiG < 0.92.2 Multiple Scripts Arbitrary Command Execution

The remote host is running YaPiG, a web-based image gallery written in PHP. The remote version of YaPiG may allow a remote attacker to execute malicious scripts on a vulnerable system. This issue exists due to a lack of sanitization of user-supplied data. It is reported that an attacker may be ab...

5.9AI score
Exploits0References1
exploitpack
exploitpack
added 2004/07/07 12:0 a.m.27 views

YaPiG 0.92 - Remote Server-Side Script Execution

YaPiG 0.92 - Remote Server-Side Script Execution source: https://www.securityfocus.com/bid/10891/info A vulnerability is reported to exist in YaPiG that may allow a remote attacker to execute malicious scripts on a vulnerable system. This issue exists due to a lack if sanitization of user-supplie...

7.6AI score
Exploits0
Exploit DB
Exploit DB
added 2004/07/07 12:0 a.m.28 views

YaPiG 0.92 - Remote Server-Side Script Execution

source: https://www.securityfocus.com/bid/10891/info A vulnerability is reported to exist in YaPiG that may allow a remote attacker to execute malicious scripts on a vulnerable system. This issue exists due to a lack if sanitization of user-supplied data. It is reported that an attacker may be ab...

7.4AI score
Exploits0
Rows per page
Query Builder