5 matches found
CVE-2014-7860
The web/webfile/fbpublish.php script in D-Link DNS-320L before 1.04b12 and DNS-327L before 1.03b04 Build0119 does not authenticate requests, which allows remote attackers to obtain arbitrary photos and publish them to an arbitrary Facebook profile via a target albumid and accesstoken...
CVE-2014-7860
The CVE-2014-7860 issue affects D-Link DNS-320L (pre-1.04b12) and DNS-327L (pre-1.03b04 Build0119). The web/web_file/fb_publish.php script fails to authenticate requests, enabling remote attackers to obtain arbitrary photos and publish them to a Facebook profile using a target album_id and access...
Directory traversal
Directory traversal vulnerability in index.php in iFoto 1.0.1 and earlier allows remote attackers to list arbitrary directories, and possibly download arbitrary photos, via a .. dot dot in the dir parameter...
CVE-2007-4092
Directory traversal vulnerability in index.php in iFoto 1.0.1 and earlier allows remote attackers to list arbitrary directories, and possibly download arbitrary photos, via a .. dot dot in the dir parameter...
IMGallery <= 2.5 Create Uploader Script Exploit
Exploit for unknown platform in category web applications =============================================== IMGallery DEVIL TEAM IRC:...