11 matches found
EUVD-2006-6170
Malware in sbrugna...
EUVD-2006-6171
Malware in sbrugna...
Click Gallery Multiple Input Validation Vulnerabilities
No description provided by source. source: http://www.securityfocus.com/bid/21311/info Click Gallery is prone to multiple input-validation vulnerabilities, including SQL-injection issues and a cross-site scripting issue, because the application fails to sufficiently sanitize user-supplied data...
CVE-2006-6188
Cross-site scripting XSS vulnerability in viewsearch.asp in ClickTech Click Gallery allows remote attackers to inject arbitrary web script or HTML via the txtKeyWord parameter. NOTE: some of these details are obtained from third party information...
CVE-2006-6187
Multiple SQL injection vulnerabilities in ClickTech Click Gallery allow remote attackers to execute arbitrary SQL commands via the 1 currentpage or 2 galleryid parameter to a viewgallery.asp, the 3 imageid parameter to b downloadimage.asp, the currentpage or 5 orderby parameter to c gallery.asp, ...
CVE-2006-6187
CVE-2006-6187 involves multiple SQL injection vulnerabilities in ClickTech Click Gallery. The affected components are the web-facing scripts: view_gallery.asp (parameters: currentpage, gallery_id), download_image.asp (parameter: image_id), gallery.asp (parameter: orderby), and view_recent.asp (pa...
CVE-2006-6188
CVE-2006-6188 is a Cross-site Scripting (XSS) vulnerability in ClickTech Click Gallery (view_search.asp) that can be exploited via the txtKeyWord parameter to inject arbitrary script/HTML. Affected: ClickTech Click Gallery; vulnerable component: view_search.asp. Root cause: improper neutralizatio...
CVE-2006-6188
Cross-site scripting XSS vulnerability in viewsearch.asp in ClickTech Click Gallery allows remote attackers to inject arbitrary web script or HTML via the txtKeyWord parameter. NOTE: some of these details are obtained from third party information...
CVE-2006-6187
Multiple SQL injection vulnerabilities in ClickTech Click Gallery allow remote attackers to execute arbitrary SQL commands via the 1 currentpage or 2 galleryid parameter to a viewgallery.asp, the 3 imageid parameter to b downloadimage.asp, the currentpage or 5 orderby parameter to c gallery.asp, ...
aria-clickgal.txt
Aria-Security Team Advisory ----------------------------------------------------------- Software: Click Gallery Method: SQL Injection And XSS Vendor:ClickGallery.net PoC: http://target/viewgallery.asp?galleryid=809¤tpage=SQL Injection http://target/viewgallery.asp?galleryid=SQL injection...
Click Gallery - Multiple Input Validation Vulnerabilities
Click Gallery - Multiple Input Validation Vulnerabilities source: https://www.securityfocus.com/bid/21311/info Click Gallery is prone to multiple input-validation vulnerabilities, including SQL-injection issues and a cross-site scripting issue, because the application fails to sufficiently saniti...