134 matches found
CVE-2026-25869
MiniGal Nano versions 0.3.5 and prior contain a path traversal vulnerability in index.php via the dir parameter. The application appends user-controlled input to the photos directory and attempts to prevent traversal by removing dot-dot sequences, but this protection can be bypassed using crafted...
CVE-2026-25868
MiniGal Nano version 0.3.5 and prior contain a reflected cross-site scripting XSS vulnerability in index.php via the dir parameter. The application constructs $currentdir from user-controlled input and embeds it into an error message without output encoding, allowing an attacker to supply...
CVE-2026-25868
MiniGal Nano version 0.3.5 and prior contain a reflected cross-site scripting XSS vulnerability in index.php via the dir parameter. The application constructs $currentdir from user-controlled input and embeds it into an error message without output encoding, allowing an attacker to supply...
CVE-2026-25869
MiniGal Nano versions 0.3.5 and prior contain a path traversal vulnerability in index.php via the dir parameter. The application appends user-controlled input to the photos directory and attempts to prevent traversal by removing dot-dot sequences, but this protection can be bypassed using crafted...
CVE-2026-25869 MiniGal Nano <= 0.3.5 Path Traversal via dir Parameter
MiniGal Nano versions 0.3.5 and prior contain a path traversal vulnerability in index.php via the dir parameter. The application appends user-controlled input to the photos directory and attempts to prevent traversal by removing dot-dot sequences, but this protection can be bypassed using crafted...
CVE-2026-25869
CVE-2026-25869 – MiniGal Nano ≤ 0.3.5 implements a path traversal in index.php via the dir parameter. The application appends user-controlled input to the photos directory and attempts to block traversal by removing dot-dot sequences, but crafted directory patterns can bypass this protection. An ...
CVE-2026-25869 MiniGal Nano <= 0.3.5 Path Traversal via dir Parameter
MiniGal Nano versions 0.3.5 and prior contain a path traversal vulnerability in index.php via the dir parameter. The application appends user-controlled input to the photos directory and attempts to prevent traversal by removing dot-dot sequences, but this protection can be bypassed using crafted...
CVE-2026-25868 MiniGal Nano <= 0.3.5 Reflected XSS via dir Parameter
MiniGal Nano version 0.3.5 and prior contain a reflected cross-site scripting XSS vulnerability in index.php via the dir parameter. The application constructs $currentdir from user-controlled input and embeds it into an error message without output encoding, allowing an attacker to supply...
CVE-2026-25868 MiniGal Nano <= 0.3.5 Reflected XSS via dir Parameter
MiniGal Nano version 0.3.5 and prior contain a reflected cross-site scripting XSS vulnerability in index.php via the dir parameter. The application constructs $currentdir from user-controlled input and embeds it into an error message without output encoding, allowing an attacker to supply...
CVE-2026-25868
MiniGal Nano
CVE-2026-25868
MiniGal Nano version 0.3.5 and prior contain a reflected cross-site scripting XSS vulnerability in index.php via the dir parameter. The application constructs $currentdir from user-controlled input and embeds it into an error message without output encoding, allowing an attacker to supply...
PT-2026-7616
MiniGal Nano version 0.3.5 and prior contain a reflected cross-site scripting XSS vulnerability in index.php via the dir parameter. The application constructs $currentdir from user-controlled input and embeds it into an error message without output encoding, allowing an attacker to supply...
CVE-2025-59898 Authenticated Cross-Site Scripting (XSS) vulnerability in Sync Breeze Enterprise Server
Sync Breeze Enterprise Server v10.4.18 and Disk Pulse Enterprise v10.4.18 contain a persistent authenticated Cross-Site Scripting XSS vulnerability. An attacker could send malicious content to an authenticated user and steal information from their session due to insufficient validation of user...
CVE-2025-58095
Cisco Talos reports multiple reflected XSS vulnerabilities in MedDream PACS Premium 7.3.6.870, all tied to the config.php functionality and specifically the imagedir parameter among others. The TALOS-2025-2271 disclosure (which maps to CVE-2025-58095) notes that carefully crafted URLs can trigger...
CVE-2003-1146
Cross-site scripting XSS vulnerability in John Beatty Easy PHP Photo Album 1.0 allows remote attackers to inject arbitrary web script or HTML via the dir parameter...
CVE-2025-60337
Tenda AC6 V2.0 15.03.06.50 was discovered to contain a buffer overflow in the speeddir parameter in the SetSpeedWan function. This vulnerability allows attackers to cause a Denial of Service DoS via a crafted input...
EUVD-2003-1136
Malware in sbrugna...
EUVD-2007-2249
Malware in sbrugna...
EUVD-2005-2436
Malware in sbrugna...
EUVD-2007-1141
Malware in sbrugna...