27 matches found
EUVD-2006-2399
Malware in sbrugna...
EUVD-2006-6231
Malware in sbrugna...
EUVD-2006-2398
Malware in sbrugna...
Gphotos 1.4/1.5 diapo.php rep Parameter XSS
No description provided by source. source: http://www.securityfocus.com/bid/17967/info Gphotos is prone to multiple input-validation vulnerabilities. The issues include information-disclosure and cross-site scripting vulnerabilities. These issues are due to a failure in the application to properl...
Gphotos 1.4/1.5 index.php rep Variable Traversal Arbitrary Directory Listing
No description provided by source...
Gphotos 1.4/1.5 index.php rep Parameter XSS
No description provided by source. source: http://www.securityfocus.com/bid/17967/info Gphotos is prone to multiple input-validation vulnerabilities. The issues include information-disclosure and cross-site scripting vulnerabilities. These issues are due to a failure in the application to properl...
Gphotos 1.4/1.5 affich.php image Parameter XSS
No description provided by source...
CVE-2006-6248
index.php in GPhotos 1.5 allows remote attackers to obtain sensitive information via an invalid rep parameter, which reveals the full path in an error message...
CVE-2006-6248
index.php in GPhotos 1.5 allows remote attackers to obtain sensitive information via an invalid rep parameter, which reveals the full path in an error message...
CVE-2006-6248
GPhotos 1.5 contains a vulnerability in index.php where the invalid rep parameter can trigger an error message that reveals the full filesystem path. This CVE (CVE-2006-6248) is documented with a remote information disclosure impact (confidentiality) and a network attack vector, but no concrete r...
CVE-2006-6248
index.php in GPhotos 1.5 allows remote attackers to obtain sensitive information via an invalid rep parameter, which reveals the full path in an error message...
gphotos.txt
Details The first vulnerability issue is due to an input validation error in "index.php" "diapo.php" and "affich.php" scripts that do not validate "rep","image" variables, which may be exploited to cross site scripting attacks. http://traget/index.php?rep=xss http://traget/diapo.php?rep=xss...
Directory traversal
Directory traversal vulnerability in index.php in GPhotos 1.5 and earlier allows remote attackers to read arbitrary files via a .. dot dot in the rep parameter...
CVE-2006-2397
Multiple cross-site scripting XSS vulnerabilities in GPhotos 1.5 and earlier allow remote attackers to inject arbitrary web script or HTML via the 1 rep parameter to a index.php or b diapo.php or 2 image parameter to c affich.php. NOTE: item 1a might be resultant from directory traversal...
Cross site scripting
Multiple cross-site scripting XSS vulnerabilities in GPhotos 1.5 and earlier allow remote attackers to inject arbitrary web script or HTML via the 1 rep parameter to a index.php or b diapo.php or 2 image parameter to c affich.php. NOTE: item 1a might be resultant from directory traversal...
CVE-2006-2398
Directory traversal vulnerability in index.php in GPhotos 1.5 and earlier allows remote attackers to read arbitrary files via a .. dot dot in the rep parameter...
CVE-2006-2398
Directory traversal vulnerability in index.php in GPhotos 1.5 and earlier allows remote attackers to read arbitrary files via a .. dot dot in the rep parameter...
CVE-2006-2397
CVE-2006-2397 affects GPhotos 1.5 and earlier, with XSS vulnerabilities that allow remote attackers to inject arbitrary scripts or HTML via the rep parameter to index.php or diapo.php, or via the image parameter to affich.php. A note suggests item 1a could arise from directory traversal. The conn...
CVE-2006-2397
Multiple cross-site scripting XSS vulnerabilities in GPhotos 1.5 and earlier allow remote attackers to inject arbitrary web script or HTML via the 1 rep parameter to a index.php or b diapo.php or 2 image parameter to c affich.php. NOTE: item 1a might be resultant from directory traversal...
CVE-2006-2398
CVE-2006-2398 affects GPhotos (1.5 and earlier). A directory traversal flaw in index.php allows remote attackers to read arbitrary files using .. in the rep parameter. From NVD, CVSSv2 base score 5.0 (MEDIUM): Attack vector NETWORK, access complexity LOW, authentication NONE, confidentiality impa...