EUVD-2006-0707

Malware in sbrugna...

EUVD-2006-0709

Malware in sbrugna...

CVE-2006-0702

admin/upload.php in imageVue 16.1 allows remote attackers to upload arbitrary files to certain allowed folders via .. dot dot sequences in the path parameter. NOTE: due to the lack of details, the specific vulnerability type cannot be determined, although it might be due to directory traversal...

Cross site scripting

Unspecified vulnerability in index.php in imageVue 16.1 has unknown impact, probably a cross-site scripting XSS vulnerability involving the query string that is not quoted when inserted into style and body tags, as demonstrated using a bgcol parameter...

CVE-2006-0700

imageVue 16.1 allows remote attackers to obtain folder permission settings via a direct request to dir.php, which returns an XML document that lists folders and their permissions...

CVE-2006-0701

readfolder.php in imageVue 16.1 allows remote attackers to list directories via modified path and ext parameters...

CVE-2006-0703

Unspecified vulnerability in index.php in imageVue 16.1 has unknown impact, probably a cross-site scripting XSS vulnerability involving the query string that is not quoted when inserted into style and body tags, as demonstrated using a bgcol parameter...

Directory traversal

admin/upload.php in imageVue 16.1 allows remote attackers to upload arbitrary files to certain allowed folders via .. dot dot sequences in the path parameter. NOTE: due to the lack of details, the specific vulnerability type cannot be determined, although it might be due to directory traversal...

Design/Logic Flaw

imageVue 16.1 allows remote attackers to obtain folder permission settings via a direct request to dir.php, which returns an XML document that lists folders and their permissions...

Design/Logic Flaw

readfolder.php in imageVue 16.1 allows remote attackers to list directories via modified path and ext parameters...

CVE-2006-0703

Unspecified vulnerability in index.php in imageVue 16.1 has unknown impact, probably a cross-site scripting XSS vulnerability involving the query string that is not quoted when inserted into style and body tags, as demonstrated using a bgcol parameter...

CVE-2006-0700

The CVE-2006-0700 entry concerns imageVue 16.1, where a remote attacker can retrieve folder permission settings by directly requesting dir.php, which returns an XML listing folders and their permissions. Affected component: dir.php handler in imageVue 16.1 (XML response reveals folder permissions...

CVE-2006-0702

The provided connected Nessus entry confirms a concrete vulnerability in imageVue: versions prior to 16.2 allow unauthenticated remote upload of arbitrary files via admin/upload.php, effectively enabling code execution under the web server’s user context. The issue is described as an unrestricted...

CVE-2006-0702

admin/upload.php in imageVue 16.1 allows remote attackers to upload arbitrary files to certain allowed folders via .. dot dot sequences in the path parameter. NOTE: due to the lack of details, the specific vulnerability type cannot be determined, although it might be due to directory traversal...

CVE-2006-0700

imageVue 16.1 allows remote attackers to obtain folder permission settings via a direct request to dir.php, which returns an XML document that lists folders and their permissions...