108 matches found
CVE-2008-3451
PhpWebGallery 1.7.0 and 1.7.1 allows remote authenticated users with advisor privileges to obtain the real e-mail addresses of other users by editing the user's profile...
CVE-2008-3451
PhpWebGallery 1.7.0 and 1.7.1 are affected by CVE-2008-3451. Remote authenticated users with advisor privileges can obtain real e-mail addresses of other users by editing the target user’s profile. The NVD records a CVSS2 base score of 4.0 (Medium) with network attack vector and low complexity, h...
Cross site scripting
Cross-site scripting XSS vulnerability in picture.php in PhpWebGallery 1.7.0, when Comments for all is enabled, allows remote attackers to inject arbitrary web script or HTML via the author parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third...
CVE-2007-5012
Affected software: PhpWebGallery 1.7.0. Vulnerable component: picture.php. Issue: cross-site scripting (XSS) via the author parameter when Comments for all is enabled. Impact: remote attackers can inject arbitrary web script or HTML. Root cause details are not deeper than the description provided...
CVE-2007-5012
Cross-site scripting XSS vulnerability in picture.php in PhpWebGallery 1.7.0, when Comments for all is enabled, allows remote attackers to inject arbitrary web script or HTML via the author parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third...
CVE-2007-1109
Multiple cross-site scripting XSS vulnerabilities in Phpwebgallery 1.4.1 allow remote attackers to inject arbitrary web script or HTML via the 1 login or 2 mailaddress field in Register.php, or the 3 searchauthor, 4 mode, 5 startyear, 6 endyear, or 7 datetype field in Search.php, a different...
Cross site scripting
Multiple cross-site scripting XSS vulnerabilities in Phpwebgallery 1.4.1 allow remote attackers to inject arbitrary web script or HTML via the 1 login or 2 mailaddress field in Register.php, or the 3 searchauthor, 4 mode, 5 startyear, 6 endyear, or 7 datetype field in Search.php, a different...
CVE-2007-1109
CVE-2007-1109 describes multiple cross-site scripting (XSS) vulnerabilities in PhpwebGallery 1.4.1. The published description identifies vectors in Register.php (fields: login, mail_address) and in Search.php (fields: search_author, mode, start_year, end_year, date_type). A related entry (CVE-200...
CVE-2007-1109
Multiple cross-site scripting XSS vulnerabilities in Phpwebgallery 1.4.1 allow remote attackers to inject arbitrary web script or HTML via the 1 login or 2 mailaddress field in Register.php, or the 3 searchauthor, 4 mode, 5 startyear, 6 endyear, or 7 datetype field in Search.php, a different...
Phpwebgallery-1.4.1, Multiple Cross Site Scripting
Phpwebgallery-1.4.1 - Multiple Cross Site Scripting Vendor : http://www.phpwebgallery.net/ Risk : Low ---------------------------------------------------------------- Register.php - login and mailaddress fields are vulnerables to XSS attacks Search.php - searchauthor,mode, startyear, endyear,...
CVE-2006-3476
Cross-site scripting XSS vulnerability in comments.php in PhpWebGallery 1.5.2 and earlier, and possibly 1.6.0, allows remote attackers to inject arbitrary web script or HTML via the keyword parameter...
CVE-2006-3476
CVE-2006-3476 affects PhpWebGallery prior to or including 1.5.2 (and possibly 1.6.0). The vulnerability is an XSS in comments.php where the keyword parameter can be controlled by an attacker and reflected into the page, allowing remote execution of arbitrary web script or HTML in a victim’s brows...
CVE-2006-3476
Cross-site scripting XSS vulnerability in comments.php in PhpWebGallery 1.5.2 and earlier, and possibly 1.6.0, allows remote attackers to inject arbitrary web script or HTML via the keyword parameter...
phpwebgallery152.txt
Produce : PhpWebGallery = 1.5.2 Site : http://www.phpwebgallery.net Problem : XSS Greetz : hasnaa and all friends Moroccan Security Research Team Vulnerable file : comments.php Exploit : http://localhost/phpwebgallery/comments.php?keyword=%22%3EXSS...
PHPWebGallery 1.x - comments.php Cross-Site Scripting
PHPWebGallery 1.x - comments.php Cross-Site Scripting source: https://www.securityfocus.com/bid/18798/info PhpWebGallery is prone to a cross-site scripting vulnerability because it fails to sanitize input before displaying it to users of the application. An attacker may leverage this issue to hav...
PHPWebGallery 1.x - 'comments.php' Cross-Site Scripting
source: https://www.securityfocus.com/bid/18798/info PhpWebGallery is prone to a cross-site scripting vulnerability because it fails to sanitize input before displaying it to users of the application. An attacker may leverage this issue to have arbitrary script code execute in the browser of an...
Information disclosure
PhpWebGallery before 1.6.0RC1 allows remote attackers to obtain arbitrary pictures via a request to picture.php without specifying the cat parameter. NOTE: the provenance of this information is unknown; the details are obtained from third party information...
CVE-2006-2041
PhpWebGallery before 1.6.0RC1 allows remote attackers to obtain arbitrary pictures via a request to picture.php without specifying the cat parameter. NOTE: the provenance of this information is unknown; the details are obtained from third party information...
CVE-2006-2041
CVE-2006-2041 affects PhpWebGallery versions prior to 1.6.0RC1. The flaw allows remote attackers to obtain arbitrary pictures by issuing a request to picture.php without the required cat parameter. The underlying impact is a partial disclosure of data (information exposure) as reflected in the CV...
CVE-2006-2041
PhpWebGallery before 1.6.0RC1 allows remote attackers to obtain arbitrary pictures via a request to picture.php without specifying the cat parameter. NOTE: the provenance of this information is unknown; the details are obtained from third party information...