[SA19801] PhpWebGallery "picture.php" Disclosure of Arbitrary Pictures

TITLE: PhpWebGallery "picture.php" Disclosure of Arbitrary Pictures SECUNIA ADVISORY ID: SA19801 VERIFY ADVISORY: http://secunia.com/advisories/19801/ CRITICAL: Less critical IMPACT: Security Bypass, Exposure of sensitive information WHERE: From remote SOFTWARE: PhpWebGallery 1.x...

PHPWebGallery Multiple Cross Site Scripting Vulnerabilities

Title : PHPWebGallery Multiple Cross Site Scripting Vulnerabilities Author: Mourad aka Psych0 root at linuxmail org Moroccan Security Team Vendor: www.phpwebgallery.net Software: PHPWebGallery Version: 1.4.1 category.php and picture.php scripts are vulnerable to XSS attacks. Exploits:...

Cross site scripting

Multiple cross-site scripting XSS vulnerabilities in PHPWebGallery 1.4.1 allow remote attackers to inject arbitrary web script or HTML via the 1 cat, 2 num, and 3 search parameters to a category.php, and the 4 slideshow, 5 showmetadata, and 6 start parameters to b picture.php, a different...

CVE-2006-1674

Cross-site scripting XSS vulnerability in search.php in PHPWebGallery 1.4.1 allows remote attackers to inject arbitrary web script or HTML via the id parameter, a different vulnerability than CVE-2006-1675...

CVE-2006-1675

Multiple cross-site scripting XSS vulnerabilities in PHPWebGallery 1.4.1 allow remote attackers to inject arbitrary web script or HTML via the 1 cat, 2 num, and 3 search parameters to a category.php, and the 4 slideshow, 5 showmetadata, and 6 start parameters to b picture.php, a different...

CVE-2006-1675

PHPWebGallery 1.4.1 contains cross-site scripting (XSS) vulnerabilities tracked as CVE-2006-1675. The flaws permit remote attackers to inject arbitrary web script or HTML by supplying crafted values for (1) cat, (2) num, and (3) search parameters to category.php, and (4) slideshow, (5) show_metad...

CVE-2006-1674

Cross-site scripting XSS vulnerability in search.php in PHPWebGallery 1.4.1 allows remote attackers to inject arbitrary web script or HTML via the id parameter, a different vulnerability than CVE-2006-1675...

CVE-2006-1675

Multiple cross-site scripting XSS vulnerabilities in PHPWebGallery 1.4.1 allow remote attackers to inject arbitrary web script or HTML via the 1 cat, 2 num, and 3 search parameters to a category.php, and the 4 slideshow, 5 showmetadata, and 6 start parameters to b picture.php, a different...

CVE-2006-1674

CVE-2006-1674 affects PHPWebGallery 1.4.1, with a Cross-site Scripting (XSS) flaw in search.php where the id parameter can inject arbitrary script/HTML. The Red Hat advisory confirms the same vulnerability but does not provide patch details in the excerpt; other connected records reiterate the is...

PHPWebGallery 1.4.1 - 'picture.php' Cross-Site Scripting

source: https://www.securityfocus.com/bid/17421/info PHPWebGallery is prone to multiple cross-site scripting vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input. An attacker may leverage these issues to have arbitrary script code executed...

PHPWebGallery 1.4.1 - category.php Cross-Site Scripting

PHPWebGallery 1.4.1 - category.php Cross-Site Scripting source: https://www.securityfocus.com/bid/17421/info PHPWebGallery is prone to multiple cross-site scripting vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input. An attacker may...

PHPWebGallery 1.4.1 - picture.php Cross-Site Scripting

PHPWebGallery 1.4.1 - picture.php Cross-Site Scripting source: https://www.securityfocus.com/bid/17421/info PHPWebGallery is prone to multiple cross-site scripting vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input. An attacker may...

Phpwebgallery <= 1.4.1 SQL injection Vulnerability

Moroccan Security Team |ucif3r Greetz To All Freind Phpwebgallery 1.4.1 is vulnerable to SQL Injection Attacks The flaw is due to input validation errors in the "category.php" script when handling the "search"variables, which could be exploited by malicious people to conduct SQL injection attacks...

CVE-2006-1600

SQL injection vulnerability in category.php in PhpWebGallery 1.4.1 allows remote attackers to execute arbitrary SQL commands via the search parameter...

Sql injection

SQL injection vulnerability in category.php in PhpWebGallery 1.4.1 allows remote attackers to execute arbitrary SQL commands via the search parameter...

CVE-2006-1600

The CVE-2006-1600 entry describes an SQL injection in PhpWebGallery 1.4.1 affecting category.php via the search parameter, enabling remote command execution. The underlying root cause is unsafe handling/concatenation of input in a SQL query (per the description). The NVD metrics indicate a high s...

CVE-2006-1600

SQL injection vulnerability in category.php in PhpWebGallery 1.4.1 allows remote attackers to execute arbitrary SQL commands via the search parameter...

CVE-2005-4228

Multiple SQL injection vulnerabilities in PhpWebGallery 1.5.1 and earlier allow remote attackers to execute arbitrary SQL commands via the 1 since, 2 sortby, and 3 itemsnumber parameters to comments.php, 4 the search parameter to category.php, and 5 imageid parameter to picture.php. NOTE: it was...

CVE-2005-4228

Multiple SQL injection vulnerabilities in PhpWebGallery 1.5.1 and earlier allow remote attackers to execute arbitrary SQL commands via the 1 since, 2 sortby, and 3 itemsnumber parameters to comments.php, 4 the search parameter to category.php, and 5 imageid parameter to picture.php. NOTE: it was...

PHPWebGallery 1.3.41.5.1 - category.php SQL Injection

PHPWebGallery 1.3.41.5.1 - category.php SQL Injection source: https://www.securityfocus.com/bid/15837/info PhpWebGallery is prone to multiple SQL-injection vulnerabilities because the application fails to properly sanitize user-supplied input before using it in SQL queries. A successful exploit...