Lucene search
K

12 matches found

CVE
CVE
added 2026/04/01 12:0 a.m.15 views

CVE-2026-30289

Tinybeans Private Family Album App v5.9.5-prod is affected by an arbitrary file overwrite vulnerability via the file import process. Multiple connected sources (Red Hat CVE, ENISA EUVD, NVD/NVD mirrors, CNNVD, CVE list) describe that attackers could overwrite critical internal files, potentially ...

8.4CVSS6.4AI score0.00205EPSS
Exploits1References4Affected Software1
EUVD
EUVD
added 2025/10/07 12:30 a.m.6 views

EUVD-2017-2327

Malware in sbrugna...

8.8CVSS8.8AI score0.01208EPSS
Exploits1References4
EUVD
EUVD
added 2025/10/07 12:30 a.m.5 views

EUVD-2017-2326

Malware in sbrugna...

7.5CVSS7.8AI score0.02472EPSS
Exploits1References4
Huntr
Huntr
added 2021/07/22 4:41 a.m.8 views

Improper Privilege Management in opensource-socialnetwork/opensource-socialnetwork

💥 BUG unprivileged user can like to private album . 💥 IMPACT user who does not have permiison in private album still can comment in that album. 💥 STEP TO RERPODUCE There is two user called user-A and user-B.\ 1. First goto user-A account and create a private album . \ Lets album url is...

0.3AI score
Exploits0
Huntr
Huntr
added 2021/07/22 4:39 a.m.6 views

Improper Privilege Management in opensource-socialnetwork/opensource-socialnetwork

💥 BUG unprivileged user can comment to private album . 💥 IMPACT user who does not have permiison in private album still can comment in that album. 💥 STEP TO RERPODUCE There is two user called user-A and user-B.\ 1. First goto user-A account and create a private album . \ Lets album url is...

0.7AI score
Exploits0
CNVD
CNVD
added 2017/07/03 12:0 a.m.4 views

Piwigo Cross-Site Request Forgery Vulnerability

Piwigo is a web-based photo album software from the Piwigo team. The software supports photo publishing, management, multiple browsing options categories, tags, time, and more. A cross-site request forgery vulnerability exists in Piwigo 2.9.1 and earlier versions. A remote attacker can exploit th...

8.8CVSS6.9AI score0.01208EPSS
Exploits1References1
OSV
OSV
added 2017/06/29 9:29 p.m.17 views

CVE-2017-10680

Cross-site request forgery CSRF vulnerability in Piwigo through 2.9.1 allows remote attackers to hijack the authentication of users for requests to change a private album to public via a crafted request...

8.8CVSS7.3AI score
Exploits0References3
OSV
OSV
added 2017/06/29 9:29 p.m.14 views

CVE-2017-10679

Piwigo through 2.9.1 allows remote attackers to obtain sensitive information about the descriptive name of a permalink by examining the redirect URL that is returned in a request for the permalink ID number of a private album. The permalink ID numbers are easily guessed...

7.5CVSS6.4AI score
Exploits0References3
Prion
Prion
added 2017/06/29 9:29 p.m.17 views

Design/Logic Flaw

Piwigo through 2.9.1 allows remote attackers to obtain sensitive information about the descriptive name of a permalink by examining the redirect URL that is returned in a request for the permalink ID number of a private album. The permalink ID numbers are easily guessed...

5CVSS7.3AI score0.02472EPSS
Exploits1References3Affected Software1
Cvelist
Cvelist
added 2017/06/29 9:0 p.m.18 views

CVE-2017-10680

Cross-site request forgery CSRF vulnerability in Piwigo through 2.9.1 allows remote attackers to hijack the authentication of users for requests to change a private album to public via a crafted request...

9.2AI score0.01208EPSS
Exploits1References3
Packet Storm
Packet Storm
added 2008/01/24 12:0 a.m.25 views

cpg1414-sql.txt

table prefix\n"; print " - hostname\n"; print " - web dirname \n"; print " - force mode - '0' - for Off or "album number" for force mode On \n"; print " table prefix - prefix of sql tables\n"; print " example: " . $argv0 . " coppermine.site photo/ 1 cpg1410\n"; credits; / FUNCTIONS / if...

7.4AI score
Exploits0
seebug.org
seebug.org
added 2008/01/23 12:0 a.m.13 views

Coppermine Photo Gallery <= 1.4.14 Remote SQL Injection Exploit

No description provided by source. ?php RST/GHC PRIVATE CPG 1.4.10 sql injection exploit Date: 17.05.07 bug: SQL injection in private album function through array indexes with COOKIE errorreporting EERROR; iniset"maxexecutiontime",0; intro; if $argc 4 print " Usage: " . $argv0 . " host dir force...

7.1AI score
Exploits0
Rows per page
Query Builder