20 matches found
EUVD-2006-1995
Malware in sbrugna...
EUVD-2006-2002
Malware in sbrugna...
Scry Gallery Directory Traversal Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/17649/info Scry Gallery is prone to a directory-traversal vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input. An attacker can exploit this vulnerability to retrieve...
Directory traversal
Directory traversal vulnerability in index.php in Scry Gallery 1.1 allows remote attackers to read arbitrary files via ".." sequences in the p parameter, which is not properly sanitized due to an rtrim function call with the arguments in the wrong order...
CVE-2006-1996
Scry Gallery 1.1 allows remote attackers to obtain sensitive information via an invalid p parameter, which reveals the path in an error message...
CVE-2006-2001
Cross-site scripting XSS vulnerability in index.php in Scry Gallery 1.1 allows remote attackers to inject arbitrary web script or HTML via the p parameter. NOTE: this is a different vulnerability than the directory traversal vector...
Design/Logic Flaw
Scry Gallery 1.1 allows remote attackers to obtain sensitive information via an invalid p parameter, which reveals the path in an error message...
CVE-2006-1995
Directory traversal vulnerability in index.php in Scry Gallery 1.1 allows remote attackers to read arbitrary files via ".." sequences in the p parameter, which is not properly sanitized due to an rtrim function call with the arguments in the wrong order...
CVE-2006-2001
CVE-2006-2001 affects Scry Gallery 1.1, with a cross-site scripting (XSS) flaw in index.php exploitable via the p parameter. The vulnerability’s CVSS v2 vector (AV:N/AC:M/Au:N/C:N/I:P/A:N) yields a base score of 4.3 (Medium). Impact is limited to partial integrity risk; confidentiality and availa...
CVE-2006-1996
Scry Gallery 1.1 allows remote attackers to obtain sensitive information via an invalid p parameter, which reveals the path in an error message...
CVE-2006-1995
Directory traversal vulnerability in index.php in Scry Gallery 1.1 allows remote attackers to read arbitrary files via ".." sequences in the p parameter, which is not properly sanitized due to an rtrim function call with the arguments in the wrong order...
CVE-2006-1996
CVE-2006-1996 affects Scry Gallery 1.1, where an invalid p parameter causes an error message to reveal the server path, enabling information disclosure. The NVD entry and multiple sources consistently describe this as a remote information disclosure vulnerability with partial confidentiality impa...
CVE-2006-2001
Cross-site scripting XSS vulnerability in index.php in Scry Gallery 1.1 allows remote attackers to inject arbitrary web script or HTML via the p parameter. NOTE: this is a different vulnerability than the directory traversal vector...
CVE-2006-1995
CVE-2006-1995 affects Scry Gallery 1.1. The vulnerability is a directory traversal in index.php, exploitable via the p parameter containing .. sequences. The root cause is improper sanitization due to an rtrim function call with arguments in the wrong order. Documents provided do not include spec...
Scry Gallery XSS Vulnerability
Software : Scry Gallery v1.1 WebSite :http://scry.org/ ISSUE : The software is prone to a XSS attack using the following proof of concept : http://anysiteusingscrygallery.com/Path to scry gallery/index.php?v=list&i=0&p=scriptvar20variable=111111111111111111;alertvariable;/script One can execute...
Scry Gallery 1.1 - 'index.php' Cross-Site Scripting
source: https://www.securityfocus.com/bid/17668/info Scry Gallery is prone to a cross-site scripting vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input. An attacker may leverage this issue to have arbitrary script code executed in the browser...
Scry Gallery 1.1 - index.php Cross-Site Scripting
Scry Gallery 1.1 - index.php Cross-Site Scripting source: https://www.securityfocus.com/bid/17668/info Scry Gallery is prone to a cross-site scripting vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input. An attacker may leverage this issue to...
Scry Gallery Directory Traversal & Full Path Disclosure Vulnerabilites
Software : Scry Gallery WebSite :http://scry.org/ discovred by :Moroccan Security Team + Directory Traversal : A remote attacker may employ directory traversal strings '../' to access arbitrary files outside of the webroot directory. This flaw is due to an input validation error in the "index.php...
Scry Gallery - Directory Traversal
source: https://www.securityfocus.com/bid/17649/info Scry Gallery is prone to a directory-traversal vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input. An attacker can exploit this vulnerability to retrieve arbitrary files from the vulnerable...
Scry Gallery - Directory Traversal
Scry Gallery - Directory Traversal source: https://www.securityfocus.com/bid/17649/info Scry Gallery is prone to a directory-traversal vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input. An attacker can exploit this vulnerability to retrieve...