20 matches found
EUVD-2006-2002
Malware in sbrugna...
EUVD-2006-1995
Malware in sbrugna...
Scry Gallery Directory Traversal Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/17649/info Scry Gallery is prone to a directory-traversal vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input. An attacker can exploit this vulnerability to retrieve...
CVE-2006-1996
Scry Gallery 1.1 allows remote attackers to obtain sensitive information via an invalid p parameter, which reveals the path in an error message...
CVE-2006-1995
Directory traversal vulnerability in index.php in Scry Gallery 1.1 allows remote attackers to read arbitrary files via ".." sequences in the p parameter, which is not properly sanitized due to an rtrim function call with the arguments in the wrong order...
Design/Logic Flaw
Scry Gallery 1.1 allows remote attackers to obtain sensitive information via an invalid p parameter, which reveals the path in an error message...
CVE-2006-2001
Cross-site scripting XSS vulnerability in index.php in Scry Gallery 1.1 allows remote attackers to inject arbitrary web script or HTML via the p parameter. NOTE: this is a different vulnerability than the directory traversal vector...
Directory traversal
Directory traversal vulnerability in index.php in Scry Gallery 1.1 allows remote attackers to read arbitrary files via ".." sequences in the p parameter, which is not properly sanitized due to an rtrim function call with the arguments in the wrong order...
CVE-2006-1995
Directory traversal vulnerability in index.php in Scry Gallery 1.1 allows remote attackers to read arbitrary files via ".." sequences in the p parameter, which is not properly sanitized due to an rtrim function call with the arguments in the wrong order...
CVE-2006-2001
CVE-2006-2001 affects Scry Gallery 1.1, with a cross-site scripting (XSS) flaw in index.php exploitable via the p parameter. The vulnerability’s CVSS v2 vector (AV:N/AC:M/Au:N/C:N/I:P/A:N) yields a base score of 4.3 (Medium). Impact is limited to partial integrity risk; confidentiality and availa...
CVE-2006-1996
CVE-2006-1996 affects Scry Gallery 1.1, where an invalid p parameter causes an error message to reveal the server path, enabling information disclosure. The NVD entry and multiple sources consistently describe this as a remote information disclosure vulnerability with partial confidentiality impa...
CVE-2006-1996
Scry Gallery 1.1 allows remote attackers to obtain sensitive information via an invalid p parameter, which reveals the path in an error message...
CVE-2006-1995
CVE-2006-1995 affects Scry Gallery 1.1. The vulnerability is a directory traversal in index.php, exploitable via the p parameter containing .. sequences. The root cause is improper sanitization due to an rtrim function call with arguments in the wrong order. Documents provided do not include spec...
CVE-2006-2001
Cross-site scripting XSS vulnerability in index.php in Scry Gallery 1.1 allows remote attackers to inject arbitrary web script or HTML via the p parameter. NOTE: this is a different vulnerability than the directory traversal vector...
Scry Gallery 1.1 - 'index.php' Cross-Site Scripting
source: https://www.securityfocus.com/bid/17668/info Scry Gallery is prone to a cross-site scripting vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input. An attacker may leverage this issue to have arbitrary script code executed in the browser...
Scry Gallery XSS Vulnerability
Software : Scry Gallery v1.1 WebSite :http://scry.org/ ISSUE : The software is prone to a XSS attack using the following proof of concept : http://anysiteusingscrygallery.com/Path to scry gallery/index.php?v=list&i=0&p=scriptvar20variable=111111111111111111;alertvariable;/script One can execute...
Scry Gallery 1.1 - index.php Cross-Site Scripting
Scry Gallery 1.1 - index.php Cross-Site Scripting source: https://www.securityfocus.com/bid/17668/info Scry Gallery is prone to a cross-site scripting vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input. An attacker may leverage this issue to...
Scry Gallery Directory Traversal & Full Path Disclosure Vulnerabilites
Software : Scry Gallery WebSite :http://scry.org/ discovred by :Moroccan Security Team + Directory Traversal : A remote attacker may employ directory traversal strings '../' to access arbitrary files outside of the webroot directory. This flaw is due to an input validation error in the "index.php...
Scry Gallery - Directory Traversal
source: https://www.securityfocus.com/bid/17649/info Scry Gallery is prone to a directory-traversal vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input. An attacker can exploit this vulnerability to retrieve arbitrary files from the vulnerable...
Scry Gallery - Directory Traversal
Scry Gallery - Directory Traversal source: https://www.securityfocus.com/bid/17649/info Scry Gallery is prone to a directory-traversal vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input. An attacker can exploit this vulnerability to retrieve...