31 matches found
EUVD-2006-2463
Malware in sbrugna...
EUVD-2006-2910
Malware in sbrugna...
EUVD-2006-2721
Malware in sbrugna...
EUVD-2006-2909
Malware in sbrugna...
CVE-2006-2463
viewalbum.php in SelectaPix 1.31 and earlier allows remote attackers to obtain the installation path via a certain request, which displays the path in an error message, possibly due to an invalid or missing parameter...
SelectaPix Image Gallery 1.4.1 Cross Site Scripting
Vulnerability ID: HTB22964 Reference: http://www.htbridge.ch/advisory/xssinselectapiximagegallery.html Product: SelectaPix Image Gallery Vendor: http://www.outofthetrees.co.uk/ http://www.outofthetrees.co.uk/ Vulnerable Version: 1.4.1 Vendor Notification: 19 April 2011 Vulnerability Type: XSS Cro...
SelectaPix Image Gallery 1.4.1 Cross Site Request Forgery
Vulnerability ID: HTB22963 Reference: http://www.htbridge.ch/advisory/csrfcrosssiterequestforgeryinselectapiximagegallery.html Product: SelectaPix Image Gallery Vendor: http://www.outofthetrees.co.uk/ http://www.outofthetrees.co.uk/ Vulnerable Version: 1.4.1 Vendor Notification: 19 April 2011...
HTB22963: CSRF (Cross-Site Request Forgery) in SelectaPix Image Gallery
Vulnerability ID: HTB22963 Reference: http://www.htbridge.ch/advisory/csrfcrosssiterequestforgeryinselectapiximagegallery.html Product: SelectaPix Image Gallery Vendor: http://www.outofthetrees.co.uk/ http://www.outofthetrees.co.uk/ Vulnerable Version: 1.4.1 Vendor Notification: 19 April 2011...
SelectaPix 1.4.1 - uploadername Cross-Site Scripting
SelectaPix 1.4.1 - uploadername Cross-Site Scripting source: https://www.securityfocus.com/bid/47701/info SelectaPix is prone to a cross-site scripting vulnerability because it fails to sufficiently sanitize user-supplied data. An attacker may leverage this issue to execute arbitrary script code ...
HTB22964: XSS in SelectaPix Image Gallery
Vulnerability ID: HTB22964 Reference: http://www.htbridge.ch/advisory/xssinselectapiximagegallery.html Product: SelectaPix Image Gallery Vendor: http://www.outofthetrees.co.uk/ http://www.outofthetrees.co.uk/ Vulnerable Version: 1.4.1 Vendor Notification: 19 April 2011 Vulnerability Type: XSS Cro...
SelectaPix 1.4.1 - 'uploadername' Cross-Site Scripting
source: https://www.securityfocus.com/bid/47701/info SelectaPix is prone to a cross-site scripting vulnerability because it fails to sufficiently sanitize user-supplied data. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context...
Cross-site Request Forgery (CSRF) Vulnerabilities in SelectaPix Image Gallery
High-Tech Bridge SA Security Research Lab has discovered multiple vulnerabilities in SelectaPix Image Gallery which could be exploited to perform cross-site request forgery attacks. 1 Cross-site request forgery CSRF vulnerabilities in SelectaPix Image Gallery 1.1 The vulnerability exists due to...
SelectaPix远程SQL注入漏洞
BUGTRAQ ID: 18349 CVECAN ID: CVE-2006-2912 SelectaPix是一款基于WEB的图片管理工具。 SelectaPix对用户提交给的参数缺少正确充分的过滤,远程攻击者可以利用此漏洞非授权操作数据库。 SelectaPix的多个脚本对用户提交参数数据缺少充分过滤,远程攻击者可以通过在输入数据中插入特定的SQL命令来非授权获取对数据库的访问。 Out of the Trees SelectaPix 1.31 Out of the Trees ---------------- 目前厂商已经在最新版本的软件中修复了这个安全问题,请到厂商的主页下载:...
Sql injection
Multiple SQL injection vulnerabilities in SelectaPix 1.31 allow remote attackers to execute arbitrary SQL commands via the 1 albumID parameter to a viewalbum.php or b index.php, 2 imageID parameter to c popup.php, or 3 username and 4 password parameters to d admin/member.php...
CVE-2006-2913
Cross-site scripting XSS vulnerability in SelectaPix 1.31 allows remote attackers to inject arbitrary web script or HTML via the albumID parameter to 1 popup.php and 2 viewalbum.php...
CVE-2006-2912
Multiple SQL injection vulnerabilities in SelectaPix 1.31 allow remote attackers to execute arbitrary SQL commands via the 1 albumID parameter to a viewalbum.php or b index.php, 2 imageID parameter to c popup.php, or 3 username and 4 password parameters to d admin/member.php...
Cross site scripting
Cross-site scripting XSS vulnerability in SelectaPix 1.31 allows remote attackers to inject arbitrary web script or HTML via the albumID parameter to 1 popup.php and 2 viewalbum.php...
CVE-2006-2912
Multiple SQL injection vulnerabilities in SelectaPix 1.31 allow remote attackers to execute arbitrary SQL commands via the 1 albumID parameter to a viewalbum.php or b index.php, 2 imageID parameter to c popup.php, or 3 username and 4 password parameters to d admin/member.php...
CVE-2006-2913
CVE-2006-2913 describes a cross-site scripting (XSS) vulnerability in SelectaPix 1.31, exploitable via the albumID parameter to popup.php and view_album.php. The issue allows remote attackers to inject arbitrary web script or HTML. Documents confirm the affected component and vulnerable endpoints...
CVE-2006-2913
Cross-site scripting XSS vulnerability in SelectaPix 1.31 allows remote attackers to inject arbitrary web script or HTML via the albumID parameter to 1 popup.php and 2 viewalbum.php...