26 matches found
EUVD-2004-2736
Malware in sbrugna...
EUVD-2006-6920
Malware in sbrugna...
EUVD-2006-3029
Malware in sbrugna...
EUVD-2006-6919
Malware in sbrugna...
Xtreme ASP Photo Gallery 2.0 displaypic.asp catname Parameter XSS
No description provided by source. source: http://www.securityfocus.com/bid/21138/info Xtreme ASP Photo Gallery is prone to multiple input-validation vulnerabilities, including cross-site scripting and SQL-injection issues and an HTML-injection issue because the application fails to properly...
Xtreme ASP Photo Gallery 2.0 displaypic.asp sortorder Parameter SQL Injection
No description provided by source. source: http://www.securityfocus.com/bid/21138/info Xtreme ASP Photo Gallery is prone to multiple input-validation vulnerabilities, including cross-site scripting and SQL-injection issues and an HTML-injection issue because the application fails to properly...
CVE-2004-2746
SQL injection vulnerability in adminlogin.asp in XTREME ASP Photo Gallery 2.0 allows remote attackers to execute arbitrary SQL commands via the 1 username and 2 password parameters...
CVE-2004-2746
CVE-2004-2746 : The connected Nessus/NASL entry confirms a SQL injection in XTreme ASP Photo Gallery 2.0, specifically in adminlogin.asp via the (1) username and (2) password parameters. This flaw allows remote attackers to inject arbitrary SQL commands, and the NASL text notes that this may be u...
CVE-2006-6936
Cross-site scripting XSS vulnerability in Xtreme ASP Photo Gallery allows remote attackers to inject arbitrary HTML or web script via 1 the catname parameter to displaypic.asp or 2 the search field. NOTE: vector 1 likely overlaps CVE-2006-3032...
CVE-2006-6937
SQL injection vulnerability in displaypic.asp in Xtreme ASP Photo Gallery allows remote attackers to inject arbitrary SQL commands via the sortorder parameter...
CVE-2006-6937
SQL injection vulnerability in displaypic.asp in Xtreme ASP Photo Gallery allows remote attackers to inject arbitrary SQL commands via the sortorder parameter...
CVE-2006-6936
The CVE-2006-6936 entry describes a cross-site scripting (XSS) vulnerability in Xtreme ASP Photo Gallery. The vulnerability is triggered by user-supplied input in two vectors: (1) the catname parameter to displaypic.asp and (2) the search field, enabling remote attackers to inject arbitrary HTML/...
CVE-2006-6936
Cross-site scripting XSS vulnerability in Xtreme ASP Photo Gallery allows remote attackers to inject arbitrary HTML or web script via 1 the catname parameter to displaypic.asp or 2 the search field. NOTE: vector 1 likely overlaps CVE-2006-3032...
CVE-2006-6937
CVE-2006-6937 describes an SQL injection in displaypic.asp of Xtreme ASP Photo Gallery, exploitable via the sortorder parameter. The vulnerability arises in the web application component/display logic, allowing remote attackers to inject arbitrary SQL commands. NVD lists a base score of 7.5 (HIGH...
xtremeg.txt
Aria-Security Team Advisory Original Advisory : http://aria-security.net/advisory/xtremeg.txt ----------------------------------------------------------- Software: Xtreme ASP Photo Gallery Method : Cross Site Scripting And SQL Injection PoC:...
Xtreme ASP Photo Gallery 2.0 - displaypic.asp?sortorder SQL Injection
Xtreme ASP Photo Gallery 2.0 - displaypic.asp?sortorder SQL Injection source: https://www.securityfocus.com/bid/21138/info Xtreme ASP Photo Gallery is prone to multiple input-validation vulnerabilities, including cross-site scripting and SQL-injection issues and an HTML-injection issue because th...
Xtreme ASP Photo Gallery 2.0 - 'displaypic.asp?sortorder' SQL Injection
source: https://www.securityfocus.com/bid/21138/info Xtreme ASP Photo Gallery is prone to multiple input-validation vulnerabilities, including cross-site scripting and SQL-injection issues and an HTML-injection issue because the application fails to properly sanitize user-supplied input. Successf...
Xtreme ASP Photo Gallery Cross Site Scripting And SQL Injection
Aria-Security Team Advisory www.Aria-security.Com For English www.Aria-Security.net For Persian Original Advisory : http://aria-security.net/advisory/xtremeg.txt ----------------------------------------------------------- Software: Xtreme ASP Photo Gallery Method : Cross Site Scripting And SQL...
Xtreme ASP Photo Gallery 2.0 - 'displaypic.asp?catname' Cross-Site Scripting
source: https://www.securityfocus.com/bid/21138/info Xtreme ASP Photo Gallery is prone to multiple input-validation vulnerabilities, including cross-site scripting and SQL-injection issues and an HTML-injection issue because the application fails to properly sanitize user-supplied input. Successf...
CVE-2006-3032
Multiple cross-site scripting XSS vulnerabilities in Xtreme ASP Photo Gallery 1.05 and earlier, and possibly 2.0 trial, allow remote attackers to inject arbitrary web script or HTML via the 1 catname and 2 total parameters in a displaypic.asp, and the 3 catname parameter in b displaythumbs.asp...