11 matches found
CVE-2005-1881
upload.php in YaPiG 0.92b, 0.93u and 0.94u does not properly restrict the file extension for uploaded image files, which allows remote attackers to upload arbitrary files and execute arbitrary PHP code...
CVE-2005-1886
Cross-site scripting XSS vulnerability in view.php in YaPiG 0.92b, 0.93u and 0.94u allows remote attackers to inject arbitrary web script or HTML via 1 the phid parameter or 2 unknown parameters when posting a new comment...
CVE-2005-1884
Directory traversal vulnerability in the 1 rmdir or 2 mkdir commands in upload.php in YaPiG 0.92b, 0.93u and 0.94u allows remote attackers to create or delete arbitrary directories via a .. dot dot in the dir parameter...
EUVD-2005-1886
Malware in sbrugna...
EUVD-2005-1885
Malware in sbrugna...
Yapig 0.9x Thanks_comment.PHP Cross Site Scripting Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/19709/info Yapig is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input. This may let an attacker steal cookie-based authentication credentials and launch other attacks...
CVE-2005-2736
Cross-site scripting XSS vulnerability in YaPig 0.95 and earlier allows remote attackers to inject arbitrary web script or HTML via EXIF data, such as the Camera Model Tag...
YaPiG 0.9x - view.php Cross-Site Scripting
YaPiG 0.9x - view.php Cross-Site Scripting source: https://www.securityfocus.com/bid/13875/info YaPiG is prone to a cross-site scripting vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input. An attacker may leverage this issue to have arbitrary...
[SA12858] YaPiG comments Cross-Site Scripting Vulnerability
TITLE: YaPiG comments Cross-Site Scripting Vulnerability SECUNIA ADVISORY ID: SA12858 VERIFY ADVISORY: http://secunia.com/advisories/12858/ CRITICAL: Less critical IMPACT: Cross Site Scripting WHERE: From remote SOFTWARE: YaPiG 0.x http://secunia.com/product/3795/ DESCRIPTION: A vulnerability has...
YaPiG 0.92 - Remote Server-Side Script Execution
YaPiG 0.92 - Remote Server-Side Script Execution source: https://www.securityfocus.com/bid/10891/info A vulnerability is reported to exist in YaPiG that may allow a remote attacker to execute malicious scripts on a vulnerable system. This issue exists due to a lack if sanitization of user-supplie...
YaPiG 0.92 - Remote Server-Side Script Execution
source: https://www.securityfocus.com/bid/10891/info A vulnerability is reported to exist in YaPiG that may allow a remote attacker to execute malicious scripts on a vulnerable system. This issue exists due to a lack if sanitization of user-supplied data. It is reported that an attacker may be ab...