Show filters
44 Total Results
Displaying 21-30 of 44
Sort by:
Attacker Value
Unknown

CVE-2006-6937

Disclosure Date: January 17, 2007 (last updated October 04, 2023)
SQL injection vulnerability in displaypic.asp in Xtreme ASP Photo Gallery allows remote attackers to inject arbitrary SQL commands via the sortorder parameter.
0
0
Attacker Value
Unknown

CVE-2006-6936

Disclosure Date: January 17, 2007 (last updated October 04, 2023)
Cross-site scripting (XSS) vulnerability in Xtreme ASP Photo Gallery allows remote attackers to inject arbitrary HTML or web script via (1) the catname parameter to displaypic.asp or (2) the search field. NOTE: vector 1 likely overlaps CVE-2006-3032.
0
0
Attacker Value
Unknown

CVE-2006-6370

Disclosure Date: December 07, 2006 (last updated October 04, 2023)
SQL injection vulnerability in forum/modules/gallery/post.php in Invision Gallery 2.0.7 allows remote attackers to cause a denial of service and possibly have other impacts, as demonstrated using a "SELECT BENCHMARK" statement in the img parameter in a doaddcomment operation in index.php.
0
0
Attacker Value
Unknown

CVE-2006-5598

Disclosure Date: October 28, 2006 (last updated October 04, 2023)
Cross-site scripting (XSS) vulnerability in index.php for GOOP Gallery 2.0, and possibly other versions before 2.0.3, allows remote attackers to inject arbitrary HTML or web script via the image parameter.
0
0
Attacker Value
Unknown

CVE-2006-5532

Disclosure Date: October 26, 2006 (last updated October 04, 2023)
Cross-site scripting (XSS) vulnerability in rmgs/images.php in RMSOFT Gallery System 2.0 allows remote attackers to inject arbitrary web script or HTML via the kw parameter. NOTE: some of these details are obtained from third party information.
0
0
Attacker Value
Unknown

CVE-2006-5188

Disclosure Date: October 10, 2006 (last updated October 04, 2023)
Directory traversal vulnerability in download.php in webGENEius GOOP Gallery 2.0.2 allows remote attackers to read or list data from certain files or directories via unspecified vectors.
0
0
Attacker Value
Unknown

CVE-2006-5206

Disclosure Date: October 10, 2006 (last updated October 04, 2023)
SQL injection vulnerability in Invision Gallery 2.0.7 allows remote attackers to execute arbitrary SQL commands via the album parameter in (1) index.php and (2) forum/index.php, when the rate command in the gallery automodule is used.
0
0
Attacker Value
Unknown

CVE-2006-5205

Disclosure Date: October 10, 2006 (last updated October 04, 2023)
Directory traversal vulnerability in Invision Gallery 2.0.7 allows remote attackers to read arbitrary files via a .. (dot dot) sequence in the dir parameter in (1) index.php and (2) forum/index.php, when the viewimage command in the gallery module is used.
0
0
Attacker Value
Unknown

CVE-2006-3032

Disclosure Date: June 15, 2006 (last updated October 04, 2023)
Multiple cross-site scripting (XSS) vulnerabilities in Xtreme ASP Photo Gallery 1.05 and earlier, and possibly 2.0 (trial), allow remote attackers to inject arbitrary web script or HTML via the (1) catname and (2) total parameters in (a) displaypic.asp, and the (3) catname parameter in (b) displaythumbs.asp.
0
0
Attacker Value
Unknown

CVE-2006-2202

Disclosure Date: May 04, 2006 (last updated October 04, 2023)
SQL injection vulnerability in post.php in Invision Gallery 2.0.6 allows remote attackers to execute arbitrary SQL commands via the album parameter.
0
0
View More Topics  < Previous  Next >