Show filters
67 Total Results
Displaying 41-50 of 67
Sort by:
Attacker Value
Unknown

CVE-2007-0122

Disclosure Date: January 09, 2007 (last updated October 04, 2023)
Multiple SQL injection vulnerabilities in Coppermine Photo Gallery 1.4.10 and earlier allow remote authenticated administrators to execute arbitrary SQL commands via (1) the cat parameter to albmgr.php, and possibly (2) the gid parameter to usermgr.php; (3) the start parameter to db_ecard.php; and the albumid parameter to unspecified files, related to the (4) filename_to_title and (5) del_titles functions.
0
0
Attacker Value
Unknown

CVE-2006-6354

Disclosure Date: December 07, 2006 (last updated October 04, 2023)
Multiple SQL injection vulnerabilities in detail.asp in DuWare DuNews allow remote attackers to execute arbitrary SQL commands via the (1) iNews, (2) iType, or (3) Action parameter. NOTE: the iType parameter in type.asp is covered by CVE-2005-3976.
0
0
Attacker Value
Unknown

CVE-2006-6247

Disclosure Date: December 04, 2006 (last updated October 04, 2023)
Multiple SQL injection vulnerabilities in Uapplication UPhotoGallery 1.1 allow remote attackers to execute arbitrary SQL commands via the ci parameter to (1) slideshow.asp or (2) thumbnails.asp.
0
0
Attacker Value
Unknown

CVE-2006-6273

Disclosure Date: December 04, 2006 (last updated October 04, 2023)
sp_index.php in Simple PHP Gallery 1.1 allows remote attackers to obtain sensitive information via an invalid dir parameter, which reveals the path in an error message.
0
0
Attacker Value
Unknown

CVE-2006-6272

Disclosure Date: December 04, 2006 (last updated October 04, 2023)
Cross-site scripting (XSS) vulnerability in sp_index.php in Simple PHP Gallery 1.1 allows remote attackers to inject arbitrary web script or HTML via the dir parameter.
0
0
Attacker Value
Unknown

CVE-2006-3476

Disclosure Date: July 10, 2006 (last updated October 04, 2023)
Cross-site scripting (XSS) vulnerability in comments.php in PhpWebGallery 1.5.2 and earlier, and possibly 1.6.0, allows remote attackers to inject arbitrary web script or HTML via the keyword parameter.
0
0
Attacker Value
Unknown

CVE-2006-2514

Disclosure Date: May 22, 2006 (last updated October 04, 2023)
Coppermine galleries before 1.4.6, when running on Apache with mod_mime installed, allows remote attackers to upload arbitrary files via a filename with multiple file extensions.
0
0
Attacker Value
Unknown

CVE-2006-2001

Disclosure Date: April 25, 2006 (last updated October 04, 2023)
Cross-site scripting (XSS) vulnerability in index.php in Scry Gallery 1.1 allows remote attackers to inject arbitrary web script or HTML via the p parameter. NOTE: this is a different vulnerability than the directory traversal vector.
0
0
Attacker Value
Unknown

CVE-2006-1995

Disclosure Date: April 25, 2006 (last updated October 04, 2023)
Directory traversal vulnerability in index.php in Scry Gallery 1.1 allows remote attackers to read arbitrary files via ".." sequences in the p parameter, which is not properly sanitized due to an rtrim function call with the arguments in the wrong order.
0
0
Attacker Value
Unknown

CVE-2006-1996

Disclosure Date: April 25, 2006 (last updated October 04, 2023)
Scry Gallery 1.1 allows remote attackers to obtain sensitive information via an invalid p parameter, which reveals the path in an error message.
0
0
View More Topics  < Previous  Next >