CVE-2008-3511 – Softbiz Image Gallery - 'adminhome.php?msg' Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2008-3511
Multiple cross-site scripting (XSS) vulnerabilities in Softbiz Image Gallery (Photo Gallery) allow remote attackers to inject arbitrary web script or HTML via the (1) latest parameter to (a) index.php, (b) images.php, (c) suggest_image.php, and (d) image_desc.php; and the (2) msg parameter to index.php, images.php, and suggest_image.php, and (e) index.php, (f) adminhome.php, (g) config.php, (h) changepassword.php, (i) cleanup.php, (j) browsecats.php, and (k) images.php in admin/. NOTE: the image_desc.php/msg vector is covered by CVE-2006-1660. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. Múltiples vulnerabilidades de secuencia de comandos en sitios cruzados (XSS) en Softbiz Image Gallery (Photo Gallery) permite a atacantes remotos inyectar web script o HTML a través del parámetro (1) latest en (a) index.php, (b) images.php, (c) suggest_image.php y (d) image_desc.php; y del parámetro (2) msg de index.php, images.php, y suggest_image.php, y (e) index.php, (f) adminhome.php, (g) config.php, (h) changepassword.php, (i) cleanup.php, (j) browsecats.php y (k) images.php in admin/. NOTA: el vector image_desc.php/msg está cubierto por la CVE-2006-1660. • https://www.exploit-db.com/exploits/32174 https://www.exploit-db.com/exploits/32176 https://www.exploit-db.com/exploits/32178 https://www.exploit-db.com/exploits/32175 https://www.exploit-db.com/exploits/32177 https://www.exploit-db.com/exploits/32171 https://www.exploit-db.com/exploits/32173 https://www.exploit-db.com/exploits/32170 https://www.exploit-db.com/exploits/32172 http://www.securityfocus.com/bid/30546 http://www.securityfocus.com/bid/30546/exploit • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2006-1659 – SoftBiz Image Gallery - 'images.php?cid' SQL Injection
https://notcve.org/view.php?id=CVE-2006-1659
Multiple SQL injection vulnerabilities in Softbiz Image Gallery allow remote attackers to execute arbitrary SQL commands via the (1) id parameter in image_desc.php, (2) provided parameter in template.php, (3) cid parameter in suggest_image.php, (4) img_id parameter in insert_rating.php, and (5) cid parameter in images.php. • https://www.exploit-db.com/exploits/27546 https://www.exploit-db.com/exploits/27545 https://www.exploit-db.com/exploits/27542 https://www.exploit-db.com/exploits/27544 https://www.exploit-db.com/exploits/27543 http://secunia.com/advisories/19523 http://www.osvdb.org/24368 http://www.osvdb.org/24369 http://www.osvdb.org/24370 http://www.osvdb.org/24371 http://www.osvdb.org/24372 http://www.securityfocus.com/archive/1/429763/100/0/threaded http:/ •
CVE-2006-1660
https://notcve.org/view.php?id=CVE-2006-1660
Cross-site scripting (XSS) vulnerability in image_desc.php in Softbiz Image Gallery allows remote attackers to inject arbitrary web script or HTML via msg parameter. NOTE: the provenance of this information is unknown; the details are obtained from third party information. • http://secunia.com/advisories/19523 http://www.vupen.com/english/advisories/2006/1217 •