CVSS: 5.0EPSS: 0%CPEs: 61EXPL: 10CVE-2012-1614 – coppermine 1.5.18 - Multiple Vulnerabilities
https://notcve.org/view.php?id=CVE-2012-1614
Coppermine Photo Gallery before 1.5.20 allows remote attackers to obtain sensitive information via (1) a direct request to plugins/visiblehookpoints/index.php, an invalid (2) page or (3) cat parameter to thumbnails.php, an invalid (4) page parameter to usermgr.php, or an invalid (5) newer_than or (6) older_than parameter to search.inc.php, which reveals the installation path in an error message. Coppermine Photo Gallery anterior a v1.5.20 permite a atacantes remotos obtener información sensible a través de (1) una solicitud directa plugins/visiblehookpoints/index.php, una página no válida (2) o (3) los parámetros gato thumbnails.php, un inválido (4) la página de parámetros para usermgr.php, o un inválido (5) newer_than o (6) parámetro older_than a search.inc.php, lo que revela la ruta de instalación en un mensaje de error. • https://www.exploit-db.com/exploits/18680 http://archives.neohapsis.com/archives/bugtraq/2012-03/0167.html http://coppermine.svn.sourceforge.net/viewvc/coppermine/trunk/cpg1.6.x/edit_one_pic.php?r1=8348&r2=8354 http://forum.coppermine-gallery.net/index.php/topic%2C74682.0.html http://osvdb.org/80732 http://osvdb.org/80733 http://osvdb.org/80734 http://osvdb.org/80735 http://packetstormsecurity.org/files/111369/Coppermine-1.5.18-Cross-Site-Scripting-Path-Disclosure.html http • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 4.3EPSS: 0%CPEs: 58EXPL: 0CVE-2011-2476
https://notcve.org/view.php?id=CVE-2011-2476
Cross-site scripting (XSS) vulnerability in Coppermine Photo Gallery (CPG) before 1.5.12 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2010-4667. Vulnerabilidad de ejecución de secuencias de comandos en sitios cruzados (XSS) en Coppermine Photo Gallery (CPG), antes de v1.5.12 permite a atacantes remotos inyectar secuencias de comandos web o HTML a través de vectores no especificados, una vulnerabilidad diferente de CVE-2010-4667 • http://forum.coppermine-gallery.net/index.php/topic%2C69495.0.html http://sourceforge.net/news/?group_id=89658 http://www.openwall.com/lists/oss-security/2011/06/08/2 http://www.openwall.com/lists/oss-security/2011/06/08/6 https://exchange.xforce.ibmcloud.com/vulnerabilities/68058 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 4.3EPSS: 0%CPEs: 49EXPL: 0CVE-2010-4667
https://notcve.org/view.php?id=CVE-2010-4667
Cross-site scripting (XSS) vulnerability in Coppermine Photo Gallery (CPG) before 1.4.27 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Vulnerabilidad de ejecución de secuencias de comandos en sitios cruzados (XSS) en Coppermine Photo Gallery (CPG), antes de v1.4.27 permite a atacantes remotos inyectar secuencias de comandos web o HTML a través de vectores no especificados. • http://bugs.gentoo.org/show_bug.cgi?id=347287 http://forum.coppermine-gallery.net/index.php/topic%2C65023.msg322935.html http://www.openwall.com/lists/oss-security/2011/06/08/2 http://www.openwall.com/lists/oss-security/2011/06/08/6 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 4.3EPSS: 6%CPEs: 57EXPL: 5CVE-2010-4693 – Coppermine Photo Gallery 1.5.10 - 'help.php' Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2010-4693
Multiple cross-site scripting (XSS) vulnerabilities in Coppermine Photo Gallery 1.5.10 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) h and (2) t parameters to help.php, or (3) picfile_XXX parameter to searchnew.php. Múltiples vulnerabilidades de de secuencias de comandos en sitios cruzados (XSS) en Coppermine Photo Gallery 1.5.10 y versiones anteriores. Permiten a atacantes remotos inyectar codigo de script web o código HTML de su elección a través de los parámetros (1) h y (2) t de help.php, o el parámetro (3) picfile_XXX de searchnew.php. • https://www.exploit-db.com/exploits/35156 https://www.exploit-db.com/exploits/35157 http://secunia.com/advisories/42751 http://www.osvdb.org/70173 http://www.osvdb.org/70174 http://www.securityfocus.com/archive/1/515479/100/0/threaded http://www.securityfocus.com/bid/45600 http://www.waraxe.us/advisory-79.html https://exchange.xforce.ibmcloud.com/vulnerabilities/64344 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.5EPSS: 1%CPEs: 31EXPL: 1CVE-2008-3486 – Coppermine Photo Gallery 1.4.18 - Local File Inclusion / Remote Code Execution
https://notcve.org/view.php?id=CVE-2008-3486
Directory traversal vulnerability in the user_get_profile function in include/functions.inc.php in Coppermine Photo Gallery (CPG) 1.4.18 and earlier, when the charset is utf-8, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the lang part of serialized data in an _data cookie. Vulnerabilidad de salto de directorio en la función user_get_profile de include/functions.inc.php en Coppermine Photo Gallery (CPG) 1.4.18 y versiones anteriores, cuando el conjunto de caracteres es utf-8, permite a atacantes remotos incluir y ejecutar ficheros locales de su elección a través de .. (punto punto) en la parte lang de series de datos en una cookie an_data. • https://www.exploit-db.com/exploits/6178 http://secunia.com/advisories/31295 http://securityreason.com/securityalert/4108 http://www.securityfocus.com/bid/30480 https://exchange.xforce.ibmcloud.com/vulnerabilities/44133 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •