Page 3 of 53 results (0.019 seconds)

CVSS: 4.3EPSS: 0%CPEs: 58EXPL: 0

Cross-site scripting (XSS) vulnerability in Coppermine Photo Gallery (CPG) before 1.5.12 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2010-4667. Vulnerabilidad de ejecución de secuencias de comandos en sitios cruzados (XSS) en Coppermine Photo Gallery (CPG), antes de v1.5.12 permite a atacantes remotos inyectar secuencias de comandos web o HTML a través de vectores no especificados, una vulnerabilidad diferente de CVE-2010-4667 • http://forum.coppermine-gallery.net/index.php/topic%2C69495.0.html http://sourceforge.net/news/?group_id=89658 http://www.openwall.com/lists/oss-security/2011/06/08/2 http://www.openwall.com/lists/oss-security/2011/06/08/6 https://exchange.xforce.ibmcloud.com/vulnerabilities/68058 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 4.3EPSS: 6%CPEs: 57EXPL: 5

Multiple cross-site scripting (XSS) vulnerabilities in Coppermine Photo Gallery 1.5.10 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) h and (2) t parameters to help.php, or (3) picfile_XXX parameter to searchnew.php. Múltiples vulnerabilidades de de secuencias de comandos en sitios cruzados (XSS) en Coppermine Photo Gallery 1.5.10 y versiones anteriores. Permiten a atacantes remotos inyectar codigo de script web o código HTML de su elección a través de los parámetros (1) h y (2) t de help.php, o el parámetro (3) picfile_XXX de searchnew.php. • https://www.exploit-db.com/exploits/35156 https://www.exploit-db.com/exploits/35157 http://secunia.com/advisories/42751 http://www.osvdb.org/70173 http://www.osvdb.org/70174 http://www.securityfocus.com/archive/1/515479/100/0/threaded http://www.securityfocus.com/bid/45600 http://www.waraxe.us/advisory-79.html https://exchange.xforce.ibmcloud.com/vulnerabilities/64344 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 5.0EPSS: 0%CPEs: 1EXPL: 1

Coppermine Photo Gallery (CPG) 1.4.14 does not restrict access to update.php, which allows remote attackers to obtain sensitive information such as the database table prefix via a direct request. NOTE: this might be leveraged for attacks against CVE-2008-0504. Coppermine Photo Gallery (CPG) v1.4.14 no restringe el acceso a update.php, lo que permite a atacantes remotos obtener información sensible como el prefijo de la tabla de la base de datos a través de una petición directa. NOTA: esto podría ser aprovechado para ataques contra CVE-2008-0504. • http://www.securityfocus.com/archive/1/487351/100/200/threaded http://www.securitytracker.com/id?1019285 http://www.vupen.com/english/advisories/2008/0367 http://www.waraxe.us/advisory-66.html • CWE-264: Permissions, Privileges, and Access Controls •

CVSS: 5.0EPSS: 0%CPEs: 1EXPL: 1

Coppermine Photo Gallery (CPG) 1.4.14 allows remote attackers to obtain sensitive information via a direct request to include/slideshow.inc.php, which leaks the installation path in an error message. Coppermine Photo Gallery (CPG) v1.4.14, permite a atacantes remoto obtener información sensible a través de una petición directa a include/slideshow.inc.php, filtrando el directorio de instalación en un mensaje de error. • http://www.securityfocus.com/archive/1/487351/100/200/threaded http://www.securitytracker.com/id?1019285 http://www.vupen.com/english/advisories/2008/0367 http://www.waraxe.us/advisory-66.html • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •

CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 2

Cross-site scripting (XSS) vulnerability in docs/showdoc.php in Coppermine Photo Gallery (CPG) before 1.4.22 allows remote attackers to inject arbitrary web script or HTML via the css parameter, a different vector than CVE-2008-0505. Una vulnerabilidad de ejecución de secuencias de comandos en sitios cruzados (XSS) en el fichero docs/showdoc.php de Coppermine Photo Gallery (CPG), antes de la versión 1.4.22 permite a atacantes remotos inyectar HTML o scripts web arbitrarios a través del parámetro css. Se trata de un vector diferente que CVE-2008-0505. • https://www.exploit-db.com/exploits/32963 http://forum.coppermine-gallery.net/index.php/topic%2C59237.0.html http://forum.coppermine-gallery.net/index.php/topic%2C59247.0.html http://osvdb.org/54145 http://secunia.com/advisories/34961 http://www.securityfocus.com/bid/34782 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •