CVSS: 4.3EPSS: 0%CPEs: 58EXPL: 0CVE-2011-2476
https://notcve.org/view.php?id=CVE-2011-2476
Cross-site scripting (XSS) vulnerability in Coppermine Photo Gallery (CPG) before 1.5.12 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2010-4667. Vulnerabilidad de ejecución de secuencias de comandos en sitios cruzados (XSS) en Coppermine Photo Gallery (CPG), antes de v1.5.12 permite a atacantes remotos inyectar secuencias de comandos web o HTML a través de vectores no especificados, una vulnerabilidad diferente de CVE-2010-4667 • http://forum.coppermine-gallery.net/index.php/topic%2C69495.0.html http://sourceforge.net/news/?group_id=89658 http://www.openwall.com/lists/oss-security/2011/06/08/2 http://www.openwall.com/lists/oss-security/2011/06/08/6 https://exchange.xforce.ibmcloud.com/vulnerabilities/68058 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 4.3EPSS: 6%CPEs: 57EXPL: 5CVE-2010-4693 – Coppermine Photo Gallery 1.5.10 - 'help.php' Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2010-4693
Multiple cross-site scripting (XSS) vulnerabilities in Coppermine Photo Gallery 1.5.10 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) h and (2) t parameters to help.php, or (3) picfile_XXX parameter to searchnew.php. Múltiples vulnerabilidades de de secuencias de comandos en sitios cruzados (XSS) en Coppermine Photo Gallery 1.5.10 y versiones anteriores. Permiten a atacantes remotos inyectar codigo de script web o código HTML de su elección a través de los parámetros (1) h y (2) t de help.php, o el parámetro (3) picfile_XXX de searchnew.php. • https://www.exploit-db.com/exploits/35156 https://www.exploit-db.com/exploits/35157 http://secunia.com/advisories/42751 http://www.osvdb.org/70173 http://www.osvdb.org/70174 http://www.securityfocus.com/archive/1/515479/100/0/threaded http://www.securityfocus.com/bid/45600 http://www.waraxe.us/advisory-79.html https://exchange.xforce.ibmcloud.com/vulnerabilities/64344 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.0EPSS: 0%CPEs: 1EXPL: 1CVE-2008-7186
https://notcve.org/view.php?id=CVE-2008-7186
Coppermine Photo Gallery (CPG) 1.4.14 does not restrict access to update.php, which allows remote attackers to obtain sensitive information such as the database table prefix via a direct request. NOTE: this might be leveraged for attacks against CVE-2008-0504. Coppermine Photo Gallery (CPG) v1.4.14 no restringe el acceso a update.php, lo que permite a atacantes remotos obtener información sensible como el prefijo de la tabla de la base de datos a través de una petición directa. NOTA: esto podría ser aprovechado para ataques contra CVE-2008-0504. • http://www.securityfocus.com/archive/1/487351/100/200/threaded http://www.securitytracker.com/id?1019285 http://www.vupen.com/english/advisories/2008/0367 http://www.waraxe.us/advisory-66.html • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 5.0EPSS: 0%CPEs: 1EXPL: 1CVE-2008-7187
https://notcve.org/view.php?id=CVE-2008-7187
Coppermine Photo Gallery (CPG) 1.4.14 allows remote attackers to obtain sensitive information via a direct request to include/slideshow.inc.php, which leaks the installation path in an error message. Coppermine Photo Gallery (CPG) v1.4.14, permite a atacantes remoto obtener información sensible a través de una petición directa a include/slideshow.inc.php, filtrando el directorio de instalación en un mensaje de error. • http://www.securityfocus.com/archive/1/487351/100/200/threaded http://www.securitytracker.com/id?1019285 http://www.vupen.com/english/advisories/2008/0367 http://www.waraxe.us/advisory-66.html • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 7.5EPSS: 1%CPEs: 31EXPL: 1CVE-2008-3486 – Coppermine Photo Gallery 1.4.18 - Local File Inclusion / Remote Code Execution
https://notcve.org/view.php?id=CVE-2008-3486
Directory traversal vulnerability in the user_get_profile function in include/functions.inc.php in Coppermine Photo Gallery (CPG) 1.4.18 and earlier, when the charset is utf-8, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the lang part of serialized data in an _data cookie. Vulnerabilidad de salto de directorio en la función user_get_profile de include/functions.inc.php en Coppermine Photo Gallery (CPG) 1.4.18 y versiones anteriores, cuando el conjunto de caracteres es utf-8, permite a atacantes remotos incluir y ejecutar ficheros locales de su elección a través de .. (punto punto) en la parte lang de series de datos en una cookie an_data. • https://www.exploit-db.com/exploits/6178 http://secunia.com/advisories/31295 http://securityreason.com/securityalert/4108 http://www.securityfocus.com/bid/30480 https://exchange.xforce.ibmcloud.com/vulnerabilities/44133 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •