CVE-2007-5888
https://notcve.org/view.php?id=CVE-2007-5888
Cross-site scripting (XSS) vulnerability in displayecard.php in Coppermine Photo Gallery (CPG) before 1.4.14 allows remote attackers to inject arbitrary web script or HTML via the data parameter. Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en displayecard.php de Coppermine Photo Gallery (CPG) anterior a 1.4.14 permite a atacantes remotos inyectar secuencias de comandos web o HTML de su elección mediante el parámetro data. • http://coppermine-gallery.net/forum/index.php?topic=48106.0 http://osvdb.org/38420 http://secunia.com/advisories/27534 http://www.securityfocus.com/bid/26357 https://exchange.xforce.ibmcloud.com/vulnerabilities/38290 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2007-4976 – Coppermine Photo Gallery 1.4.12 - 'log' Local File Inclusion
https://notcve.org/view.php?id=CVE-2007-4976
Directory traversal vulnerability in viewlog.php in Coppermine Photo Gallery (CPG) 1.4.12 and earlier allows remote authenticated administrators to include and execute arbitrary local files via a .. (dot dot) in the log parameter. Vulnerabilidad de salto de directorio en viewlog.php de Coppermine Photo Gallery (CPG) 1.4.12 y anteriores permite a administradores remotos autenticados incluir y ejecutar ficheros locales mediante secuencias .. (punto punto) en el parámetro log. • https://www.exploit-db.com/exploits/30595 http://coppermine-gallery.net/forum/index.php?topic=46847.0 http://osvdb.org/37101 http://secunia.com/advisories/26843 http://securityreason.com/securityalert/3152 http://www.securityfocus.com/archive/1/479757/100/0/threaded http://www.securityfocus.com/bid/25698 http://www.securitytracker.com/id?1018704 http://www.vupen.com/english/advisories/2007/3194 https://exchange.xforce.ibmcloud.com/vulnerabilities/36660 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVE-2007-4977 – Coppermine Photo Gallery 1.4.12 - 'referer' Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2007-4977
Cross-site scripting (XSS) vulnerability in mode.php in Coppermine Photo Gallery (CPG) 1.4.12 and earlier allows remote attackers to inject arbitrary web script or HTML via the referer parameter. Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en mode.php de Coppermine Photo Gallery (CPG) 1.4.12 y anteriores permite a atacantes remotos inyectar secuencias de comandos web o HTML de su elección mediante el parámetro referer. • https://www.exploit-db.com/exploits/30594 http://coppermine-gallery.net/forum/index.php?topic=46847.0 http://osvdb.org/37100 http://secunia.com/advisories/26843 http://securityreason.com/securityalert/3152 http://www.securityfocus.com/archive/1/479757/100/0/threaded http://www.securityfocus.com/bid/25698 http://www.securitytracker.com/id?1018704 http://www.vupen.com/english/advisories/2007/3194 https://exchange.xforce.ibmcloud.com/vulnerabilities/36659 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2007-4283 – Coppermine Photo Gallery 1.3/1.4 - 'YABBSE.INC.php' Remote File Inclusion
https://notcve.org/view.php?id=CVE-2007-4283
PHP remote file inclusion vulnerability in bridge/yabbse.inc.php in Coppermine Photo Gallery (CPG) 1.3.1 allows remote attackers to execute arbitrary PHP code via a URL in the sourcedir parameter. Vulnerabilidad de inclusión remota de archivo en PHP en bridge/yabbse.inc.php de Coppermine Photo Gallery (CPG) 1.3.1 permite a atacantes remotos ejecutar código PHP de su elección mediante una URL en el parámetro sourcedir. • https://www.exploit-db.com/exploits/30463 http://osvdb.org/38710 http://securityreason.com/securityalert/2989 http://www.securityfocus.com/archive/1/475866/100/0/threaded http://www.securityfocus.com/archive/1/476015/100/0/threaded http://www.securityfocus.com/bid/25243 https://exchange.xforce.ibmcloud.com/vulnerabilities/35884 •
CVE-2007-3558 – Coppermine Photo Gallery 1.4.10 - 'xpl.php' SQL Injection
https://notcve.org/view.php?id=CVE-2007-3558
SQL injection vulnerability in Coppermine Photo Gallery (CPG) before 1.4.11 allows remote attackers to execute arbitrary SQL commands via an album password cookie to an unspecified component. Vulnerabilidad de inyección SQL en Coppermine Photo Gallery (CPG) anterior a 1.4.11 permite a atacantes remotos ejecutar comandos SQL de su elección mediante una cookie de contraseña de álbum para un componente no especificado. • https://www.exploit-db.com/exploits/3085 http://coppermine-gallery.net/forum/index.php?topic=44845.0 http://secunia.com/advisories/25846 http://www.securityfocus.com/bid/24710 •