CVE-2007-4977 – Coppermine Photo Gallery 1.4.12 - 'referer' Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2007-4977
Cross-site scripting (XSS) vulnerability in mode.php in Coppermine Photo Gallery (CPG) 1.4.12 and earlier allows remote attackers to inject arbitrary web script or HTML via the referer parameter. Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en mode.php de Coppermine Photo Gallery (CPG) 1.4.12 y anteriores permite a atacantes remotos inyectar secuencias de comandos web o HTML de su elección mediante el parámetro referer. • https://www.exploit-db.com/exploits/30594 http://coppermine-gallery.net/forum/index.php?topic=46847.0 http://osvdb.org/37100 http://secunia.com/advisories/26843 http://securityreason.com/securityalert/3152 http://www.securityfocus.com/archive/1/479757/100/0/threaded http://www.securityfocus.com/bid/25698 http://www.securitytracker.com/id?1018704 http://www.vupen.com/english/advisories/2007/3194 https://exchange.xforce.ibmcloud.com/vulnerabilities/36659 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2007-4283 – Coppermine Photo Gallery 1.3/1.4 - 'YABBSE.INC.php' Remote File Inclusion
https://notcve.org/view.php?id=CVE-2007-4283
PHP remote file inclusion vulnerability in bridge/yabbse.inc.php in Coppermine Photo Gallery (CPG) 1.3.1 allows remote attackers to execute arbitrary PHP code via a URL in the sourcedir parameter. Vulnerabilidad de inclusión remota de archivo en PHP en bridge/yabbse.inc.php de Coppermine Photo Gallery (CPG) 1.3.1 permite a atacantes remotos ejecutar código PHP de su elección mediante una URL en el parámetro sourcedir. • https://www.exploit-db.com/exploits/30463 http://osvdb.org/38710 http://securityreason.com/securityalert/2989 http://www.securityfocus.com/archive/1/475866/100/0/threaded http://www.securityfocus.com/archive/1/476015/100/0/threaded http://www.securityfocus.com/bid/25243 https://exchange.xforce.ibmcloud.com/vulnerabilities/35884 •
CVE-2007-3558 – Coppermine Photo Gallery 1.4.10 - 'xpl.php' SQL Injection
https://notcve.org/view.php?id=CVE-2007-3558
SQL injection vulnerability in Coppermine Photo Gallery (CPG) before 1.4.11 allows remote attackers to execute arbitrary SQL commands via an album password cookie to an unspecified component. Vulnerabilidad de inyección SQL en Coppermine Photo Gallery (CPG) anterior a 1.4.11 permite a atacantes remotos ejecutar comandos SQL de su elección mediante una cookie de contraseña de álbum para un componente no especificado. • https://www.exploit-db.com/exploits/3085 http://coppermine-gallery.net/forum/index.php?topic=44845.0 http://secunia.com/advisories/25846 http://www.securityfocus.com/bid/24710 •
CVE-2007-1414
https://notcve.org/view.php?id=CVE-2007-1414
Multiple PHP remote file inclusion vulnerabilities in Coppermine Photo Gallery (CPG) allow remote attackers to execute arbitrary PHP code via a URL in the (1) cmd parameter to (a) image_processor.php or (b) picmgmt.inc.php, or the (2) path parameter to (c) include/functions.php, (d) include/plugin_api.inc.php, (e) index.php, or (f) pluginmgr.php. Múltiples vulnerabilidades de inclusión remota de archivo en PHP en Coppermine Photo Gallery (CPG) permiten a atacantes remotos ejecutar código PHP de su elección mediante una URL en el parámetro (1) cmd de (a) image_processor.php or (b) picmgmt.inc.php, o el parámetro (2) path de (c)include/functions.php, (d) include/plugin_api.inc.php, (e) index.php, o (f) pluginmgr.php. • http://securityreason.com/securityalert/2416 http://www.osvdb.org/35065 http://www.osvdb.org/35066 http://www.osvdb.org/35067 http://www.osvdb.org/35068 http://www.osvdb.org/35069 http://www.osvdb.org/35070 http://www.securityfocus.com/archive/1/462322/100/0/threaded http://www.securityfocus.com/archive/1/463532/100/0/threaded http://www.securityfocus.com/bid/22896 https://exchange.xforce.ibmcloud.com/vulnerabilities/32894 •
CVE-2007-1107 – Coppermine Photo Gallery 1.3.x - Blind SQL Injection
https://notcve.org/view.php?id=CVE-2007-1107
SQL injection vulnerability in thumbnails.php in Coppermine Photo Gallery (CPG) 1.3.x allows remote authenticated users to execute arbitrary SQL commands via a cpg131_fav cookie. NOTE: it was later reported that 1.4.10, 1.4.14, and other 1.4.x versions are also affected using similar cookies. Vulnerabilidad de inyección SQL en thumbnails.php en Coppermine Photo Gallery (CPG) 1.3.x permite a usuarios autenticados remotos ejecutar comandos SQL de su elección mediante una cookie cpg131_fav. • https://www.exploit-db.com/exploits/3371 http://osvdb.org/33133 http://securityreason.com/securityalert/2297 http://www.securityfocus.com/archive/1/461158/100/0/threaded http://www.securityfocus.com/bid/22709 http://www.securityfocus.com/bid/27372 https://exchange.xforce.ibmcloud.com/vulnerabilities/32688 https://exchange.xforce.ibmcloud.com/vulnerabilities/39806 https://www.exploit-db.com/exploits/4950 https://www.exploit-db.com/exploits/4961 •