CVSS: 6.8EPSS: 1%CPEs: 90EXPL: 1CVE-2008-3555 – Wsn (Multiple Products) - Local File Inclusion / Code Execution
https://notcve.org/view.php?id=CVE-2008-3555
Directory traversal vulnerability in index.php in (1) WSN Forum 4.1.43 and earlier, (2) Gallery 4.1.30 and earlier, (3) Knowledge Base (WSNKB) 4.1.36 and earlier, (4) Links 4.1.44 and earlier, and possibly (5) Classifieds before 4.1.30 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the TID parameter, as demonstrated by uploading a .jpg file containing PHP sequences. Una vulnerabilidad de salto de directorio en el archivo index.php en (1) WSN Forum versión 4.1.43 y anteriores, (2) Gallery versión 4.1.30 y anteriores, (3) Knowledge Base (WSNKB) versión 4.1.36 y anteriores, (4) Links versión 4.1.44 y anteriores, y posiblemente (5) Classifieds anterior a versión 4.1.30, permite a los atacantes remotos incluir y ejecutar archivos locales arbitrarios por medio de un .. (punto punto) en el parámetro TID, como es demostrado mediante la carga de un archivo .jpg que contiene secuencias de PHP. • https://www.exploit-db.com/exploits/6208 http://secunia.com/advisories/31392 http://securityreason.com/securityalert/4120 https://exchange.xforce.ibmcloud.com/vulnerabilities/44236 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 7.5EPSS: 1%CPEs: 31EXPL: 1CVE-2008-3486 – Coppermine Photo Gallery 1.4.18 - Local File Inclusion / Remote Code Execution
https://notcve.org/view.php?id=CVE-2008-3486
Directory traversal vulnerability in the user_get_profile function in include/functions.inc.php in Coppermine Photo Gallery (CPG) 1.4.18 and earlier, when the charset is utf-8, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the lang part of serialized data in an _data cookie. Vulnerabilidad de salto de directorio en la función user_get_profile de include/functions.inc.php en Coppermine Photo Gallery (CPG) 1.4.18 y versiones anteriores, cuando el conjunto de caracteres es utf-8, permite a atacantes remotos incluir y ejecutar ficheros locales de su elección a través de .. (punto punto) en la parte lang de series de datos en una cookie an_data. • https://www.exploit-db.com/exploits/6178 http://secunia.com/advisories/31295 http://securityreason.com/securityalert/4108 http://www.securityfocus.com/bid/30480 https://exchange.xforce.ibmcloud.com/vulnerabilities/44133 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 7.5EPSS: 0%CPEs: 31EXPL: 1CVE-2008-3481 – Coppermine Photo Gallery 1.4.18 - Local File Inclusion / Remote Code Execution
https://notcve.org/view.php?id=CVE-2008-3481
themes/sample/theme.php in Coppermine Photo Gallery (CPG) 1.4.18 and earlier allows remote attackers to obtain sensitive information via a direct request, which reveals the installation path in an error message. themes/sample/theme.php en Coppermine Photo Gallery (CPG) 1.4.18 y versiones anteriores que permite a los atacantes remotos obtener información sensible a través de peticiones directas, que revelan la ruta de instalación en un mensaje de error. • https://www.exploit-db.com/exploits/6178 http://securityreason.com/securityalert/4108 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 5.0EPSS: 0%CPEs: 8EXPL: 0CVE-2008-2723
https://notcve.org/view.php?id=CVE-2008-2723
embed.php in Menalto Gallery before 2.2.5 allows remote attackers to obtain the full path via unknown vectors related to "spoofing the remote address." embed.php de Menalto Gallery versiones anteriores a 2.2.5 permite a atacantes remotos obtener la ruta completa a través de vectores no conocidos relacionados a "suplantación de dirección remota". • http://gallery.menalto.com/gallery_2.2.5_released http://secunia.com/advisories/30650 http://secunia.com/advisories/30826 http://www.securityfocus.com/bid/29681 https://exchange.xforce.ibmcloud.com/vulnerabilities/43028 https://www.redhat.com/archives/fedora-package-announce/2008-June/msg00766.html https://www.redhat.com/archives/fedora-package-announce/2008-June/msg00836.html • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 7.5EPSS: 1%CPEs: 8EXPL: 0CVE-2008-2722
https://notcve.org/view.php?id=CVE-2008-2722
Menalto Gallery before 2.2.5 allows remote attackers to bypass permissions for sub-albums via a ZIP archive. Menalto Gallery anterior a 2.2.5, permite a atacantes remotos evitar permisos para sub-albums a través de un archivo ZIP. • http://gallery.menalto.com/gallery_2.2.5_released http://secunia.com/advisories/30650 http://secunia.com/advisories/30826 http://www.securityfocus.com/bid/29681 https://exchange.xforce.ibmcloud.com/vulnerabilities/43027 https://www.redhat.com/archives/fedora-package-announce/2008-June/msg00766.html https://www.redhat.com/archives/fedora-package-announce/2008-June/msg00836.html • CWE-264: Permissions, Privileges, and Access Controls •