CVE-2006-0872
https://notcve.org/view.php?id=CVE-2006-0872
Directory traversal vulnerability in init.inc.php in Coppermine Photo Gallery 1.4.3 and earlier allows remote attackers to include arbitrary files via a .. (dot dot) sequence and trailing NULL (%00) byte in the lang parameter. • http://coppermine-gallery.net/forum/index.php?topic=28062.0 http://retrogod.altervista.org/cpg_143_adv.html http://retrogod.altervista.org/cpg_143_incl_xpl.html http://secunia.com/advisories/18941 http://securitytracker.com/id?1015646 http://www.securityfocus.com/archive/1/425387 http://www.securityfocus.com/bid/16718 http://www.vupen.com/english/advisories/2006/0669 https://exchange.xforce.ibmcloud.com/vulnerabilities/24814 •
CVE-2006-0873
https://notcve.org/view.php?id=CVE-2006-0873
Absolute path traversal vulnerability in docs/showdocs.php in Coppermine Photo Gallery 1.4.3 and earlier allows remote attackers to include arbitrary files via the f parameter, and possibly remote files using UNC share pathnames. • http://coppermine-gallery.net/forum/index.php?topic=28062.0 http://retrogod.altervista.org/cpg_143_adv.html http://secunia.com/advisories/18941 http://securitytracker.com/id?1015646 http://www.securityfocus.com/archive/1/425387 http://www.securityfocus.com/bid/16718 http://www.vupen.com/english/advisories/2006/0669 https://exchange.xforce.ibmcloud.com/vulnerabilities/24816 •
CVE-2005-3979
https://notcve.org/view.php?id=CVE-2005-3979
relocate_server.php in Coppermine Photo Gallery (CPG) 1.4.2 and 1.4 beta is not removed after installation and does not use authentication, which allows remote attackers to obtain sensitive information, such as database configuration, via a direct request. relocate_server.php en Coppermine Photo Gallery (CPG) 1.4.2 y 1.4 beta no se elimina después de la instalación y no usa autenticación, lo que permite a atacantes remotos obtener información sensible, como la configuración de la base de datos, a través de una petición directa. • http://coppermine-gallery.net/forum/index.php?topic=24217.0 http://secunia.com/advisories/17855 http://www.vupen.com/english/advisories/2005/2698 • CWE-287: Improper Authentication •
CVE-2005-2676
https://notcve.org/view.php?id=CVE-2005-2676
Cross-site scripting (XSS) vulnerability in displayimage.php in Coppermine Photo Gallery before 1.3.4 allows remote attackers to inject arbitrary web script or HTML via EXIF data. • http://coppermine-gallery.net/forum/index.php?topic=20933.0 http://secunia.com/advisories/16499 http://securitytracker.com/id?1014799 http://www.securityfocus.com/bid/14625 •
CVE-2005-1225
https://notcve.org/view.php?id=CVE-2005-1225
SQL injection vulnerability in Coppermine Photo Gallery 1.3.2 allows remote attackers to execute arbitrary SQL commands via the favs parameter to (1) init.inc.php or (2) zipdownload.php. • http://marc.info/?l=bugtraq&m=111402186304179&w=2 http://secunia.com/advisories/15004 http://www.waraxe.us/advisory-42.html https://exchange.xforce.ibmcloud.com/vulnerabilities/20205 •