Page 8 of 50 results (0.012 seconds)

CVSS: 7.5EPSS: 0%CPEs: 14EXPL: 0

Coppermine galleries before 1.4.6, when running on Apache with mod_mime installed, allows remote attackers to upload arbitrary files via a filename with multiple file extensions. • http://secunia.com/advisories/20211 http://sourceforge.net/project/shownotes.php?group_id=89658&release_id=418266 http://www.vupen.com/english/advisories/2006/1892 https://exchange.xforce.ibmcloud.com/vulnerabilities/26588 •

CVSS: 5.0EPSS: 1%CPEs: 1EXPL: 2

Directory traversal vulnerability in index.php in Coppermine 1.4.4 allows remote attackers to read arbitrary files via a .//./ (modified dot dot slash) in the file parameter, which causes a regular expression to collapse the sequences into standard "../" sequences. • https://www.exploit-db.com/exploits/27669 http://myimei.com/security/2006-04-14/copperminephotogallery144-plugininclusionsystemindexphp-remotefileinclusion-attack.html http://secunia.com/advisories/19665 http://www.securityfocus.com/archive/1/431062 http://www.securityfocus.com/archive/1/431118/30/0/threaded http://www.securityfocus.com/bid/17570 http://www.vupen.com/english/advisories/2006/1392 https://exchange.xforce.ibmcloud.com/vulnerabilities/25866 •

CVSS: 5.0EPSS: 0%CPEs: 1EXPL: 3

Directory traversal vulnerability in init.inc.php in Coppermine Photo Gallery 1.4.3 and earlier allows remote attackers to include arbitrary files via a .. (dot dot) sequence and trailing NULL (%00) byte in the lang parameter. • http://coppermine-gallery.net/forum/index.php?topic=28062.0 http://retrogod.altervista.org/cpg_143_adv.html http://retrogod.altervista.org/cpg_143_incl_xpl.html http://secunia.com/advisories/18941 http://securitytracker.com/id?1015646 http://www.securityfocus.com/archive/1/425387 http://www.securityfocus.com/bid/16718 http://www.vupen.com/english/advisories/2006/0669 https://exchange.xforce.ibmcloud.com/vulnerabilities/24814 •

CVSS: 5.0EPSS: 1%CPEs: 1EXPL: 2

Absolute path traversal vulnerability in docs/showdocs.php in Coppermine Photo Gallery 1.4.3 and earlier allows remote attackers to include arbitrary files via the f parameter, and possibly remote files using UNC share pathnames. • http://coppermine-gallery.net/forum/index.php?topic=28062.0 http://retrogod.altervista.org/cpg_143_adv.html http://secunia.com/advisories/18941 http://securitytracker.com/id?1015646 http://www.securityfocus.com/archive/1/425387 http://www.securityfocus.com/bid/16718 http://www.vupen.com/english/advisories/2006/0669 https://exchange.xforce.ibmcloud.com/vulnerabilities/24816 •

CVSS: 5.0EPSS: 0%CPEs: 2EXPL: 0

relocate_server.php in Coppermine Photo Gallery (CPG) 1.4.2 and 1.4 beta is not removed after installation and does not use authentication, which allows remote attackers to obtain sensitive information, such as database configuration, via a direct request. relocate_server.php en Coppermine Photo Gallery (CPG) 1.4.2 y 1.4 beta no se elimina después de la instalación y no usa autenticación, lo que permite a atacantes remotos obtener información sensible, como la configuración de la base de datos, a través de una petición directa. • http://coppermine-gallery.net/forum/index.php?topic=24217.0 http://secunia.com/advisories/17855 http://www.vupen.com/english/advisories/2005/2698 • CWE-287: Improper Authentication •