CVSS: 5.1EPSS: 9%CPEs: 1EXPL: 3CVE-2006-3676
https://notcve.org/view.php?id=CVE-2006-3676
admin/gallery_admin.php in planetGallery before 14.07.2006 allows remote attackers to execute arbitrary PHP code by uploading files with a double extension and directly accessing the file in the images directory, which bypasses a regular expression check for safe file types. admin/gallery_admin.php en planetGallery anterior a 14.07.2006 permite a atacantes remotos ejecutar código PHP de su elección a través de la actualización de archivos con una doble extensión y accedidos directamente en el directorio de imágenes, lo caul evita la validación de expresiones regulares para tipos seguros de archivos. • http://archives.neohapsis.com/archives/fulldisclosure/2006-07/0434.html http://secunia.com/advisories/21099 http://securityreason.com/securityalert/1268 http://www.osvdb.org/27417 http://www.redteam-pentesting.de/advisories/rt-sa-2006-006.txt http://www.securityfocus.com/archive/1/440643/100/0/threaded http://www.securityfocus.com/bid/19091 https://exchange.xforce.ibmcloud.com/vulnerabilities/27858 •
CVSS: 10.0EPSS: 1%CPEs: 1EXPL: 1CVE-2006-3553
https://notcve.org/view.php?id=CVE-2006-3553
PlaNet Concept planetNews allows remote attackers to bypass authentication and execute arbitrary code via a direct request to news/admin/planetnews.php. PlaNet Concept planetNews permite a atacantes remotos evitar la autenticació y ejecutar código de su elección medainte una petición directa de news/admin/planetnews.php. • http://securityreason.com/securityalert/1222 http://securitytracker.com/id?1016385 http://www.securityfocus.com/archive/1/438344/100/100/threaded https://exchange.xforce.ibmcloud.com/vulnerabilities/27419 •
CVSS: 7.5EPSS: 1%CPEs: 1EXPL: 0CVE-2006-2338
https://notcve.org/view.php?id=CVE-2006-2338
PlaNet Concept plaNetStat 20050127 allows remote attackers to gain administrative privileges, and view and configure log files, via a direct request to the (1) admin.php or (2) settings.php page. • http://securityreason.com/securityalert/874 http://www.securityfocus.com/archive/1/433372/100/0/threaded https://exchange.xforce.ibmcloud.com/vulnerabilities/26436 •
CVSS: 7.5EPSS: 4%CPEs: 1EXPL: 2CVE-2006-2116 – PlanetGallery - 'Gallery_admin.php' Authentication Bypass
https://notcve.org/view.php?id=CVE-2006-2116
planetGallery allows remote attackers to gain administrator privileges via a direct request to admin/gallery_admin.php. • https://www.exploit-db.com/exploits/27784 http://securityreason.com/securityalert/825 http://www.planetc.de/download/planetgallery/planetgallery.html http://www.securityfocus.com/archive/1/432576/100/0/threaded http://www.securityfocus.com/bid/17753 •
CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 2CVE-2006-1801 – PlanetSearch + - 'Planetsearchplus.php' Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2006-1801
Cross-site scripting (XSS) vulnerability in planetsearchplus.php in planetSearch+ allows remote attackers to inject arbitrary web script or HTML via the search_exp parameter. • https://www.exploit-db.com/exploits/27644 http://d4igoro.blogspot.com/2006/04/planetsearch-xss-vulnerabilities.html http://secunia.com/advisories/19681 http://www.securityfocus.com/archive/1/431033/100/0/threaded http://www.securityfocus.com/bid/17527 http://www.vupen.com/english/advisories/2006/1368 https://exchange.xforce.ibmcloud.com/vulnerabilities/25832 •