Archive

Archive for the ‘Image Galleries’ Category

zenphoto Ajax File Manager Code Injection

December 1st, 2011
Comments Off

Application: zenphoto
Affected Version: version 1.4.1.4 and prior versions.
Vendor’s URL: Ajax File Manager
Bug Type: Code Injection
Risk Level: Critical

Solution:
Update to version 1.4.1.5 or later.

Image Galleries, Remote Command Execution

Ayco Resim Galeri “catid” SQL Injection

September 30th, 2011
Comments Off

Application: Ayco Resim Galeri
Affected Version:
Vendor’s URL: Ayco Resim Galeri
Bug Type: SQL Injection
Risk Level: Critical

Solution:
Edit the source code to ensure that input is properly sanitised.

Image Galleries, SQL Injection

PHP Album Multiple Vulnerabilities

April 27th, 2011
Comments Off

Application: PHP Album
Affected Version: version 0.4.1.14.fix06 and other versions.
Vendor’s URL: PHP Album
Bug Type: Cross Site Scripting and system access
Risk Level: Critical

Solution:
Edit the source code to ensure that input is properly sanitised. Do not browse untrusted sites or follow untrusted links while being logged-in to the application.

Access Bypass, Cross Site Scripting, Image Galleries

TFT Gallery “adminlangfile” Local File Inclusion

November 25th, 2010
Comments Off

Application: TFT Gallery
Affected Version: version 0.13.1
Vendor’s URL: TFT Gallery
Bug Type: File Inclusion
Risk Level: Critical

Solution:
Edit the source code to ensure that input is properly verified.

Content Management, Image Galleries

GaleriaSHQIP “album_id” SQLi

September 30th, 2010
Comments Off

Application: GaleriaSHQIP
Affected Version: version 1.0 and other versions.
Vendor’s URL: GaleriaSHQIP
Bug Type: SQL Injection
Risk Level: Critical

Solution:
Edit the source code to ensure that input is properly sanitised.

Image Galleries, SQL Injection

Coppermine Photo Gallery Multiple Vulnerabilities

May 22nd, 2009
Comments Off

Application: Coppermine Photo Gallery
Affected Version: version 1.4.22 and other versions.
Vendor’s URL: Coppermine Photo Gallery
Bug Type: SQL Injection and System access
Risk Level: Critical

Solution:
Set “magic_quotes_gpc” to “On” and “register_globals” to “Off”.

Access Bypass, Image Galleries, SQL Injection

Coppermine Photo Gallery CSRF

March 27th, 2009
Comments Off

Application: Coppermine
Affected Version: version 1.4.20 and 1.4.21 and other versions.
Vendor’s URL: Coppermine Photo Gallery
Bug Type: Cross Site Scripting
Risk Level: Medium

Solution:
Update to version 1.4.21, which protects from exploitation via bbcode tags. Do not visit untrusted web sites while logged on to the application.

Cross Site Scripting, Image Galleries

Coppermine Photo Gallery Variable Overwrite Vulnerability

February 20th, 2009
Comments Off

Application: Coppermine
Affected Version: version 1.4.19 and other versions.
Vendor’s URL: Photo Gallery
Bug Type: Security Bypass
Risk Level: Critical

Solution:
Update to version 1.4.20.

Access Bypass, Image Galleries

Gallery Cookie Handling Security Bypass

December 24th, 2008
Comments Off

Application: Gallery
Affected Version: Gallery 1.x versions 1.5.8-svn-b34 and later
Vendor’s URL: Gallery
Bug Type: Security Bypass
Risk Level: Critical

Solution:
Update to version 1.5.10.

Access Bypass, Image Galleries

Coppermine Photo Gallery “lang” Local File Inclusion

August 25th, 2008
Comments Off

Application: Coppermine
Affected Version: version 1.4.18 and other versions.
Vendor’s URL: Photo Gallery
Bug Type: File Inclusion
Risk Level: Critical

Solution:
Update to version 1.4.19.

File Inclusion, Image Galleries

Gallery Multiple Vulnerabilities

August 25th, 2008
Comments Off

Application: Gallery
Affected Version: prior to 1.5.8
Vendor’s URL: Gallery
Bug Type:
Risk Level: Security Bypass, Cross Site Scripting

Solution:
Update to version 1.5.8.

Access Bypass, Cross Site Scripting, Image Galleries

Zoph Multiple SQLi

August 25th, 2008
Comments Off

Application: Zoph
Affected Version: prior to 0.7.0.5.
Vendor’s URL: Zoph
Bug Type: SQL Injection
Risk Level: Critical

Solution:
Update to version 0.7.0.5.

Image Galleries, SQL Injection

Gallery XSS and Security Bypass

June 23rd, 2008
Comments Off

Application: Gallery
Affected Version: all 2.x versions before 2.2.5
Vendor’s URL: http://gallery.menalto.com/
Bug Type: Cross Site Scripting and Security Bypass
Risk Level: Medium

Solution:
Update to version 2.2.5. Remove password protection from any non-album items.

Access Bypass, Cross Site Scripting, Image Galleries

PHP Image Gallery XSS

June 23rd, 2008
Comments Off

Application: PHP Image Gallery
Affected Version:
Vendor’s URL: PHP Image Gallery
Bug Type: Cross Site Scripting
Risk Level: Medium

Solution:
Edit the source code to ensure that input is properly sanitized.

Cross Site Scripting, Image Galleries

Galleristic “cat” SQL Injection

May 21st, 2008
Comments Off

Application: Galleristic
Affected Version: version 1.0 and other versions.
Vendor’s URL: Galleristic
Bug Type: SQL Injection
Risk Level: Critical

Solution:
Edit the source code to ensure that input is properly sanitized.

Image Galleries, SQL Injection

Simple Gallery XSS

April 18th, 2008
Comments Off

Application: Simple Gallery
Affected Version: 2.2 and other versions.
Vendor’s URL: Simple Gallery
Bug Type: Cross Site Scripting
Risk Level: Medium

Solution:
Edit the source code to ensure that input is properly sanitized.

Cross Site Scripting, Image Galleries

PHP Photo Gallery SQL Injection

April 18th, 2008
Comments Off

Application: PHP Photo Gallery
Affected Version:
Vendor’s URL: PHP Photo Gallery
Bug Type: SQL Injection
Risk Level: Critical

Solution:
Edit the source code to ensure that input is properly sanitized.

Image Galleries, SQL Injection

Gallery Script Lite Information Disclosure

April 18th, 2008
Comments Off

Application: Gallery Script Lite
Affected Version:
Vendor’s URL: Gallery Script Lite
Bug Type: Information Disclosure
Risk Level: Critical

Solution:
Edit the source code to ensure that input is properly sanitized.

Image Galleries, Information Disclosure

KwsPHP ConcoursPhoto Module SQL Injection

April 18th, 2008
Comments Off

Application: KwsPHP ConcoursPhoto Module
Affected Version: 2.0 and prior version.
Vendor’s URL: KwsPHP ConcoursPhoto Module
Bug Type: SQL Injection
Risk Level: Critical

Solution:
Update to version 2.1.

Image Galleries, SQL Injection

Coppermine Photo Gallery SQL Injection

April 18th, 2008
Comments Off

Application: Coppermine Photo Gallery
Affected Version: 1.4.16 and other versions.
Vendor’s URL: Coppermine Photo Gallery
Bug Type: SQL Injection
Risk Level: Critical

Solution:
Update to version 1.4.17.

Image Galleries, SQL Injection