CVE-2008-1273
- EPSS 0.2%
- Veröffentlicht 10.03.2008 23:44:00
- Zuletzt bearbeitet 09.04.2025 00:30:58
Multiple cross-site scripting (XSS) vulnerabilities in imageVue 1.7 allow remote attackers to inject arbitrary web script or HTML via the path parameter to (1) popup.php, (2) test/dir2.php, (3) admin/upload.php, and (4) dirxml.php in upload/. NOTE: ...
- EPSS 3.7%
- Veröffentlicht 15.02.2006 11:06:00
- Zuletzt bearbeitet 03.04.2025 01:03:51
imageVue 16.1 allows remote attackers to obtain folder permission settings via a direct request to dir.php, which returns an XML document that lists folders and their permissions.
- EPSS 9.15%
- Veröffentlicht 15.02.2006 11:06:00
- Zuletzt bearbeitet 03.04.2025 01:03:51
readfolder.php in imageVue 16.1 allows remote attackers to list directories via modified path and ext parameters.
- EPSS 9.15%
- Veröffentlicht 15.02.2006 11:06:00
- Zuletzt bearbeitet 03.04.2025 01:03:51
admin/upload.php in imageVue 16.1 allows remote attackers to upload arbitrary files to certain allowed folders via .. (dot dot) sequences in the path parameter. NOTE: due to the lack of details, the specific vulnerability type cannot be determined, ...
CVE-2006-0703
- EPSS 17.22%
- Veröffentlicht 15.02.2006 11:06:00
- Zuletzt bearbeitet 03.04.2025 01:03:51
Unspecified vulnerability in index.php in imageVue 16.1 has unknown impact, probably a cross-site scripting (XSS) vulnerability involving the query string that is not quoted when inserted into style and body tags, as demonstrated using a bgcol parame...