Searching photo software vulnerabilities

Buffer overflow in IrfanView32 3.07 and earlier

IrfanView32 | overflow | Buffer |

Buffer overflow in IrfanView32 3.07 and earlier allows attackers to execute arbitrary commands via a long string after the "8BPS" image type in a Photo Shop image header.


Directory traversal vulnerability in update.dpg

vulnerability | updatedpgs | Directory | traversal | Gallery | System | Photo | Duma |

Directory traversal vulnerability in update.dpgs in Duma Photo Gallery System (DPGS) 0.99.4 allows remote attackers to read arbitrary files via .. (dot dot) sequences in the id parameter.


isadmin.php in PhpWebGallery 1.0 allows remote

administrative | PhpWebGallery | photo_login | isadminphp | attackers | setting | allows | cookie | pseudo | remote | access | gain | via |

isadmin.php in PhpWebGallery 1.0 allows remote attackers to gain administrative access via by setting the photo_login cookie to pseudo.


Cross-site scripting (XSS) vulnerability in Joh

Cross-site | scripting |

Cross-site scripting (XSS) vulnerability in John Beatty Easy PHP Photo Album 1.0 allows remote attackers to inject arbitrary web script or HTML via the dir parameter.


SQL injection vulnerability in showphoto.php in

vulnerability | showphotophp | unauthorized | attackers | PhotoPost | injection | variable | earlier | access | remote | allows | photo | gain | SQL | via | Pro | PHP |

SQL injection vulnerability in showphoto.php in PhotoPost PHP Pro 4.6 and earlier allows remote attackers to gain unauthorized access via the photo variable.


Invision Power Board 1.3 Final allows remote at

installation | information | sensitive | attackers | "Personal | selecting | displays | Invision | message | Photo" | allows | remote | image | which | error | Power | Final | Board | file | path | gain | not |

Invision Power Board 1.3 Final allows remote attackers to gain sensitive information by selecting a file for "Personal Photo" that is not an image file, which displays the installation path in an error message.


Coppermine Photo Gallery 1.3.2 stores passwords

Coppermine | Gallery | Photo |

Coppermine Photo Gallery 1.3.2 stores passwords in plaintext, which allows remote attackers to obtain sensitive information.


Buffer overflow in the TIFF library in the Phot

attackers | firmware | overflow | service | crafted | library | remote | denial | Buffer | allows | Viewer | Photo | image | cause | TIFF | Sony | PSP | via |

Buffer overflow in the TIFF library in the Photo Viewer for Sony PSP 2.0 firmware allows remote attackers to cause a denial of service via a crafted TIFF image.


Multiple SQL injection vulnerabilities in photo

vulnerabilities | photogalleryphp | PHP-Fusion | arbitrary | attackers | injection | commands | Multiple | execute | remote | allow | via | SQL |

Multiple SQL injection vulnerabilities in photogallery.php in PHP-Fusion allow remote attackers to execute arbitrary SQL commands via the (1) album and (2) photo parameters.


SQL injection vulnerability in portfolio_photo_

portfolio_photo_popupphp | vulnerability | injection | Instant | Gallery | Verosky | Photo | Media | SQL |

SQL injection vulnerability in portfolio_photo_popup.php in Verosky Media Instant Photo Gallery 1.0.2 allows remote attackers to execute arbitrary SQL commands via the id parameter, which is not cleansed before calling the count_click function in includes/functions/fns_std.php. NOTE: this issue could produce resultant XSS.


Unspecified vulnerability in usermgr.php in Cop

vulnerability | Unspecified | Coppermine | usermgrphp | Gallery | before | Photo |

Unspecified vulnerability in usermgr.php in Coppermine Photo Gallery before 1.4.7 has unknown impact and remote attack vectors, possibly related to authorization/authentication errors.


SQL injection vulnerability in Room.php in Fran

vulnerability | Photo-Gallery | attackers | arbitrary | Francisco | parameter | injection | commands | execute | Roomphp | Charrua | allows | remote | SQL | via |

SQL injection vulnerability in Room.php in Francisco Charrua Photo-Gallery 1.0 allows remote attackers to execute arbitrary SQL commands via the id parameter.


Directory traversal vulnerability in getimg.php

vulnerability | parameter | attackers | arbitrary | Directory | traversal | getimgphp | remote | allows | Photo | files | Album | Sans | read | Nom | img | via |

Directory traversal vulnerability in getimg.php in Album Photo Sans Nom 1.6 allows remote attackers to read arbitrary files via the img parameter.


SQL injection vulnerability in picmgr.php in Co

vulnerability | Coppermine | picmgrphp | injection | Gallery | Photo | SQL |

SQL injection vulnerability in picmgr.php in Coppermine Photo Gallery 1.4.9 allows remote attackers to execute arbitrary SQL commands via the aid parameter.


Multiple SQL injection vulnerabilities in Photo

vulnerabilities | Organizer | injection | Multiple | Photo | SQL |

Multiple SQL injection vulnerabilities in Photo Organizer (PO) 2.32b and earlier allow remote attackers to execute arbitrary SQL commands via unspecified vectors.


SQL injection vulnerability in displaypic.asp i

vulnerability | displaypicasp | attackers | arbitrary | sortorder | parameter | injection | commands | Gallery | inject | Xtreme | allows | remote | Photo | SQL | ASP | via |

SQL injection vulnerability in displaypic.asp in Xtreme ASP Photo Gallery allows remote attackers to inject arbitrary SQL commands via the sortorder parameter.


SQL injection vulnerability in thumbnails.php i

vulnerability | thumbnailsphp | Coppermine | injection | Gallery | Photo | SQL |

SQL injection vulnerability in thumbnails.php in Coppermine Photo Gallery (CPG) 1.3.x allows remote authenticated users to execute arbitrary SQL commands via a cpg131_fav cookie.


SQL injection vulnerability in viewcomments.php

viewcommentsphp | vulnerability | ScriptMagix | arbitrary | attackers | injection | parameter | commands | execute | earlier | Rating | allows | remote | Photo | phid | SQL | via |

SQL injection vulnerability in viewcomments.php in ScriptMagix Photo Rating 2.0 and earlier allows remote attackers to execute arbitrary SQL commands via the phid parameter.


SQL injection vulnerability in default.asp in A

ActiveWebSoftwares | vulnerability | defaultasp | attackers | arbitrary | injection | parameter | commands | execute | Gallery | Active | allows | remote | catid | Photo | SQL | via |

SQL injection vulnerability in default.asp in ActiveWebSoftwares Active Photo Gallery allows remote attackers to execute arbitrary SQL commands via the catid parameter.


SQL injection vulnerability in directory.php in

vulnerability | directoryphp | Directory | attackers | arbitrary | parameter | injection | commands | Prozilla | execute | action | cat_id | allows | remote | Adult | list | SQL | via |

SQL injection vulnerability in directory.php in Prozilla Adult Directory allows remote attackers to execute arbitrary SQL commands via the cat_id parameter in a list action. NOTE: the original report indicated that this was the "photo" SourceForge project (aka Maan Bsat Photo Collection), but that was incorrect.


Software vulnerabilities results 1 to 20 of 88     
Page: 12345