Published: 10/05/2006 Updated: 08/03/2011

CVSS v2 Base Score: 6.8 | Impact Score: 6.4 | Exploitability Score: 8.6

VMScore: 690

Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P

Cross-site scripting (XSS) vulnerability in Dynamic Galerie 1.0 allows remote malicious users to inject arbitrary web script or HTML via the pfad parameter in (1) index.php and (2) galerie.php. NOTE: this issue might be resultant from directory traversal.

Vulnerable Product	Search on Vulmon	Subscribe to Product
timobraun dynamic galerie 1.0

source: wwwsecurityfocuscom/bid/17896/info Dynamic Galerie is prone to a directory-traversal vulnerability and a cross-site scripting vulnerability These issues are due to a failure in the application to properly sanitize user-supplied input An attacker can exploit these vulnerabilities to retrieve arbitrary files from the vulnera ...

source: wwwsecurityfocuscom/bid/17896/info Dynamic Galerie is prone to a directory-traversal vulnerability and a cross-site scripting vulnerability These issues are due to a failure in the application to properly sanitize user-supplied input An attacker can exploit these vulnerabilities to retrieve arbitrary files from the vulne ...

NVD-CWE-Other http://d4igoro.blogspot.com/2006/05/dynamic-galerie-10-path-traversal-xss.html http://www.securityfocus.com/bid/17896 http://secunia.com/advisories/19995 http://www.osvdb.org/25443 http://www.osvdb.org/25444 http://www.vupen.com/english/advisories/2006/1699 https://nvd.nist.gov https://www.exploit-db.com/exploits/27840/

CVE-2006-2294

Vulnerability Summary

Exploits

References

Vulmon Search

About

Products

Connect