|
 |
| SecurityReason | ||
| WLB | ||
| Services | ||
| RSS | ||
| Corporate | ||
| Note | ||
If you have found a vulnerability, please send to our SecurityAlert Database : |
||
Home  SecurityAlert Database |
||||
SecurityAlert : 128 CVE : CVE-2005-3432 SecurityRisk : Medium  (About) Remote Exploit : Yes Local Exploit : No Exploit Available : Yes Credit : Preben Nylokken Published : 30.10.2005
Advisory Content : The MG2 Image Gallery system has the ability to make create online galleries. Even password protected once. By manipulating url from a gallery, you are able to list out all pictures in every gallery. Even though they are inside a password protected folder. Sample manipulation could be: www.yoursite.com/mg2/index.php?list=*&page=all The "*" replaces the album number, showing every album. The "all" command is an option programmed in the system to view all pictures within a SINGLE gallery. Those two combined, will expose any password protected images. The system can be downloaded from: http://www.minigal.dk/ Please credit find to: Preben Nylokken  Feedback : If you have additional information or notice any errors regarding this security advisory, please use contact form or email us at info()securityreason()com. |
||||
| Alert | ||
libc:fts_*() Multiple Denial of Service
The fts functions are provided for traversing UNIX file hierarchies... |
||
| Apache |  |
|
» Apache Tomcat 6.0.20 and |
||
» Apache Tomcat 6.0.20 and |
||
» Apache Tomcat 6.0.20 and |
||
| PHP | |
|
- 2009-10-02| Copyright © SecurityReason.com. All Rights Reserved. |