Summary
Detail | |||
---|---|---|---|
Vendor | Zoph | First view | 2007-07-19 |
Product | Zoph | Last view | 2014-12-03 |
Version | 0.7 | Type | Application |
Update | * | ||
Edition | * | ||
Language | * | ||
Sofware Edition | * | ||
Target Software | * | ||
Target Hardware | * | ||
Other | * | ||
CPE Product | cpe:2.3:a:zoph:zoph |
Activity : Overall
Related : CVE
Date | Alert | Description | |
---|---|---|---|
4.3 | 2014-12-03 | CVE-2014-9236 | Cross-site scripting (XSS) vulnerability in php/edit_photos.php in Zoph (aka Zoph Organizes Photos) 0.9.1 and earlier allows remote attackers to inject arbitrary web script or HTML via the (1) photographer_id or (2) _crumb parameter. |
6.5 | 2014-12-03 | CVE-2014-9235 | Multiple SQL injection vulnerabilities in Zoph (aka Zoph Organizes Photos) 0.9.1 and earlier allow remote authenticated users to execute arbitrary SQL commands via the (1) _action parameter to group.php or (2) user.php or the (3) location_id parameter to photos.php in php/. |
4.3 | 2009-07-07 | CVE-2009-2343 | Cross-site scripting (XSS) vulnerability in people.php in Zoph before 0.7.0.6 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. NOTE: some of these details are obtained from third party information. |
7.5 | 2008-07-22 | CVE-2008-3258 | Multiple SQL injection vulnerabilities in Zoph before 0.7.0.5 allow remote attackers to execute arbitrary SQL commands via unspecified vectors. |
7.5 | 2007-07-19 | CVE-2007-3905 | SQL injection vulnerability in Zoph before 0.7.0.1 might allow remote attackers to execute arbitrary SQL commands via the _order parameter to (1) photos.php and (2) edit_photos.php. |
CWE : Common Weakness Enumeration
% | id | Name |
---|---|---|
50% (2) | CWE-89 | Improper Sanitization of Special Elements used in an SQL Command ('... |
50% (2) | CWE-79 | Failure to Preserve Web Page Structure ('Cross-site Scripting') |
Open Source Vulnerability Database (OSVDB)
id | Description |
---|---|
55554 | Zoph People Page Unspecified XSS |
47093 | Zoph Multiple Unspecified SQL Injection |
36288 | Zoph edit_photos.php _order Parameter SQL Injection |
36287 | Zoph photos.php _order Parameter SQL Injection |
OpenVAS Exploits
id | Description |
---|---|
2008-01-17 | Name : Debian Security Advisory DSA 1389-1 (zoph) File : nvt/deb_1389_1.nasl |
2008-01-17 | Name : Debian Security Advisory DSA 1389-2 (zoph) File : nvt/deb_1389_2.nasl |
Nessus® Vulnerability Scanner
id | Description |
---|---|
2007-10-25 | Name: The remote Debian host is missing a security-related update. File: debian_DSA-1389.nasl - Type: ACT_GATHER_INFO |