Summary
| Detail | |||
|---|---|---|---|
| Vendor | Zoph | First view | 2007-07-19 |
| Product | Zoph | Last view | 2014-12-03 |
| Version | 0.7 | Type | Application |
| Update | * | ||
| Edition | * | ||
| Language | * | ||
| Sofware Edition | * | ||
| Target Software | * | ||
| Target Hardware | * | ||
| Other | * | ||
| CPE Product | cpe:2.3:a:zoph:zoph | ||
Activity : Overall
Related : CVE
| Date | Alert | Description | |
|---|---|---|---|
| 4.3 | 2014-12-03 | CVE-2014-9236 | Cross-site scripting (XSS) vulnerability in php/edit_photos.php in Zoph (aka Zoph Organizes Photos) 0.9.1 and earlier allows remote attackers to inject arbitrary web script or HTML via the (1) photographer_id or (2) _crumb parameter. |
| 6.5 | 2014-12-03 | CVE-2014-9235 | Multiple SQL injection vulnerabilities in Zoph (aka Zoph Organizes Photos) 0.9.1 and earlier allow remote authenticated users to execute arbitrary SQL commands via the (1) _action parameter to group.php or (2) user.php or the (3) location_id parameter to photos.php in php/. |
| 4.3 | 2009-07-07 | CVE-2009-2343 | Cross-site scripting (XSS) vulnerability in people.php in Zoph before 0.7.0.6 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. NOTE: some of these details are obtained from third party information. |
| 7.5 | 2008-07-22 | CVE-2008-3258 | Multiple SQL injection vulnerabilities in Zoph before 0.7.0.5 allow remote attackers to execute arbitrary SQL commands via unspecified vectors. |
| 7.5 | 2007-07-19 | CVE-2007-3905 | SQL injection vulnerability in Zoph before 0.7.0.1 might allow remote attackers to execute arbitrary SQL commands via the _order parameter to (1) photos.php and (2) edit_photos.php. |
CWE : Common Weakness Enumeration
| % | id | Name |
|---|---|---|
| 50% (2) | CWE-89 | Improper Sanitization of Special Elements used in an SQL Command ('... |
| 50% (2) | CWE-79 | Failure to Preserve Web Page Structure ('Cross-site Scripting') |
Open Source Vulnerability Database (OSVDB)
| id | Description |
|---|---|
| 55554 | Zoph People Page Unspecified XSS |
| 47093 | Zoph Multiple Unspecified SQL Injection |
| 36288 | Zoph edit_photos.php _order Parameter SQL Injection |
| 36287 | Zoph photos.php _order Parameter SQL Injection |
OpenVAS Exploits
| id | Description |
|---|---|
| 2008-01-17 | Name : Debian Security Advisory DSA 1389-1 (zoph) File : nvt/deb_1389_1.nasl |
| 2008-01-17 | Name : Debian Security Advisory DSA 1389-2 (zoph) File : nvt/deb_1389_2.nasl |
Nessus® Vulnerability Scanner
| id | Description |
|---|---|
| 2007-10-25 | Name: The remote Debian host is missing a security-related update. File: debian_DSA-1389.nasl - Type: ACT_GATHER_INFO |
