RSS   Vulnerabilities for 'Yamamah'   RSS

2011-09-23
 
CVE-2011-3823

CWE-200
 

 
Yamamah 1.0 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by themes/default/index.php and certain other files.

 
2010-06-18
 
CVE-2010-2336

CWE-200
 

 
index.php in Yamamah Photo Gallery 1.00 allows remote attackers to obtain the source code of executable files within the web document root via the download parameter.

 
 
CVE-2010-2335

CWE-89
 

 
SQL injection vulnerability in index.php in Yamamah Photo Gallery 1.00, as distributed before 20100618, allows remote attackers to execute arbitrary SQL commands via the news parameter.

 
 
CVE-2010-2334

CWE-22
 

 
Directory traversal vulnerability in themes/default/download.php in Yamamah Photo Gallery 1.00, as distributed before 20100618, allows remote attackers to read arbitrary files via a .. (dot dot) in the download parameter.

 
2010-04-07
 
CVE-2010-1300

CWE-89
 

 
SQL injection vulnerability in index.php in Yamamah (aka Dove Photo Album) 1.00 allows remote attackers to execute arbitrary SQL commands via the calbums parameter.

 


Copyright 2022, cxsecurity.com

 

Back to Top