Vulnerabilities > CVE-2005-2736 - Unspecified vulnerability in Yapig
Attack vector
UNKNOWN Attack complexity
UNKNOWN Privileges required
UNKNOWN Confidentiality impact
UNKNOWN Integrity impact
UNKNOWN Availability impact
UNKNOWN yapig
nessus
Summary
Cross-site scripting (XSS) vulnerability in YaPig 0.95 and earlier allows remote attackers to inject arbitrary web script or HTML via EXIF data, such as the Camera Model Tag.
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| Application | 5 |
Nessus
| NASL family | CGI abuses |
| NASL id | YAPIG_EXIF_XSS.NASL |
| description | The remote host is running YaPiG, a web-based image gallery written in PHP. According to its banner, the version of YaPiG installed on the remote host is prone to arbitrary PHP code injection and cross-site scripting attacks. |
| last seen | 2020-06-01 |
| modified | 2020-06-02 |
| plugin id | 19515 |
| published | 2005-08-27 |
| reporter | This script is Copyright (C) 2005-2018 Tenable Network Security, Inc. |
| source | https://www.tenable.com/plugins/nessus/19515 |
| title | YaPiG <= 0.9.5b Multiple Vulnerabilities |
References
- http://cedri.cc/advisories/EXIF_XSS.txt
- http://cedri.cc/advisories/EXIF_XSS.txt
- http://marc.info/?l=bugtraq&m=112511025414488&w=2
- http://marc.info/?l=bugtraq&m=112511025414488&w=2
- http://secunia.com/advisories/16596/
- http://secunia.com/advisories/16596/
- http://securitytracker.com/id?1014802
- http://securitytracker.com/id?1014802
- http://www.securityfocus.com/bid/14670
- http://www.securityfocus.com/bid/14670
- https://exchange.xforce.ibmcloud.com/vulnerabilities/22020
- https://exchange.xforce.ibmcloud.com/vulnerabilities/22020