Vulnerabilities > CVE-2006-3036 - Unspecified vulnerability in Andy Mack 35Mmslidegallery 6.0
Attack vector
UNKNOWN Attack complexity
UNKNOWN Privileges required
UNKNOWN Confidentiality impact
UNKNOWN Integrity impact
UNKNOWN Availability impact
UNKNOWN andy-mack
exploit available
Summary
Multiple cross-site scripting (XSS) vulnerabilities in 35mmslidegallery 6.0 allow remote attackers to inject arbitrary web script or HTML via the (1) imgdir parameter in (a) index.php, and the (2) w, (3) h, and (4) t parameters in (b) popup.php.
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| Application | 1 |
Exploit-Db
description Andy Mack 35mm Slide Gallery 6.0 popup.php Multiple Parameter XSS. CVE-2006-3036. Webapps exploit for php platform id EDB-ID:28021 last seen 2016-02-03 modified 2006-06-13 published 2006-06-13 reporter black-cod3 source https://www.exploit-db.com/download/28021/ title Andy Mack 35mm Slide Gallery 6.0 popup.php Multiple Parameter XSS description Andy Mack 35mm Slide Gallery 6.0 index.php imgdir Parameter XSS. CVE-2006-3036. Webapps exploit for php platform id EDB-ID:28020 last seen 2016-02-03 modified 2006-06-13 published 2006-06-13 reporter black-cod3 source https://www.exploit-db.com/download/28020/ title Andy Mack 35mm Slide Gallery 6.0 index.php imgdir Parameter XSS
References
- http://secunia.com/advisories/20652
- http://secunia.com/advisories/20652
- http://securityreason.com/securityalert/1100
- http://securityreason.com/securityalert/1100
- http://www.osvdb.org/26507
- http://www.osvdb.org/26507
- http://www.osvdb.org/26508
- http://www.osvdb.org/26508
- http://www.securityfocus.com/archive/1/436959/100/0/threaded
- http://www.securityfocus.com/archive/1/436959/100/0/threaded
- http://www.securityfocus.com/bid/18414
- http://www.securityfocus.com/bid/18414
- https://exchange.xforce.ibmcloud.com/vulnerabilities/27127
- https://exchange.xforce.ibmcloud.com/vulnerabilities/27127