Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2007-4259

Overview

Vulnerability Score 5.0 5.0
CVE Id CVE-2007-4259
Last Modified 05 Nov 2012 10:44:55
Published 08 Aug 2007 07:17:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact NONE NONE
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2007-4259

Summary

EZPhotoSales 1.9.3 and earlier allows remote attackers to download arbitrary image files via (1) a direct request for a URL under OnlineViewing/galleries/ or (2) navigation of the gallery user interface with JavaScript disabled.

Vulnerable Systems

Application

  • Ez Photo Sales 1.9.3


References

BUGTRAQ - 20070806 EZPhotoSales 1.9.3 Multiple Vulnerabilities

MISC - http://www.informit.com/guides/content.asp?g=security&seqNum=268

MISC - http://www.informit.com/guides/content.asp?g=security&seqNum=267

MISC - http://www.airscanner.com/security/07080601_ezphotosales.htm

BID - 25323

SREASON - 2985

SECUNIA - 26341

XF - ezphotosales-javascript-security-bypass(35832)


Last Updated: 27 May 2016 10:47:21