IDCVSSSummaryLast (major) updatePublished
CVE-2007-4437 6.8
SQL injection vulnerability in albums.php in Ampache before 3.3.3.5 allows remote attackers to execute arbitrary SQL commands via the match parameter. NOTE: some details are obtained from third party information.
29-07-2017 - 01:32 20-08-2007 - 22:17
CVE-2007-4438 6.8
Session fixation vulnerability in Ampache before 3.3.3.5 allows remote attackers to hijack web sessions via unspecified vectors.
29-07-2017 - 01:32 20-08-2007 - 22:17
CVE-2006-5668 7.5
Unspecified vulnerability in Ampache 3.3.2 and earlier, when register_globals is enabled, allows remote attackers to bypass security restrictions and gain guest access.
20-07-2017 - 01:33 03-11-2006 - 01:07
CVE-2008-3929 7.2
gather-messages.sh in Ampache 3.4.1 allows local users to overwrite arbitrary files via a symlink attack on the /tmp/filelist temporary file.
08-08-2017 - 01:32 04-09-2008 - 18:41
CVE-2019-12385 6.5
An issue was discovered in Ampache through 3.9.1. The search engine is affected by a SQL Injection, so any user able to perform lib/class/search.class.php searches (even guest users) can dump any data contained in the database (sessions, hashed passw
30-08-2019 - 12:50 22-08-2019 - 19:15
CVE-2019-12386 3.5
An issue was discovered in Ampache through 3.9.1. A stored XSS exists in the localplay.php LocalPlay "add instance" functionality. The injected code is reflected in the instances menu. This vulnerability can be abused to force an admin to create a ne
28-08-2019 - 14:35 22-08-2019 - 19:15
CVE-2017-18375 6.5
Ampache 3.8.3 allows PHP Object Instantiation via democratic.ajax.php and democratic.class.php.
30-05-2019 - 00:28 24-05-2019 - 18:29
Back to Top Mark selected
Back to Top