Page 11 of 74 results (0.004 seconds)

CVSS: 4.3EPSS: 0%CPEs: 16EXPL: 0

Cross-site scripting (XSS) vulnerability in Gallery before 1.5.2 allows remote attackers to inject arbitrary web script or HTML via unknown attack vectors, possibly involving the user name (fullname). • http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=325285 http://gallery.menalto.com/page/gallery_1_5_2_release http://secunia.com/advisories/18557 http://secunia.com/advisories/18627 http://secunia.com/advisories/21502 http://www.gentoo.org/security/en/glsa/glsa-200601-13.xml http://www.osvdb.org/22660 http://www.securityfocus.com/bid/16334 http://www.us.debian.org/security/2006/dsa-1148 http://www.vupen.com/english/advisories/2006/0282 https://exchange.xforc •

CVSS: 4.3EPSS: 0%CPEs: 11EXPL: 0

Cross-site scripting (XSS) vulnerability in the "Add Image From Web" feature in Gallery 2.0 before 2.0.2 allows remote attackers to inject arbitrary web script or HTML via Javascript in an IMG tag. • http://secunia.com/advisories/17747 http://www.osvdb.org/21221 http://www.securityfocus.com/archive/1/418200/100/0/threaded http://www.securityfocus.com/bid/15614 http://www.vupen.com/english/advisories/2005/2681 •

CVSS: 5.0EPSS: 0%CPEs: 11EXPL: 0

The installer for Gallery 2.0 before 2.0.2 stores the install log under the web document root with insufficient access control, which allows remote attackers to obtain sensitive information. • http://www.securityfocus.com/archive/1/418200/100/0/threaded http://www.securityfocus.com/bid/15614 http://www.vupen.com/english/advisories/2005/2681 •

CVSS: 5.0EPSS: 0%CPEs: 9EXPL: 0

Unspecified vulnerability in the zipcart module in Gallery 2.0 before 2.0.2 allows remote attackers to read arbitrary files via unknown vectors. • http://secunia.com/advisories/17747 http://www.securityfocus.com/archive/1/418200/100/0/threaded http://www.securityfocus.com/bid/15614 http://www.vupen.com/english/advisories/2005/2681 •

CVSS: 6.4EPSS: 1%CPEs: 8EXPL: 1

Directory traversal vulnerability in the gallery script in Gallery 2.0 (G2) allows remote attackers to read or include arbitrary files via ".." sequences in the g2_itemId parameter. • http://dipper.info/security/20051012 http://gallery.menalto.com/gallery_2.0.1_released http://secunia.com/advisories/17205 http://securityreason.com/securityalert/88 http://www.vuxml.org/freebsd/47bdabcf-3cf9-11da-baa2-0004614cc33d.html •