Page 11 of 68 results (0.012 seconds)

CVSS: 6.4EPSS: 1%CPEs: 8EXPL: 1

Directory traversal vulnerability in the gallery script in Gallery 2.0 (G2) allows remote attackers to read or include arbitrary files via ".." sequences in the g2_itemId parameter. • http://dipper.info/security/20051012 http://gallery.menalto.com/gallery_2.0.1_released http://secunia.com/advisories/17205 http://securityreason.com/securityalert/88 http://www.vuxml.org/freebsd/47bdabcf-3cf9-11da-baa2-0004614cc33d.html •

CVSS: 4.3EPSS: 0%CPEs: 14EXPL: 0

Cross-site scripting (XSS) vulnerability in Gallery 1.5.1-RC2 and earlier allows remote attackers to inject arbitrary web script or HTML via EXIF data, such as the Camera Model Tag. • http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=325285 http://marc.info/?l=bugtraq&m=112511025414488&w=2 http://secunia.com/advisories/16594 http://secunia.com/advisories/21502 http://securitytracker.com/id?1014800 http://sourceforge.net/project/shownotes.php?release_id=352576 http://www.securityfocus.com/bid/14668 http://www.us.debian.org/security/2006/dsa-1148 https://exchange.xforce.ibmcloud.com/vulnerabilities/22020 •

CVSS: 4.6EPSS: 0%CPEs: 1EXPL: 0

User.php in Gallery, as used in Postnuke, allows users with any Admin privileges to gain access to all galleries. • http://gallery.menalto.com/index.php?name=PNphpBB2&file=viewtopic&t=7048 http://secunia.com/advisories/16389 http://secunia.com/advisories/17367 http://www.debian.org/security/2005/dsa-879 http://www.securityfocus.com/bid/14547 •

CVSS: 5.0EPSS: 0%CPEs: 1EXPL: 1

Cross-site request forgery (CSRF) vulnerability in Invision Gallery before 1.3.1 allows remote attackers to delete albums and images as another user via a link or IMG tag to the (1) albums or (2) delimg actions. • http://marc.info/?l=bugtraq&m=111834146710329&w=2 http://www.gulftech.org/?node=research&article_id=00079-06092005 • CWE-352: Cross-Site Request Forgery (CSRF) •

CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0

Multiple cross-site scripting (XSS) vulnerabilities in Gallery 1.3.4-pl1 allow remote attackers to inject arbitrary web script or HTML via (1) the index field in add_comment.php, (2) set_albumName, (3) slide_index, (4) slide_full, (5) slide_loop, (6) slide_pause, (7) slide_dir fields in slideshow_low.php, or (8) username field in search.php. • http://archives.neohapsis.com/archives/vulnwatch/2005-q1/0031.html http://gallery.menalto.com/modules.php?op=modload&name=News&file=article&sid=147 http://marc.info/?l=bugtraq&m=110608459222364&w=2 http://theinsider.deep-ice.com/texts/advisory69.txt https://exchange.xforce.ibmcloud.com/vulnerabilities/18938 https://exchange.xforce.ibmcloud.com/vulnerabilities/43473 •