CVSS: 9.8EPSS: 0%CPEs: 9EXPL: 1CVE-2013-2240
https://notcve.org/view.php?id=CVE-2013-2240
10 Oct 2013 — lib/flowplayer.swf.php in Gallery 3 before 3.0.9 does not properly remove query fragments, which allows remote attackers to have an unspecified impact via a replay attack, a different vulnerability than CVE-2013-2138. lib/flowplayer.swf.php en Gallery 3 anterior a la versión 3.0.9 no elimina adecuadamente fragmentos de consulta, lo que permite a atacantes remotos tener un impacto no especificado a través de un ataque de reproducción, una vulnerabilidad diferente a CVE-2013-2138. • http://galleryproject.org/gallery_3_0_9 •
CVSS: 7.5EPSS: 1%CPEs: 13EXPL: 0CVE-2013-2138
https://notcve.org/view.php?id=CVE-2013-2138
10 Oct 2013 — The (1) uploadify and (2) flowplayer SWF files in Gallery 3 before 3.0.8 do not properly remove query parameters and fragments, which allows remote attackers to have an unspecified impact via a replay attack. Los archivos SWF (1) uploadify y (2) flowplayer en Gallery 3 anterior a 3.0.8 no eliminan apropiadamente los parámetros y fragmentos de consulta, lo que permite a atacantes remotos tener un impacto no especificado a través de un ataque replay. • http://galleryproject.org/gallery_3_0_8 • CWE-20: Improper Input Validation •
CVSS: 6.1EPSS: 0%CPEs: 9EXPL: 0CVE-2012-4342
https://notcve.org/view.php?id=CVE-2012-4342
15 Aug 2012 — Multiple cross-site scripting (XSS) vulnerabilities in Gallery 3 before 3.0.4 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors. Múltiples vulnerabilidades de ejecución de comandos en sitios cruzados (XSS) en Gallery v3 anterior a v3.0.4 permite a atacantes remotos inyectar código web o HTML arbitrario a través de vectores no especificados. • http://gallery.menalto.com/gallery_3_0_4 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.8EPSS: 0%CPEs: 9EXPL: 0CVE-2012-4343
https://notcve.org/view.php?id=CVE-2012-4343
15 Aug 2012 — Multiple unspecified vulnerabilities in Gallery 3 before 3.0.4 allow attackers to execute arbitrary PHP code via unknown vectors. Múltiples vulnerabilidades no especificadas en Gallery v3 anterior a v3.0.4 permite a atacantes ejecutar código PHP arbitrario a través de vectores desconocidos. • http://gallery.menalto.com/gallery_3_0_4 •
CVSS: 9.1EPSS: 1%CPEs: 90EXPL: 1CVE-2008-3555 – Wsn (Multiple Products) - Local File Inclusion / Code Execution
https://notcve.org/view.php?id=CVE-2008-3555
08 Aug 2008 — Directory traversal vulnerability in index.php in (1) WSN Forum 4.1.43 and earlier, (2) Gallery 4.1.30 and earlier, (3) Knowledge Base (WSNKB) 4.1.36 and earlier, (4) Links 4.1.44 and earlier, and possibly (5) Classifieds before 4.1.30 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the TID parameter, as demonstrated by uploading a .jpg file containing PHP sequences. Una vulnerabilidad de salto de directorio en el archivo index.php en (1) WSN Forum versión 4.1.43 y... • https://www.exploit-db.com/exploits/6208 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •