CVSS: 4.0EPSS: 0%CPEs: 1EXPL: 0CVE-2021-25379
https://notcve.org/view.php?id=CVE-2021-25379
09 Apr 2021 — Intent redirection vulnerability in Gallery prior to version 5.4.16.1 allows attacker to execute privileged action. Una vulnerabilidad de Intent redirection en Gallery anterior a versión 5.4.16.1, permite a un atacante ejecutar una acción con privilegios • https://security.samsungmobile.com • CWE-926: Improper Export of Android Application Components •
CVSS: 6.1EPSS: 0%CPEs: 51EXPL: 0CVE-2017-2171
https://notcve.org/view.php?id=CVE-2017-2171
22 May 2017 — Cross-site scripting vulnerability in Captcha prior to version 4.3.0, Car Rental prior to version 1.0.5, Contact Form Multi prior to version 1.2.1, Contact Form prior to version 4.0.6, Contact Form to DB prior to version 1.5.7, Custom Admin Page prior to version 0.1.2, Custom Fields Search prior to version 1.3.2, Custom Search prior to version 1.36, Donate prior to version 2.1.1, Email Queue prior to version 1.1.2, Error Log Viewer prior to version 1.0.6, Facebook Button prior to version 2.54, Featured Post... • http://jvndb.jvn.jp/jvndb/JVNDB-2017-000094 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') CWE-91: XML Injection (aka Blind XPath Injection) •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 1CVE-2016-1000114
https://notcve.org/view.php?id=CVE-2016-1000114
06 Oct 2016 — XSS in huge IT gallery v1.1.5 for Joomla XSS en galería huge IT v1.1.5 para Joomla • http://extensions.joomla.org/extensions/extension/photos-a-images/galleries/gallery-pro • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.8EPSS: 2%CPEs: 1EXPL: 2CVE-2016-1000113 – Joomla Huge IT Gallery 1.1.5 Cross Site Scripting / SQL Injection
https://notcve.org/view.php?id=CVE-2016-1000113
24 Jul 2016 — XSS and SQLi in huge IT gallery v1.1.5 for Joomla XSS y SQLi en galería huge IT v1.1.5 para Joomla. Joomla Huge IT Gallery component version 1.1.5 suffers from cross site scripting and remote SQL injection vulnerabilities. • https://packetstorm.news/files/id/138027 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 7.5EPSS: 1%CPEs: 13EXPL: 0CVE-2013-2138
https://notcve.org/view.php?id=CVE-2013-2138
10 Oct 2013 — The (1) uploadify and (2) flowplayer SWF files in Gallery 3 before 3.0.8 do not properly remove query parameters and fragments, which allows remote attackers to have an unspecified impact via a replay attack. Los archivos SWF (1) uploadify y (2) flowplayer en Gallery 3 anterior a 3.0.8 no eliminan apropiadamente los parámetros y fragmentos de consulta, lo que permite a atacantes remotos tener un impacto no especificado a través de un ataque replay. • http://galleryproject.org/gallery_3_0_8 • CWE-20: Improper Input Validation •
CVSS: 7.5EPSS: 0%CPEs: 14EXPL: 0CVE-2013-2241
https://notcve.org/view.php?id=CVE-2013-2241
10 Oct 2013 — modules/gallery/helpers/data_rest.php in Gallery 3 before 3.0.9 allows remote attackers to bypass intended access restrictions and obtain sensitive information (image files) via the "full" string in the size parameter. modules/gallery/helpers/data_rest.php en Gallery 3 anterior a la versión 3.0.9 permite a atacantes remotos evadir restricciones de acceso intencionadas y obtener información sensible (archivos de imagen) a través de una cadena "full" en el parámetro del tamaño. • http://galleryproject.org/gallery_3_0_9 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 6.1EPSS: 0%CPEs: 9EXPL: 0CVE-2012-4342
https://notcve.org/view.php?id=CVE-2012-4342
15 Aug 2012 — Multiple cross-site scripting (XSS) vulnerabilities in Gallery 3 before 3.0.4 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors. Múltiples vulnerabilidades de ejecución de comandos en sitios cruzados (XSS) en Gallery v3 anterior a v3.0.4 permite a atacantes remotos inyectar código web o HTML arbitrario a través de vectores no especificados. • http://gallery.menalto.com/gallery_3_0_4 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.8EPSS: 0%CPEs: 9EXPL: 0CVE-2012-4343
https://notcve.org/view.php?id=CVE-2012-4343
15 Aug 2012 — Multiple unspecified vulnerabilities in Gallery 3 before 3.0.4 allow attackers to execute arbitrary PHP code via unknown vectors. Múltiples vulnerabilidades no especificadas en Gallery v3 anterior a v3.0.4 permite a atacantes ejecutar código PHP arbitrario a través de vectores desconocidos. • http://gallery.menalto.com/gallery_3_0_4 •
CVSS: 8.8EPSS: 1%CPEs: 12EXPL: 0CVE-2010-4353
https://notcve.org/view.php?id=CVE-2010-4353
25 Jan 2011 — Unrestricted file upload vulnerability in modules/gallery/models/item.php in Menalto Gallery before 3.0 and beta allows remote authenticated users with upload permissions to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in an unspecified directory. Vulnerabilidad de subida de archivos sin restricciones en modules/gallery/models/item.php en Menalto Gallery anterior a v3.0 y beta permite a usuarios autenticados de forma remota con p... • http://gallery.menalto.com/gallery_3.0.1_released •
CVSS: 9.8EPSS: 0%CPEs: 14EXPL: 0CVE-2008-5296
https://notcve.org/view.php?id=CVE-2008-5296
01 Dec 2008 — Gallery 1.5.x before 1.5.10 and 1.6 before 1.6-RC3, when register_globals is enabled, allows remote attackers to bypass authentication and gain administrative via unspecified cookies. NOTE: some of these details are obtained from third party information. Gallery 1.5.x antes de la versión 1.5.10 y 1.6 antes de 1.6 RC3, permite a atacantes remotos eludir el proceso de autenticación y obtener permisos de administración, cuando register_globals esté activado, a través de "cookies" no especificadas. NOTA: Alguno... • http://gallery.menalto.com/last_official_G1_releases • CWE-287: Improper Authentication •