Page 2 of 23 results (0.003 seconds)

CVSS: 10.0EPSS: 0%CPEs: 6EXPL: 0

Gallery 2 before 2.3.2 and 3 before 3.0.3 does not properly implement encryption, which has unspecified impact and attack vectors, a different vulnerability than CVE-2012-1113. Gallery v2 antes de v2.3.2 y v3 antes de v3.0.3, no implementa el cifrado de forma adecuada, lo que provoca un impacto y vectores de ataque no especificados. Una vulnerabilidad diferente de CVE-2012-1113. • http://gallery.menalto.com/gallery_3_0_3_and_gallery_2_3_2 https://bugzilla.redhat.com/show_bug.cgi?id=812045 https://exchange.xforce.ibmcloud.com/vulnerabilities/75201 • CWE-310: Cryptographic Issues •

CVSS: 4.3EPSS: 0%CPEs: 6EXPL: 0

Multiple cross-site scripting (XSS) vulnerabilities in the administration subsystem in Gallery 2 before 2.3.2 and 3 before 3.0.3 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors. Múltiples vulnerabilidades de ejecución de secuencias de comandos en sitios cruzados (XSS) en Gallery v2 antes de v2.3.2 y v3 antes de v3.0.3, permite a atacantes remotos inyectar secuencias de comandos web o código HTML de su elección a través de vectores no especificados. • http://gallery.menalto.com/gallery_3_0_3_and_gallery_2_3_2 http://lists.fedoraproject.org/pipermail/package-announce/2012-April/078618.html http://lists.fedoraproject.org/pipermail/package-announce/2012-April/078752.html http://lists.fedoraproject.org/pipermail/package-announce/2012-April/078816.html http://lists.fedoraproject.org/pipermail/package-announce/2012-April/078851.html http://lists.fedoraproject.org/pipermail/package-announce/2012-April/078873.html http://lists.fedoraproject.org/pipermail/package • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 6.0EPSS: 0%CPEs: 12EXPL: 0

Unrestricted file upload vulnerability in modules/gallery/models/item.php in Menalto Gallery before 3.0 and beta allows remote authenticated users with upload permissions to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in an unspecified directory. Vulnerabilidad de subida de archivos sin restricciones en modules/gallery/models/item.php en Menalto Gallery anterior a v3.0 y beta permite a usuarios autenticados de forma remota con permisos de subida ejecutar código de su elección subiendo un archivo con una extensión ejecutable, y después accediendo a él a través de una petición directa al archivo en un directorio no especificado. • http://gallery.menalto.com/gallery_3.0.1_released http://osvdb.org/70628 http://secunia.com/advisories/43028 http://www.securityfocus.com/bid/45964 https://exchange.xforce.ibmcloud.com/vulnerabilities/64870 •

CVSS: 6.8EPSS: 1%CPEs: 2EXPL: 1

Directory traversal vulnerability in contrib/phpBB2/modules.php in Gallery 1.5.7 and 1.6-alpha3, when register_globals is enabled, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the phpEx parameter within a modload action. Vulnerabilidad de salto de directorio en contrib/phpBB2/modules.php de Gallery 1.5.7 y 1.6-alpha3, cuando register_globals está activo, permite a atacantes remotos incluir y ejecutar ficheros locales a través de .. (punto punto) en el parámetro phpEx dentro de una acción modload. • http://gallery.menalto.com/gallery_1.5.8_released http://secunia.com/advisories/32662 http://security.gentoo.org/glsa/glsa-200811-02.xml http://securityreason.com/securityalert/4142 http://www.securityfocus.com/archive/1/495284/100/0/threaded https://exchange.xforce.ibmcloud.com/vulnerabilities/44373 https://www.exploit-db.com/exploits/6222 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •

CVSS: 4.3EPSS: 0%CPEs: 8EXPL: 0

Cross-site scripting (XSS) vulnerability in Menalto Gallery before 2.2.5 allows remote attackers to inject arbitrary web script or HTML via the (1) host and (2) path components of a URL. Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en Menalto Gallery anterior a 2.2.5 permite a atacantes remotos inyectar scripts web o HTML mediante los componentes (1) host y (2) path de un URL. • http://gallery.menalto.com/gallery_2.2.5_released http://secunia.com/advisories/30650 http://secunia.com/advisories/30826 http://www.securityfocus.com/bid/29681 https://exchange.xforce.ibmcloud.com/vulnerabilities/43024 https://www.redhat.com/archives/fedora-package-announce/2008-June/msg00766.html https://www.redhat.com/archives/fedora-package-announce/2008-June/msg00836.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •