CVSS: 9.8EPSS: 0%CPEs: 9EXPL: 1CVE-2013-2240
https://notcve.org/view.php?id=CVE-2013-2240
10 Oct 2013 — lib/flowplayer.swf.php in Gallery 3 before 3.0.9 does not properly remove query fragments, which allows remote attackers to have an unspecified impact via a replay attack, a different vulnerability than CVE-2013-2138. lib/flowplayer.swf.php en Gallery 3 anterior a la versión 3.0.9 no elimina adecuadamente fragmentos de consulta, lo que permite a atacantes remotos tener un impacto no especificado a través de un ataque de reproducción, una vulnerabilidad diferente a CVE-2013-2138. • http://galleryproject.org/gallery_3_0_9 •
CVSS: 7.5EPSS: 1%CPEs: 13EXPL: 0CVE-2013-2138
https://notcve.org/view.php?id=CVE-2013-2138
10 Oct 2013 — The (1) uploadify and (2) flowplayer SWF files in Gallery 3 before 3.0.8 do not properly remove query parameters and fragments, which allows remote attackers to have an unspecified impact via a replay attack. Los archivos SWF (1) uploadify y (2) flowplayer en Gallery 3 anterior a 3.0.8 no eliminan apropiadamente los parámetros y fragmentos de consulta, lo que permite a atacantes remotos tener un impacto no especificado a través de un ataque replay. • http://galleryproject.org/gallery_3_0_8 • CWE-20: Improper Input Validation •
CVSS: 9.1EPSS: 1%CPEs: 90EXPL: 1CVE-2008-3555 – Wsn (Multiple Products) - Local File Inclusion / Code Execution
https://notcve.org/view.php?id=CVE-2008-3555
08 Aug 2008 — Directory traversal vulnerability in index.php in (1) WSN Forum 4.1.43 and earlier, (2) Gallery 4.1.30 and earlier, (3) Knowledge Base (WSNKB) 4.1.36 and earlier, (4) Links 4.1.44 and earlier, and possibly (5) Classifieds before 4.1.30 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the TID parameter, as demonstrated by uploading a .jpg file containing PHP sequences. Una vulnerabilidad de salto de directorio en el archivo index.php en (1) WSN Forum versión 4.1.43 y... • https://www.exploit-db.com/exploits/6208 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •