CVSS: 7.5EPSS: 1%CPEs: 13EXPL: 0CVE-2013-2138
https://notcve.org/view.php?id=CVE-2013-2138
The (1) uploadify and (2) flowplayer SWF files in Gallery 3 before 3.0.8 do not properly remove query parameters and fragments, which allows remote attackers to have an unspecified impact via a replay attack. Los archivos SWF (1) uploadify y (2) flowplayer en Gallery 3 anterior a 3.0.8 no eliminan apropiadamente los parámetros y fragmentos de consulta, lo que permite a atacantes remotos tener un impacto no especificado a través de un ataque replay. • http://galleryproject.org/gallery_3_0_8 http://sourceforge.net/apps/trac/gallery/ticket/2068 http://sourceforge.net/apps/trac/gallery/ticket/2070 http://www.openwall.com/lists/oss-security/2013/06/04/9 https://bugzilla.redhat.com/show_bug.cgi?id=970596 https://github.com/gallery/gallery3/commit/3e5bba2cd4febe8331c0158c11ea418f21c72efa https://github.com/gallery/gallery3/commit/80bb0f2222dd99ed2ce59e804b833bab63cc376a • CWE-20: Improper Input Validation •
CVSS: 3.5EPSS: 0%CPEs: 59EXPL: 6CVE-2012-1613 – coppermine 1.5.18 - Multiple Vulnerabilities
https://notcve.org/view.php?id=CVE-2012-1613
Cross-site scripting (XSS) vulnerability in edit_one_pic.php in Coppermine Photo Gallery before 1.5.20 allows remote authenticated users with certain privileges to inject arbitrary web script or HTML via the keywords parameter. Vulnerabilidad de ejecución de secuencias de comandos en sitios cruzados (XSS) en edit_one_pic.php en Coppermine Photo Gallery antes de v1.5.20, permite a usuarios autenticados remotamente con ciertos privilegios, inyectar secuencias de comandos web o HTML a través del parámetro keywords. • https://www.exploit-db.com/exploits/18680 http://archives.neohapsis.com/archives/bugtraq/2012-03/0167.html http://coppermine.svn.sourceforge.net/viewvc/coppermine/trunk/cpg1.6.x/edit_one_pic.php?r1=8348&r2=8354 http://forum.coppermine-gallery.net/index.php/topic%2C74682.0.html http://osvdb.org/80731 http://packetstormsecurity.org/files/111369/Coppermine-1.5.18-Cross-Site-Scripting-Path-Disclosure.html http://secunia.com/advisories/48643 http://www.exploit-db.com/exploits/18680 http& • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.0EPSS: 0%CPEs: 61EXPL: 10CVE-2012-1614 – coppermine 1.5.18 - Multiple Vulnerabilities
https://notcve.org/view.php?id=CVE-2012-1614
Coppermine Photo Gallery before 1.5.20 allows remote attackers to obtain sensitive information via (1) a direct request to plugins/visiblehookpoints/index.php, an invalid (2) page or (3) cat parameter to thumbnails.php, an invalid (4) page parameter to usermgr.php, or an invalid (5) newer_than or (6) older_than parameter to search.inc.php, which reveals the installation path in an error message. Coppermine Photo Gallery anterior a v1.5.20 permite a atacantes remotos obtener información sensible a través de (1) una solicitud directa plugins/visiblehookpoints/index.php, una página no válida (2) o (3) los parámetros gato thumbnails.php, un inválido (4) la página de parámetros para usermgr.php, o un inválido (5) newer_than o (6) parámetro older_than a search.inc.php, lo que revela la ruta de instalación en un mensaje de error. • https://www.exploit-db.com/exploits/18680 http://archives.neohapsis.com/archives/bugtraq/2012-03/0167.html http://coppermine.svn.sourceforge.net/viewvc/coppermine/trunk/cpg1.6.x/edit_one_pic.php?r1=8348&r2=8354 http://forum.coppermine-gallery.net/index.php/topic%2C74682.0.html http://osvdb.org/80732 http://osvdb.org/80733 http://osvdb.org/80734 http://osvdb.org/80735 http://packetstormsecurity.org/files/111369/Coppermine-1.5.18-Cross-Site-Scripting-Path-Disclosure.html http • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 4.3EPSS: 0%CPEs: 9EXPL: 0CVE-2012-4342
https://notcve.org/view.php?id=CVE-2012-4342
Multiple cross-site scripting (XSS) vulnerabilities in Gallery 3 before 3.0.4 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors. Múltiples vulnerabilidades de ejecución de comandos en sitios cruzados (XSS) en Gallery v3 anterior a v3.0.4 permite a atacantes remotos inyectar código web o HTML arbitrario a través de vectores no especificados. • http://gallery.menalto.com/gallery_3_0_4 http://lists.fedoraproject.org/pipermail/package-announce/2012-June/082954.html http://lists.fedoraproject.org/pipermail/package-announce/2012-June/082995.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.5EPSS: 0%CPEs: 9EXPL: 0CVE-2012-4343
https://notcve.org/view.php?id=CVE-2012-4343
Multiple unspecified vulnerabilities in Gallery 3 before 3.0.4 allow attackers to execute arbitrary PHP code via unknown vectors. Múltiples vulnerabilidades no especificadas en Gallery v3 anterior a v3.0.4 permite a atacantes ejecutar código PHP arbitrario a través de vectores desconocidos. • http://gallery.menalto.com/gallery_3_0_4 http://lists.fedoraproject.org/pipermail/package-announce/2012-June/082954.html http://lists.fedoraproject.org/pipermail/package-announce/2012-June/082995.html •