Page 3 of 43 results (0.003 seconds)

CVSS: 5.0EPSS: 0%CPEs: 14EXPL: 0

modules/gallery/helpers/data_rest.php in Gallery 3 before 3.0.9 allows remote attackers to bypass intended access restrictions and obtain sensitive information (image files) via the "full" string in the size parameter. modules/gallery/helpers/data_rest.php en Gallery 3 anterior a la versión 3.0.9 permite a atacantes remotos evadir restricciones de acceso intencionadas y obtener información sensible (archivos de imagen) a través de una cadena "full" en el parámetro del tamaño. • http://galleryproject.org/gallery_3_0_9 http://sourceforge.net/apps/trac/gallery/ticket/2074 http://www.openwall.com/lists/oss-security/2013/07/04/11 http://www.openwall.com/lists/oss-security/2013/07/05/3 https://bugzilla.redhat.com/show_bug.cgi?id=981198 https://github.com/gallery/gallery3/commit/cbbcf1b4791762d7da0ea7b6c4f4b551a4d9caed • CWE-264: Permissions, Privileges, and Access Controls •

CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0

Gallery Plugin1.4 for WordPress has a Remote File Include Vulnerability Gallery Plugin versión 1.4 para WordPress, presenta una Vulnerabilidad de Inclusión de Archivo Remota. The WordPress Gallery Plugin plugin for WordPress is vulnerable to Remote File Inclusion in versions up to, and including, 1.4 via the 'load' parameter. This allows unauthenticated attackers to include remote files on the server, resulting in code execution. • http://www.securityfocus.com/bid/57650 https://exchange.xforce.ibmcloud.com/vulnerabilities/81713 • CWE-98: Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') CWE-829: Inclusion of Functionality from Untrusted Control Sphere •

CVSS: 7.5EPSS: 0%CPEs: 9EXPL: 0

Multiple unspecified vulnerabilities in Gallery 3 before 3.0.4 allow attackers to execute arbitrary PHP code via unknown vectors. Múltiples vulnerabilidades no especificadas en Gallery v3 anterior a v3.0.4 permite a atacantes ejecutar código PHP arbitrario a través de vectores desconocidos. • http://gallery.menalto.com/gallery_3_0_4 http://lists.fedoraproject.org/pipermail/package-announce/2012-June/082954.html http://lists.fedoraproject.org/pipermail/package-announce/2012-June/082995.html •

CVSS: 4.3EPSS: 0%CPEs: 9EXPL: 0

Multiple cross-site scripting (XSS) vulnerabilities in Gallery 3 before 3.0.4 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors. Múltiples vulnerabilidades de ejecución de comandos en sitios cruzados (XSS) en Gallery v3 anterior a v3.0.4 permite a atacantes remotos inyectar código web o HTML arbitrario a través de vectores no especificados. • http://gallery.menalto.com/gallery_3_0_4 http://lists.fedoraproject.org/pipermail/package-announce/2012-June/082954.html http://lists.fedoraproject.org/pipermail/package-announce/2012-June/082995.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 6.0EPSS: 0%CPEs: 12EXPL: 0

Unrestricted file upload vulnerability in modules/gallery/models/item.php in Menalto Gallery before 3.0 and beta allows remote authenticated users with upload permissions to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in an unspecified directory. Vulnerabilidad de subida de archivos sin restricciones en modules/gallery/models/item.php en Menalto Gallery anterior a v3.0 y beta permite a usuarios autenticados de forma remota con permisos de subida ejecutar código de su elección subiendo un archivo con una extensión ejecutable, y después accediendo a él a través de una petición directa al archivo en un directorio no especificado. • http://gallery.menalto.com/gallery_3.0.1_released http://osvdb.org/70628 http://secunia.com/advisories/43028 http://www.securityfocus.com/bid/45964 https://exchange.xforce.ibmcloud.com/vulnerabilities/64870 •