CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 1CVE-2016-1000114
https://notcve.org/view.php?id=CVE-2016-1000114
XSS in huge IT gallery v1.1.5 for Joomla XSS en galería huge IT v1.1.5 para Joomla • http://extensions.joomla.org/extensions/extension/photos-a-images/galleries/gallery-pro http://www.securityfocus.com/bid/92102 http://www.vapidlabs.com/advisory.php?v=164 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.8EPSS: 1%CPEs: 1EXPL: 1CVE-2016-1000113 – Joomla Huge IT Gallery 1.1.5 Cross Site Scripting / SQL Injection
https://notcve.org/view.php?id=CVE-2016-1000113
XSS and SQLi in huge IT gallery v1.1.5 for Joomla XSS y SQLi en galería huge IT v1.1.5 para Joomla. Joomla Huge IT Gallery component version 1.1.5 suffers from cross site scripting and remote SQL injection vulnerabilities. • http://extensions.joomla.org/extensions/extension/photos-a-images/galleries/gallery-pro http://www.securityfocus.com/bid/92102 http://www.vapidlabs.com/advisory.php?v=164 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 5.0EPSS: 0%CPEs: 14EXPL: 0CVE-2013-2241
https://notcve.org/view.php?id=CVE-2013-2241
modules/gallery/helpers/data_rest.php in Gallery 3 before 3.0.9 allows remote attackers to bypass intended access restrictions and obtain sensitive information (image files) via the "full" string in the size parameter. modules/gallery/helpers/data_rest.php en Gallery 3 anterior a la versión 3.0.9 permite a atacantes remotos evadir restricciones de acceso intencionadas y obtener información sensible (archivos de imagen) a través de una cadena "full" en el parámetro del tamaño. • http://galleryproject.org/gallery_3_0_9 http://sourceforge.net/apps/trac/gallery/ticket/2074 http://www.openwall.com/lists/oss-security/2013/07/04/11 http://www.openwall.com/lists/oss-security/2013/07/05/3 https://bugzilla.redhat.com/show_bug.cgi?id=981198 https://github.com/gallery/gallery3/commit/cbbcf1b4791762d7da0ea7b6c4f4b551a4d9caed • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 7.5EPSS: 1%CPEs: 13EXPL: 0CVE-2013-2138
https://notcve.org/view.php?id=CVE-2013-2138
The (1) uploadify and (2) flowplayer SWF files in Gallery 3 before 3.0.8 do not properly remove query parameters and fragments, which allows remote attackers to have an unspecified impact via a replay attack. Los archivos SWF (1) uploadify y (2) flowplayer en Gallery 3 anterior a 3.0.8 no eliminan apropiadamente los parámetros y fragmentos de consulta, lo que permite a atacantes remotos tener un impacto no especificado a través de un ataque replay. • http://galleryproject.org/gallery_3_0_8 http://sourceforge.net/apps/trac/gallery/ticket/2068 http://sourceforge.net/apps/trac/gallery/ticket/2070 http://www.openwall.com/lists/oss-security/2013/06/04/9 https://bugzilla.redhat.com/show_bug.cgi?id=970596 https://github.com/gallery/gallery3/commit/3e5bba2cd4febe8331c0158c11ea418f21c72efa https://github.com/gallery/gallery3/commit/80bb0f2222dd99ed2ce59e804b833bab63cc376a • CWE-20: Improper Input Validation •
CVSS: 4.3EPSS: 0%CPEs: 9EXPL: 0CVE-2012-4342
https://notcve.org/view.php?id=CVE-2012-4342
Multiple cross-site scripting (XSS) vulnerabilities in Gallery 3 before 3.0.4 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors. Múltiples vulnerabilidades de ejecución de comandos en sitios cruzados (XSS) en Gallery v3 anterior a v3.0.4 permite a atacantes remotos inyectar código web o HTML arbitrario a través de vectores no especificados. • http://gallery.menalto.com/gallery_3_0_4 http://lists.fedoraproject.org/pipermail/package-announce/2012-June/082954.html http://lists.fedoraproject.org/pipermail/package-announce/2012-June/082995.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •