Page 3 of 16 results (0.007 seconds)

CVSS: 5.0EPSS: 0%CPEs: 14EXPL: 0

CVE-2013-2241

https://notcve.org/view.php?id=CVE-2013-2241

modules/gallery/helpers/data_rest.php in Gallery 3 before 3.0.9 allows remote attackers to bypass intended access restrictions and obtain sensitive information (image files) via the "full" string in the size parameter. modules/gallery/helpers/data_rest.php en Gallery 3 anterior a la versión 3.0.9 permite a atacantes remotos evadir restricciones de acceso intencionadas y obtener información sensible (archivos de imagen) a través de una cadena "full" en el parámetro del tamaño. • http://galleryproject.org/gallery_3_0_9 http://sourceforge.net/apps/trac/gallery/ticket/2074 http://www.openwall.com/lists/oss-security/2013/07/04/11 http://www.openwall.com/lists/oss-security/2013/07/05/3 https://bugzilla.redhat.com/show_bug.cgi?id=981198 https://github.com/gallery/gallery3/commit/cbbcf1b4791762d7da0ea7b6c4f4b551a4d9caed • CWE-264: Permissions, Privileges, and Access Controls •

CVSS: 7.5EPSS: 0%CPEs: 9EXPL: 0

CVE-2012-4343

https://notcve.org/view.php?id=CVE-2012-4343

Multiple unspecified vulnerabilities in Gallery 3 before 3.0.4 allow attackers to execute arbitrary PHP code via unknown vectors. Múltiples vulnerabilidades no especificadas en Gallery v3 anterior a v3.0.4 permite a atacantes ejecutar código PHP arbitrario a través de vectores desconocidos. • http://gallery.menalto.com/gallery_3_0_4 http://lists.fedoraproject.org/pipermail/package-announce/2012-June/082954.html http://lists.fedoraproject.org/pipermail/package-announce/2012-June/082995.html •

CVSS: 4.3EPSS: 0%CPEs: 9EXPL: 0

CVE-2012-4342

https://notcve.org/view.php?id=CVE-2012-4342

Multiple cross-site scripting (XSS) vulnerabilities in Gallery 3 before 3.0.4 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors. Múltiples vulnerabilidades de ejecución de comandos en sitios cruzados (XSS) en Gallery v3 anterior a v3.0.4 permite a atacantes remotos inyectar código web o HTML arbitrario a través de vectores no especificados. • http://gallery.menalto.com/gallery_3_0_4 http://lists.fedoraproject.org/pipermail/package-announce/2012-June/082954.html http://lists.fedoraproject.org/pipermail/package-announce/2012-June/082995.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 10.0EPSS: 0%CPEs: 6EXPL: 0

CVE-2012-2405

https://notcve.org/view.php?id=CVE-2012-2405

Gallery 2 before 2.3.2 and 3 before 3.0.3 does not properly implement encryption, which has unspecified impact and attack vectors, a different vulnerability than CVE-2012-1113. Gallery v2 antes de v2.3.2 y v3 antes de v3.0.3, no implementa el cifrado de forma adecuada, lo que provoca un impacto y vectores de ataque no especificados. Una vulnerabilidad diferente de CVE-2012-1113. • http://gallery.menalto.com/gallery_3_0_3_and_gallery_2_3_2 https://bugzilla.redhat.com/show_bug.cgi?id=812045 https://exchange.xforce.ibmcloud.com/vulnerabilities/75201 • CWE-310: Cryptographic Issues •

CVSS: 4.3EPSS: 0%CPEs: 6EXPL: 0

CVE-2012-1113

https://notcve.org/view.php?id=CVE-2012-1113

Multiple cross-site scripting (XSS) vulnerabilities in the administration subsystem in Gallery 2 before 2.3.2 and 3 before 3.0.3 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors. Múltiples vulnerabilidades de ejecución de secuencias de comandos en sitios cruzados (XSS) en Gallery v2 antes de v2.3.2 y v3 antes de v3.0.3, permite a atacantes remotos inyectar secuencias de comandos web o código HTML de su elección a través de vectores no especificados. • http://gallery.menalto.com/gallery_3_0_3_and_gallery_2_3_2 http://lists.fedoraproject.org/pipermail/package-announce/2012-April/078618.html http://lists.fedoraproject.org/pipermail/package-announce/2012-April/078752.html http://lists.fedoraproject.org/pipermail/package-announce/2012-April/078816.html http://lists.fedoraproject.org/pipermail/package-announce/2012-April/078851.html http://lists.fedoraproject.org/pipermail/package-announce/2012-April/078873.html http://lists.fedoraproject.org/pipermail/package • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •