CVSS: 9.8EPSS: 1%CPEs: 1EXPL: 1CVE-2016-1000113 – Joomla Huge IT Gallery 1.1.5 Cross Site Scripting / SQL Injection
https://notcve.org/view.php?id=CVE-2016-1000113
XSS and SQLi in huge IT gallery v1.1.5 for Joomla XSS y SQLi en galería huge IT v1.1.5 para Joomla. Joomla Huge IT Gallery component version 1.1.5 suffers from cross site scripting and remote SQL injection vulnerabilities. • http://extensions.joomla.org/extensions/extension/photos-a-images/galleries/gallery-pro http://www.securityfocus.com/bid/92102 http://www.vapidlabs.com/advisory.php?v=164 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 4.3EPSS: 0%CPEs: 7EXPL: 0CVE-2013-2087
https://notcve.org/view.php?id=CVE-2013-2087
Multiple cross-site scripting (XSS) vulnerabilities in Gallery 3 before 3.0.7 allow remote attackers to inject arbitrary web script or HTML via the (1) movie title to modules/gallery/controllers/movies.php or (2) key variable to modules/gallery/views/error_admin.html.php. Múltiples vulnerabilidades de XSS en Gallery 3 anterior a 3.0.7 permiten a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarios a través de (1) el título de película hacia modules/gallery/controllers/movies.php o (2) la variable de clave hacia modules/gallery/views/error_admin.html.php. • http://galleryproject.org/gallery_3_0_7 http://osvdb.org/92691 http://osvdb.org/92740 http://sourceforge.net/apps/trac/gallery/ticket/2064 http://www.openwall.com/lists/oss-security/2013/05/13/2 http://www.openwall.com/lists/oss-security/2013/05/14/1 http://www.securityfocus.com/bid/59469 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.0EPSS: 0%CPEs: 14EXPL: 0CVE-2013-2241
https://notcve.org/view.php?id=CVE-2013-2241
modules/gallery/helpers/data_rest.php in Gallery 3 before 3.0.9 allows remote attackers to bypass intended access restrictions and obtain sensitive information (image files) via the "full" string in the size parameter. modules/gallery/helpers/data_rest.php en Gallery 3 anterior a la versión 3.0.9 permite a atacantes remotos evadir restricciones de acceso intencionadas y obtener información sensible (archivos de imagen) a través de una cadena "full" en el parámetro del tamaño. • http://galleryproject.org/gallery_3_0_9 http://sourceforge.net/apps/trac/gallery/ticket/2074 http://www.openwall.com/lists/oss-security/2013/07/04/11 http://www.openwall.com/lists/oss-security/2013/07/05/3 https://bugzilla.redhat.com/show_bug.cgi?id=981198 https://github.com/gallery/gallery3/commit/cbbcf1b4791762d7da0ea7b6c4f4b551a4d9caed • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 7.5EPSS: 1%CPEs: 9EXPL: 1CVE-2013-2240
https://notcve.org/view.php?id=CVE-2013-2240
lib/flowplayer.swf.php in Gallery 3 before 3.0.9 does not properly remove query fragments, which allows remote attackers to have an unspecified impact via a replay attack, a different vulnerability than CVE-2013-2138. lib/flowplayer.swf.php en Gallery 3 anterior a la versión 3.0.9 no elimina adecuadamente fragmentos de consulta, lo que permite a atacantes remotos tener un impacto no especificado a través de un ataque de reproducción, una vulnerabilidad diferente a CVE-2013-2138. • http://galleryproject.org/gallery_3_0_9 http://sourceforge.net/apps/trac/gallery/ticket/2073 http://www.openwall.com/lists/oss-security/2013/07/04/11 https://bugzilla.redhat.com/show_bug.cgi?id=981197 https://github.com/gallery/gallery3/commit/c5318bb1a2dd266b50317a2adb74d74338593733 •
CVSS: 7.5EPSS: 1%CPEs: 13EXPL: 0CVE-2013-2138
https://notcve.org/view.php?id=CVE-2013-2138
The (1) uploadify and (2) flowplayer SWF files in Gallery 3 before 3.0.8 do not properly remove query parameters and fragments, which allows remote attackers to have an unspecified impact via a replay attack. Los archivos SWF (1) uploadify y (2) flowplayer en Gallery 3 anterior a 3.0.8 no eliminan apropiadamente los parámetros y fragmentos de consulta, lo que permite a atacantes remotos tener un impacto no especificado a través de un ataque replay. • http://galleryproject.org/gallery_3_0_8 http://sourceforge.net/apps/trac/gallery/ticket/2068 http://sourceforge.net/apps/trac/gallery/ticket/2070 http://www.openwall.com/lists/oss-security/2013/06/04/9 https://bugzilla.redhat.com/show_bug.cgi?id=970596 https://github.com/gallery/gallery3/commit/3e5bba2cd4febe8331c0158c11ea418f21c72efa https://github.com/gallery/gallery3/commit/80bb0f2222dd99ed2ce59e804b833bab63cc376a • CWE-20: Improper Input Validation •