Page 35 of 214 results (0.105 seconds)

CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0

Unrestricted file upload vulnerability in TFT-Gallery allows remote authenticated administrators to upload arbitrary .php files, possibly using admin/index.php. NOTE: this can be leveraged with CVE-2006-1412 to create a remote unauthenticated vector. Vulnerabilidad de subida de fichero no restringida en TFT-Gallery permite a atacantes remotos autenticados como administrador subir ficheros .php de su elección, posiblemente usando admin/index.php. NOTA: esto puede utilizado junto con CVE-2006-1412 para crear un vector remoto no autenticado. • http://securityreason.com/securityalert/1983 http://www.securityfocus.com/archive/1/453471/100/0/threaded https://exchange.xforce.ibmcloud.com/vulnerabilities/30731 •

CVSS: 5.0EPSS: 0%CPEs: 15EXPL: 0

Unspecified vulnerability in the stats module in Gallery 1.5.1-RC2 and earlier allows remote attackers to obtain sensitive information via unspecified attack vectors, related to "two file exposure bugs." Vulnerabilidad no especificada en el módulo de estadísticas en Gallery 1.5.1-RC2 y anteriores permite a atacantes remotos obtener información sensible a través de vectores de ataque desconocidos, relacionados con "dos bugs de exposición de archivos". • http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=325285 http://secunia.com/advisories/16594 http://secunia.com/advisories/21502 http://www.debian.org/security/2006/dsa-1148 http://www.securityfocus.com/bid/19453 http://www.vupen.com/english/advisories/2006/3250 •

CVSS: 2.6EPSS: 0%CPEs: 1EXPL: 2

Cross-site scripting (XSS) vulnerability in gallery/thumb.php in Winged Gallery 1.0 allows remote attackers to inject arbitrary web script or HTML via the image parameter. Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en gallery/thumb.php de Winged Gallery 1.0 permite a atacantes remotos inyectar secuencias de comandos web o HTML de su elección a través del parámetro image. • https://www.exploit-db.com/exploits/28102 http://securityreason.com/securityalert/1219 http://www.securityfocus.com/archive/1/438435/100/200/threaded http://www.securityfocus.com/bid/18629 https://exchange.xforce.ibmcloud.com/vulnerabilities/27378 •

CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 1

Cross-site scripting (XSS) vulnerability in index.php in Scry Gallery 1.1 allows remote attackers to inject arbitrary web script or HTML via the p parameter. NOTE: this is a different vulnerability than the directory traversal vector. • https://www.exploit-db.com/exploits/27729 http://attrition.org/pipermail/vim/2006-April/000716.html http://secunia.com/advisories/19777 http://securityreason.com/securityalert/783 http://www.osvdb.org/24891 http://www.securityfocus.com/archive/1/431853/100/0/threaded http://www.securityfocus.com/bid/17668 http://www.vupen.com/english/advisories/2006/1490 https://exchange.xforce.ibmcloud.com/vulnerabilities/26101 •

CVSS: 5.0EPSS: 2%CPEs: 1EXPL: 3

Directory traversal vulnerability in index.php in Scry Gallery 1.1 allows remote attackers to read arbitrary files via ".." sequences in the p parameter, which is not properly sanitized due to an rtrim function call with the arguments in the wrong order. • https://www.exploit-db.com/exploits/27724 http://attrition.org/pipermail/vim/2006-April/000716.html http://downloads.securityfocus.com/vulnerabilities/exploits/17649-directory-traversal.exploit http://secunia.com/advisories/19777 http://securityreason.com/securityalert/784 http://www.osvdb.org/24889 http://www.securityfocus.com/archive/1/431716/100/0/threaded http://www.securityfocus.com/bid/17649 http://www.securityfocus.com/bid/17668 http://www.vupen.com/english/advisories/2006/1490 •