CVE-2006-4030
https://notcve.org/view.php?id=CVE-2006-4030
Unspecified vulnerability in the stats module in Gallery 1.5.1-RC2 and earlier allows remote attackers to obtain sensitive information via unspecified attack vectors, related to "two file exposure bugs." Vulnerabilidad no especificada en el módulo de estadísticas en Gallery 1.5.1-RC2 y anteriores permite a atacantes remotos obtener información sensible a través de vectores de ataque desconocidos, relacionados con "dos bugs de exposición de archivos". • http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=325285 http://secunia.com/advisories/16594 http://secunia.com/advisories/21502 http://www.debian.org/security/2006/dsa-1148 http://www.securityfocus.com/bid/19453 http://www.vupen.com/english/advisories/2006/3250 •
CVE-2006-3563 – Winged Gallery 1.0 - 'Thumb.php' Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2006-3563
Cross-site scripting (XSS) vulnerability in gallery/thumb.php in Winged Gallery 1.0 allows remote attackers to inject arbitrary web script or HTML via the image parameter. Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en gallery/thumb.php de Winged Gallery 1.0 permite a atacantes remotos inyectar secuencias de comandos web o HTML de su elección a través del parámetro image. • https://www.exploit-db.com/exploits/28102 http://securityreason.com/securityalert/1219 http://www.securityfocus.com/archive/1/438435/100/200/threaded http://www.securityfocus.com/bid/18629 https://exchange.xforce.ibmcloud.com/vulnerabilities/27378 •
CVE-2006-2001 – Scry Gallery 1.1 - 'index.php' Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2006-2001
Cross-site scripting (XSS) vulnerability in index.php in Scry Gallery 1.1 allows remote attackers to inject arbitrary web script or HTML via the p parameter. NOTE: this is a different vulnerability than the directory traversal vector. • https://www.exploit-db.com/exploits/27729 http://attrition.org/pipermail/vim/2006-April/000716.html http://secunia.com/advisories/19777 http://securityreason.com/securityalert/783 http://www.osvdb.org/24891 http://www.securityfocus.com/archive/1/431853/100/0/threaded http://www.securityfocus.com/bid/17668 http://www.vupen.com/english/advisories/2006/1490 https://exchange.xforce.ibmcloud.com/vulnerabilities/26101 •
CVE-2006-1995 – Scry Gallery - Directory Traversal
https://notcve.org/view.php?id=CVE-2006-1995
Directory traversal vulnerability in index.php in Scry Gallery 1.1 allows remote attackers to read arbitrary files via ".." sequences in the p parameter, which is not properly sanitized due to an rtrim function call with the arguments in the wrong order. • https://www.exploit-db.com/exploits/27724 http://attrition.org/pipermail/vim/2006-April/000716.html http://downloads.securityfocus.com/vulnerabilities/exploits/17649-directory-traversal.exploit http://secunia.com/advisories/19777 http://securityreason.com/securityalert/784 http://www.osvdb.org/24889 http://www.securityfocus.com/archive/1/431716/100/0/threaded http://www.securityfocus.com/bid/17649 http://www.securityfocus.com/bid/17668 http://www.vupen.com/english/advisories/2006/1490 •
CVE-2006-1996
https://notcve.org/view.php?id=CVE-2006-1996
Scry Gallery 1.1 allows remote attackers to obtain sensitive information via an invalid p parameter, which reveals the path in an error message. • http://attrition.org/pipermail/vim/2006-April/000716.html http://secunia.com/advisories/19777 http://securityreason.com/securityalert/784 http://www.osvdb.org/24890 http://www.securityfocus.com/archive/1/431716/100/0/threaded http://www.securityfocus.com/bid/17668 http://www.vupen.com/english/advisories/2006/1490 https://exchange.xforce.ibmcloud.com/vulnerabilities/25990 •