CVSS: 5.0EPSS: 1%CPEs: 1EXPL: 0CVE-2006-1996
https://notcve.org/view.php?id=CVE-2006-1996
Scry Gallery 1.1 allows remote attackers to obtain sensitive information via an invalid p parameter, which reveals the path in an error message. • http://attrition.org/pipermail/vim/2006-April/000716.html http://secunia.com/advisories/19777 http://securityreason.com/securityalert/784 http://www.osvdb.org/24890 http://www.securityfocus.com/archive/1/431716/100/0/threaded http://www.securityfocus.com/bid/17668 http://www.vupen.com/english/advisories/2006/1490 https://exchange.xforce.ibmcloud.com/vulnerabilities/25990 •
CVSS: 4.3EPSS: 0%CPEs: 20EXPL: 0CVE-2006-1696
https://notcve.org/view.php?id=CVE-2006-1696
Cross-site scripting (XSS) vulnerability in Gallery before 1.5.3 allows remote attackers to inject arbitrary web script or HTML via unknown attack vectors. • http://secunia.com/advisories/19580 http://sourceforge.net/project/shownotes.php?release_id=408602&group_id=7130 http://www.osvdb.org/24466 http://www.securityfocus.com/bid/17437 http://www.vupen.com/english/advisories/2006/1285 https://exchange.xforce.ibmcloud.com/vulnerabilities/25707 •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 3CVE-2006-1667 – Crafty Syntax Image Gallery 3.1g - Remote Code Execution
https://notcve.org/view.php?id=CVE-2006-1667
SQL injection vulnerability in slides.php in Eric Gerdes Crafty Syntax Image Gallery (CSIG) (aka PHP thumbnail Photo Gallery) 3.1g and earlier allows remote authenticated users to execute arbitrary SQL commands via the limitquery_s parameter when the $projectid variable is less than 1, which prevents the $limitquery_s from being set within slides.php. • https://www.exploit-db.com/exploits/1645 http://bash-x.net/undef/adv/craftygallery.html http://bash-x.net/undef/exploits/crappy_syntax.txt http://secunia.com/advisories/19478 http://www.osvdb.org/24386 http://www.securityfocus.com/bid/17379 http://www.vupen.com/english/advisories/2006/1239 https://exchange.xforce.ibmcloud.com/vulnerabilities/25654 •
CVSS: 9.0EPSS: 4%CPEs: 1EXPL: 5CVE-2006-1668 – Crafty Syntax Image Gallery 3.1g - Remote Code Execution
https://notcve.org/view.php?id=CVE-2006-1668
newimage.php in Eric Gerdes Crafty Syntax Image Gallery (CSIG) (aka PHP thumbnail Photo Gallery) 3.1g and earlier allows remote authenticated users to upload and execute arbitrary PHP code via a multipart/form-data POST with a .jpg filename in the fullimage parameter and the ext parameter set to .php. • https://www.exploit-db.com/exploits/1645 http://bash-x.net/undef/adv/craftygallery.html http://bash-x.net/undef/exploits/crappy_syntax.txt http://secunia.com/advisories/19478 http://www.osvdb.org/24387 http://www.securityfocus.com/bid/17379 http://www.vupen.com/english/advisories/2006/1239 https://exchange.xforce.ibmcloud.com/vulnerabilities/25655 •
CVSS: 5.0EPSS: 3%CPEs: 1EXPL: 1CVE-2006-1412 – TFT Gallery 0.10 - Password Disclosure
https://notcve.org/view.php?id=CVE-2006-1412
TFT Gallery 0.10 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download the admin password file and obtain password hashes via a direct request to admin/passwd. • https://www.exploit-db.com/exploits/1611 http://secunia.com/advisories/19411 http://www.securityfocus.com/archive/1/453471/100/0/threaded http://www.securityfocus.com/archive/1/453485/100/0/threaded http://www.securityfocus.com/bid/17250 http://www.vupen.com/english/advisories/2006/1115 https://exchange.xforce.ibmcloud.com/vulnerabilities/25465 •