CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2007-6689
https://notcve.org/view.php?id=CVE-2007-6689
17 Jan 2008 — Menalto Gallery before 2.2.4 does not properly check for malicious file extensions during file uploads, which allows attackers to execute arbitrary code via the (1) Core application or (2) MIME module. Menalto Gallery anterior a 2.2.4 no comprueba extensiones de fichero maliciosas durante la subida de ficheros, lo cual permite a atacantes remotos ejecutar código de su elección mediante los módulos (1) Core o (2) MIME. • http://bugs.gentoo.org/show_bug.cgi?id=203217 • CWE-20: Improper Input Validation •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2007-6690
https://notcve.org/view.php?id=CVE-2007-6690
17 Jan 2008 — The Gallery Remote module in Menalto Gallery before 2.2.4 does not check permissions for unspecified GR commands, which has unknown impact and attack vectors. El módulo Gallery Remote para Menalto Gallery anterior a 2.2.4 no comprueba los permisos para comandos GR no especificados, lo cual tiene impacto y vectores de ataque desconocidos. • http://bugs.gentoo.org/show_bug.cgi?id=203217 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2007-6691
https://notcve.org/view.php?id=CVE-2007-6691
17 Jan 2008 — Multiple unspecified vulnerabilities in Menalto Gallery before 2.2.4 have unknown impact, related to (1) "hotlink protection" in the URL rewrite module, (2) a WebDAV view in the WebDAV module, (3) a comment view in the Comment module, (4) unspecified "item information disclosure attacks" in the Core module Gallery application, (5) the slideshow in the Slideshow module, and (6) multiple Print modules. Múltiples vulnerabilidades no especificadas en Menalto Gallery anterior a 2.2.4 tiene impacto desconocido, r... • http://bugs.gentoo.org/show_bug.cgi?id=203217 •
CVSS: 6.4EPSS: 0%CPEs: 1EXPL: 0CVE-2007-6692
https://notcve.org/view.php?id=CVE-2007-6692
17 Jan 2008 — Open redirect vulnerability in Menalto Gallery before 2.2.4 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the (1) Core and (2) print modules. Vulnerabilidad de redirección libre en Menalto Gallery, en versiones anteriores a la 2.2.4, permite que atacantes remotos redirijan a los usuarios a sitios web arbitrarios y lleven a cabo ataques de phising, a través de una URL en los módulos (1) Core y (2) print • http://bugs.gentoo.org/show_bug.cgi?id=203217 • CWE-59: Improper Link Resolution Before File Access ('Link Following') •
CVSS: 9.1EPSS: 0%CPEs: 1EXPL: 0CVE-2007-4650
https://notcve.org/view.php?id=CVE-2007-4650
04 Sep 2007 — Multiple unspecified vulnerabilities in Gallery before 2.2.3 allow attackers to (1) rename items, (2) read and modify item properties, or (3) lock and replace items via unknown vectors in (a) the WebDAV module; and (4) edit unspecified data files using "linked items" in WebDAV and (b) Reupload modules. Múltiples vulnerabilidades no especificadas en Gallery anterior a 2.2.3 permite a atacantes (1) renombrar artículos, (2) leer y modificar propiedades de artículos, o (3) ver y reemplazar artículos mediante ve... • http://bugs.gentoo.org/show_bug.cgi?id=191587 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 7.5EPSS: 0%CPEs: 15EXPL: 0CVE-2006-4030
https://notcve.org/view.php?id=CVE-2006-4030
16 Aug 2006 — Unspecified vulnerability in the stats module in Gallery 1.5.1-RC2 and earlier allows remote attackers to obtain sensitive information via unspecified attack vectors, related to "two file exposure bugs." Vulnerabilidad no especificada en el módulo de estadísticas en Gallery 1.5.1-RC2 y anteriores permite a atacantes remotos obtener información sensible a través de vectores de ataque desconocidos, relacionados con "dos bugs de exposición de archivos". • http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=325285 •
CVSS: 9.1EPSS: 6%CPEs: 5EXPL: 1CVE-2004-2124 – Gallery 1.3.x/1.4 - Remote Global Variable Injection
https://notcve.org/view.php?id=CVE-2004-2124
31 Dec 2004 — The register_globals simulation capability in Gallery 1.3.1 through 1.4.1 allows remote attackers to modify the HTTP_POST_VARS variable and conduct a PHP remote file inclusion attack via the GALLERY_BASEDIR parameter, a different vulnerability than CVE-2002-1412. • https://www.exploit-db.com/exploits/23599 •
CVSS: 6.1EPSS: 6%CPEs: 13EXPL: 1CVE-2003-0614 – Gallery 1.2/1.3.x - Search Engine Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2003-0614
01 Aug 2003 — Cross-site scripting (XSS) vulnerability in search.php of Gallery 1.1 through 1.3.4 allows remote attackers to insert arbitrary web script via the searchstring parameter. Vulnerabilidad en sitios cruzados en search.php de Gallery 1.1 a 1.3.4 permite a atacantes remotos insertar script web mediante el parámetro searchstring • https://www.exploit-db.com/exploits/22961 •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2002-2123
https://notcve.org/view.php?id=CVE-2002-2123
31 Dec 2002 — PHP remote file inclusion vulnerability in publish_xp_docs.php for Gallery 1.3.2 allows remote attackers to inject arbitrary PHP code by specifying a URL to an init.php file in the GALLERY_BASEDIR parameter. • http://www.securityfocus.com/archive/1/304611 •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2002-2130
https://notcve.org/view.php?id=CVE-2002-2130
31 Dec 2002 — publish_xp_docs.php in Gallery 1.3.2 allows remote attackers to execute arbitrary PHP code by modifying the GALLERY_BASEDIR parameter to reference a URL on a remote web server that contains the code. • http://archives.neohapsis.com/archives/bugtraq/2002-12/0260.html •