Page 41 of 218 results (0.011 seconds)

CVSS: 4.6EPSS: 0%CPEs: 1EXPL: 0

User.php in Gallery, as used in Postnuke, allows users with any Admin privileges to gain access to all galleries. • http://gallery.menalto.com/index.php?name=PNphpBB2&file=viewtopic&t=7048 http://secunia.com/advisories/16389 http://secunia.com/advisories/17367 http://www.debian.org/security/2005/dsa-879 http://www.securityfocus.com/bid/14547 •

CVSS: 5.0EPSS: 1%CPEs: 1EXPL: 3

index.php for My Image Gallery (Mig ) 1.4.1 allows remote attackers to obtain the web server path via certain currDir and image arguments, which leaks the path in an error message. • http://secunia.com/advisories/16405 http://secwatch.org/advisories/secwatch/20050813_Mig.txt http://sourceforge.net/project/shownotes.php?release_id=349348 http://www.osvdb.org/18742 http://www.securityfocus.com/bid/14570 http://www.vupen.com/english/advisories/2005/1432 •

CVSS: 5.0EPSS: 0%CPEs: 1EXPL: 0

main.php in Gallery 2.0 Alpha allows remote attackers to gain sensitive information by changing the value of g2_subView parameter, which reveals the path in an error message. • http://archives.neohapsis.com/archives/vulnwatch/2005-q1/0031.html http://gallery.menalto.com/modules.php?op=modload&name=News&file=article&sid=147 http://marc.info/?l=bugtraq&m=110608459222364&w=2 http://theinsider.deep-ice.com/texts/advisory69.txt https://exchange.xforce.ibmcloud.com/vulnerabilities/18940 •

CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0

Multiple cross-site scripting (XSS) vulnerabilities in Gallery 1.3.4-pl1 allow remote attackers to inject arbitrary web script or HTML via (1) the index field in add_comment.php, (2) set_albumName, (3) slide_index, (4) slide_full, (5) slide_loop, (6) slide_pause, (7) slide_dir fields in slideshow_low.php, or (8) username field in search.php. • http://archives.neohapsis.com/archives/vulnwatch/2005-q1/0031.html http://gallery.menalto.com/modules.php?op=modload&name=News&file=article&sid=147 http://marc.info/?l=bugtraq&m=110608459222364&w=2 http://theinsider.deep-ice.com/texts/advisory69.txt https://exchange.xforce.ibmcloud.com/vulnerabilities/18938 https://exchange.xforce.ibmcloud.com/vulnerabilities/43473 •

CVSS: 5.0EPSS: 1%CPEs: 1EXPL: 0

Cross-site scripting vulnerability in login.php in Gallery 1.4.4-pl2 allows remote attackers to inject arbitrary web script or HTML via the username field. • http://archives.neohapsis.com/archives/vulnwatch/2005-q1/0031.html http://gallery.menalto.com/modules.php?op=modload&name=News&file=article&sid=147 http://marc.info/?l=bugtraq&m=110608459222364&w=2 http://secunia.com/advisories/13887 http://theinsider.deep-ice.com/texts/advisory69.txt http://www.gentoo.org/security/en/glsa/glsa-200501-45.xml https://exchange.xforce.ibmcloud.com/vulnerabilities/18938 •