CVSS: 6.4EPSS: 0%CPEs: 1EXPL: 0CVE-2007-6692
https://notcve.org/view.php?id=CVE-2007-6692
17 Jan 2008 — Open redirect vulnerability in Menalto Gallery before 2.2.4 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the (1) Core and (2) print modules. Vulnerabilidad de redirección libre en Menalto Gallery, en versiones anteriores a la 2.2.4, permite que atacantes remotos redirijan a los usuarios a sitios web arbitrarios y lleven a cabo ataques de phising, a través de una URL en los módulos (1) Core y (2) print • http://bugs.gentoo.org/show_bug.cgi?id=203217 • CWE-59: Improper Link Resolution Before File Access ('Link Following') •
CVSS: 9.1EPSS: 0%CPEs: 1EXPL: 0CVE-2007-4650
https://notcve.org/view.php?id=CVE-2007-4650
04 Sep 2007 — Multiple unspecified vulnerabilities in Gallery before 2.2.3 allow attackers to (1) rename items, (2) read and modify item properties, or (3) lock and replace items via unknown vectors in (a) the WebDAV module; and (4) edit unspecified data files using "linked items" in WebDAV and (b) Reupload modules. Múltiples vulnerabilidades no especificadas en Gallery anterior a 2.2.3 permite a atacantes (1) renombrar artículos, (2) leer y modificar propiedades de artículos, o (3) ver y reemplazar artículos mediante ve... • http://bugs.gentoo.org/show_bug.cgi?id=191587 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 10.0EPSS: 6%CPEs: 1EXPL: 1CVE-2007-2715 – Snaps! Gallery 1.4.4 - Remote User Pass Change
https://notcve.org/view.php?id=CVE-2007-2715
16 May 2007 — Admin/users.php in Snaps! Gallery 1.4.4 allows remote attackers to change arbitrary usernames and passwords via the (1) username, or the (2) password and password2 parameters in an edit action. Admin/users.php en el Snaps! Gallery 1.4.4 permite a atacantes remotos cambiar nombres de usuario y contraseñas de su elección a través de los parámetros (1) username o (2) password y password2 en una acción de edición. • https://www.exploit-db.com/exploits/3900 •
CVSS: 7.5EPSS: 0%CPEs: 15EXPL: 0CVE-2006-4030
https://notcve.org/view.php?id=CVE-2006-4030
16 Aug 2006 — Unspecified vulnerability in the stats module in Gallery 1.5.1-RC2 and earlier allows remote attackers to obtain sensitive information via unspecified attack vectors, related to "two file exposure bugs." Vulnerabilidad no especificada en el módulo de estadísticas en Gallery 1.5.1-RC2 y anteriores permite a atacantes remotos obtener información sensible a través de vectores de ataque desconocidos, relacionados con "dos bugs de exposición de archivos". • http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=325285 •
CVSS: 6.1EPSS: 0%CPEs: 20EXPL: 0CVE-2006-1696
https://notcve.org/view.php?id=CVE-2006-1696
11 Apr 2006 — Cross-site scripting (XSS) vulnerability in Gallery before 1.5.3 allows remote attackers to inject arbitrary web script or HTML via unknown attack vectors. • http://secunia.com/advisories/19580 •
CVSS: 8.0EPSS: 2%CPEs: 16EXPL: 0CVE-2006-0587
https://notcve.org/view.php?id=CVE-2006-0587
08 Feb 2006 — Unspecified vulnerability in util.php in Gallery before 1.5.2-pl2 allows remote authenticated users with trick an owner into modifying stored album data and possibly executing arbitrary code via unspecified vectors involving a crafted link to a crafted file. Vulnerabilidad no especificada en util.php de Gallery anteriores a 1.5.2-pl12 permite a usuarios remotos autenticados engañar a un propietario para modificar datos de álbumes almacenados y posiblemente ejecutar código de su elección mediante vectores no... • http://archives.neohapsis.com/archives/bugtraq/2006-02/0224.html •
CVSS: 6.1EPSS: 1%CPEs: 16EXPL: 0CVE-2006-0330
https://notcve.org/view.php?id=CVE-2006-0330
21 Jan 2006 — Cross-site scripting (XSS) vulnerability in Gallery before 1.5.2 allows remote attackers to inject arbitrary web script or HTML via unknown attack vectors, possibly involving the user name (fullname). • http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=325285 •
CVSS: 6.1EPSS: 0%CPEs: 14EXPL: 0CVE-2005-2734
https://notcve.org/view.php?id=CVE-2005-2734
29 Aug 2005 — Cross-site scripting (XSS) vulnerability in Gallery 1.5.1-RC2 and earlier allows remote attackers to inject arbitrary web script or HTML via EXIF data, such as the Camera Model Tag. • http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=325285 •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2005-0220
https://notcve.org/view.php?id=CVE-2005-0220
06 Feb 2005 — Cross-site scripting vulnerability in login.php in Gallery 1.4.4-pl2 allows remote attackers to inject arbitrary web script or HTML via the username field. • http://archives.neohapsis.com/archives/vulnwatch/2005-q1/0031.html •
CVSS: 9.8EPSS: 10%CPEs: 1EXPL: 3CVE-2004-1466 – Gallery 1.4.4 - Remote Server-Side Script Execution
https://notcve.org/view.php?id=CVE-2004-1466
31 Dec 2004 — The set_time_limit function in Gallery before 1.4.4_p2 deletes non-image files in a temporary directory every 30 seconds after they have been uploaded using save_photos.php, which allows remote attackers to upload and execute execute arbitrary scripts before they are deleted, if the temporary directory is under the web root. • https://www.exploit-db.com/exploits/24383 •