Page 5 of 43 results (0.004 seconds)

CVSS: 6.8EPSS: 1%CPEs: 90EXPL: 1

Directory traversal vulnerability in index.php in (1) WSN Forum 4.1.43 and earlier, (2) Gallery 4.1.30 and earlier, (3) Knowledge Base (WSNKB) 4.1.36 and earlier, (4) Links 4.1.44 and earlier, and possibly (5) Classifieds before 4.1.30 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the TID parameter, as demonstrated by uploading a .jpg file containing PHP sequences. Una vulnerabilidad de salto de directorio en el archivo index.php en (1) WSN Forum versión 4.1.43 y anteriores, (2) Gallery versión 4.1.30 y anteriores, (3) Knowledge Base (WSNKB) versión 4.1.36 y anteriores, (4) Links versión 4.1.44 y anteriores, y posiblemente (5) Classifieds anterior a versión 4.1.30, permite a los atacantes remotos incluir y ejecutar archivos locales arbitrarios por medio de un .. (punto punto) en el parámetro TID, como es demostrado mediante la carga de un archivo .jpg que contiene secuencias de PHP. • https://www.exploit-db.com/exploits/6208 http://secunia.com/advisories/31392 http://securityreason.com/securityalert/4120 https://exchange.xforce.ibmcloud.com/vulnerabilities/44236 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •

CVSS: 4.3EPSS: 0%CPEs: 8EXPL: 0

Cross-site scripting (XSS) vulnerability in Menalto Gallery before 2.2.5 allows remote attackers to inject arbitrary web script or HTML via the (1) host and (2) path components of a URL. Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en Menalto Gallery anterior a 2.2.5 permite a atacantes remotos inyectar scripts web o HTML mediante los componentes (1) host y (2) path de un URL. • http://gallery.menalto.com/gallery_2.2.5_released http://secunia.com/advisories/30650 http://secunia.com/advisories/30826 http://www.securityfocus.com/bid/29681 https://exchange.xforce.ibmcloud.com/vulnerabilities/43024 https://www.redhat.com/archives/fedora-package-announce/2008-June/msg00766.html https://www.redhat.com/archives/fedora-package-announce/2008-June/msg00836.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 5.0EPSS: 0%CPEs: 8EXPL: 0

Unspecified vulnerability in the album-select module in Menalto Gallery before 2.2.5 allows remote attackers to obtain titles of hidden albums by attempting to add a new album to a hidden album. Vulnerabilidad sin expecificar en el módulo de album-select en Menalto Gallery anteriores a 2.2.5, permite a atacantes remotos conseguir títulos de los álbunes ocultos cuando intenta añadir un nuevo album a uno oculto. • http://gallery.menalto.com/gallery_2.2.5_released http://secunia.com/advisories/30650 http://secunia.com/advisories/30826 http://www.securityfocus.com/bid/29681 https://exchange.xforce.ibmcloud.com/vulnerabilities/43025 https://www.redhat.com/archives/fedora-package-announce/2008-June/msg00766.html https://www.redhat.com/archives/fedora-package-announce/2008-June/msg00836.html • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •

CVSS: 7.5EPSS: 1%CPEs: 8EXPL: 0

Menalto Gallery before 2.2.5 allows remote attackers to bypass permissions for sub-albums via a ZIP archive. Menalto Gallery anterior a 2.2.5, permite a atacantes remotos evitar permisos para sub-albums a través de un archivo ZIP. • http://gallery.menalto.com/gallery_2.2.5_released http://secunia.com/advisories/30650 http://secunia.com/advisories/30826 http://www.securityfocus.com/bid/29681 https://exchange.xforce.ibmcloud.com/vulnerabilities/43027 https://www.redhat.com/archives/fedora-package-announce/2008-June/msg00766.html https://www.redhat.com/archives/fedora-package-announce/2008-June/msg00836.html • CWE-264: Permissions, Privileges, and Access Controls •

CVSS: 5.0EPSS: 0%CPEs: 8EXPL: 0

embed.php in Menalto Gallery before 2.2.5 allows remote attackers to obtain the full path via unknown vectors related to "spoofing the remote address." embed.php de Menalto Gallery versiones anteriores a 2.2.5 permite a atacantes remotos obtener la ruta completa a través de vectores no conocidos relacionados a "suplantación de dirección remota". • http://gallery.menalto.com/gallery_2.2.5_released http://secunia.com/advisories/30650 http://secunia.com/advisories/30826 http://www.securityfocus.com/bid/29681 https://exchange.xforce.ibmcloud.com/vulnerabilities/43028 https://www.redhat.com/archives/fedora-package-announce/2008-June/msg00766.html https://www.redhat.com/archives/fedora-package-announce/2008-June/msg00836.html • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •