CVSS: 10.0EPSS: 1%CPEs: 1EXPL: 0CVE-2007-6688
https://notcve.org/view.php?id=CVE-2007-6688
17 Jan 2008 — Unspecified vulnerability in the Installation application in Menalto Gallery before 2.2.4 has unknown impact and attack vectors related to "web-accessibility protection of the storage folder." Vulnerabilidad no especificada en la aplicación de instalacón en Menalto Gallery, en versiones anteriores a la 2.2.4. Tiene un impacto desconocido y vectores de ataque relacionados con "Proteccion de la accesibilidad web del directorio de almacenamiento" • http://bugs.gentoo.org/show_bug.cgi?id=203217 •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2007-6690
https://notcve.org/view.php?id=CVE-2007-6690
17 Jan 2008 — The Gallery Remote module in Menalto Gallery before 2.2.4 does not check permissions for unspecified GR commands, which has unknown impact and attack vectors. El módulo Gallery Remote para Menalto Gallery anterior a 2.2.4 no comprueba los permisos para comandos GR no especificados, lo cual tiene impacto y vectores de ataque desconocidos. • http://bugs.gentoo.org/show_bug.cgi?id=203217 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 9.1EPSS: 0%CPEs: 1EXPL: 0CVE-2007-4650
https://notcve.org/view.php?id=CVE-2007-4650
04 Sep 2007 — Multiple unspecified vulnerabilities in Gallery before 2.2.3 allow attackers to (1) rename items, (2) read and modify item properties, or (3) lock and replace items via unknown vectors in (a) the WebDAV module; and (4) edit unspecified data files using "linked items" in WebDAV and (b) Reupload modules. Múltiples vulnerabilidades no especificadas en Gallery anterior a 2.2.3 permite a atacantes (1) renombrar artículos, (2) leer y modificar propiedades de artículos, o (3) ver y reemplazar artículos mediante ve... • http://bugs.gentoo.org/show_bug.cgi?id=191587 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 9.8EPSS: 1%CPEs: 1EXPL: 1CVE-2007-2076
https://notcve.org/view.php?id=CVE-2007-2076
18 Apr 2007 — PHP remote file inclusion vulnerability in index.php in Maian Gallery 1.0 allows remote attackers to execute arbitrary PHP code via a URL in the path_to_folder parameter. NOTE: this issue was disputed by a third party researcher, but confirmed by the vendor, stating "this problem existed only briefly in v1.0." Vulnerabilidad de inclusión remota de archivo en PHP en index.php de Maian Gallery 1.0 permite a atacantes remotos ejecutar código PHP de su elección mediante una URL en el parámetro path_to_folder. N... • http://archives.neohapsis.com/archives/bugtraq/2007-04/0244.html •
CVSS: 7.5EPSS: 0%CPEs: 15EXPL: 0CVE-2006-4030
https://notcve.org/view.php?id=CVE-2006-4030
16 Aug 2006 — Unspecified vulnerability in the stats module in Gallery 1.5.1-RC2 and earlier allows remote attackers to obtain sensitive information via unspecified attack vectors, related to "two file exposure bugs." Vulnerabilidad no especificada en el módulo de estadísticas en Gallery 1.5.1-RC2 y anteriores permite a atacantes remotos obtener información sensible a través de vectores de ataque desconocidos, relacionados con "dos bugs de exposición de archivos". • http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=325285 •
CVSS: 6.1EPSS: 0%CPEs: 20EXPL: 0CVE-2006-1696
https://notcve.org/view.php?id=CVE-2006-1696
11 Apr 2006 — Cross-site scripting (XSS) vulnerability in Gallery before 1.5.3 allows remote attackers to inject arbitrary web script or HTML via unknown attack vectors. • http://secunia.com/advisories/19580 •
CVSS: 9.1EPSS: 8%CPEs: 14EXPL: 1CVE-2006-1219 – Gallery 2.0.3 - 'stepOrder[]' Remote Command Execution
https://notcve.org/view.php?id=CVE-2006-1219
14 Mar 2006 — Directory traversal vulnerability in Gallery 2.0.3 and earlier, and 2.1 before RC-2a, allows remote attackers to include arbitrary PHP files via ".." (dot dot) sequences in the stepOrder parameter to (1) upgrade/index.php or (2) install/index.php. • https://www.exploit-db.com/exploits/1566 •
CVSS: 6.4EPSS: 0%CPEs: 1EXPL: 0CVE-2006-1126
https://notcve.org/view.php?id=CVE-2006-1126
09 Mar 2006 — Gallery 2 up to 2.0.2 allows remote attackers to spoof their IP address via a modified X-Forwarded-For (X_FORWARDED_FOR) HTTP header, which is checked by Gallery before other more reliable sources of IP address information, such as REMOTE_ADDR. • http://archives.neohapsis.com/archives/bugtraq/2006-02/0621.html •
CVSS: 9.1EPSS: 10%CPEs: 11EXPL: 1CVE-2006-1128 – Gallery 2 < 2.0.2 - Multiple Vulnerabilities
https://notcve.org/view.php?id=CVE-2006-1128
09 Mar 2006 — Directory traversal vulnerability in the session handling class (GallerySession.class) in Gallery 2 up to 2.0.2 allows remote attackers to access and delete files by specifying the session in a cookie, which is used in constructing file paths before the session value is sanitized. • https://www.exploit-db.com/exploits/43837 •
CVSS: 6.1EPSS: 5%CPEs: 11EXPL: 1CVE-2006-1127 – Gallery 2 < 2.0.2 - Multiple Vulnerabilities
https://notcve.org/view.php?id=CVE-2006-1127
09 Mar 2006 — Cross-site scripting (XSS) vulnerability in Gallery 2 up to 2.0.2 allows remote attackers to inject arbitrary web script or HTML via the X-Forwarded-For (X_FORWARDED_FOR) HTTP header, which is not properly handled when adding a comment to an album. • https://www.exploit-db.com/exploits/43837 •