Page 7 of 52 results (0.017 seconds)

CVSS: 7.5EPSS: 1%CPEs: 8EXPL: 0

Menalto Gallery before 2.2.5 allows remote attackers to bypass permissions for sub-albums via a ZIP archive. Menalto Gallery anterior a 2.2.5, permite a atacantes remotos evitar permisos para sub-albums a través de un archivo ZIP. • http://gallery.menalto.com/gallery_2.2.5_released http://secunia.com/advisories/30650 http://secunia.com/advisories/30826 http://www.securityfocus.com/bid/29681 https://exchange.xforce.ibmcloud.com/vulnerabilities/43027 https://www.redhat.com/archives/fedora-package-announce/2008-June/msg00766.html https://www.redhat.com/archives/fedora-package-announce/2008-June/msg00836.html • CWE-264: Permissions, Privileges, and Access Controls •

CVSS: 5.0EPSS: 0%CPEs: 8EXPL: 0

embed.php in Menalto Gallery before 2.2.5 allows remote attackers to obtain the full path via unknown vectors related to "spoofing the remote address." embed.php de Menalto Gallery versiones anteriores a 2.2.5 permite a atacantes remotos obtener la ruta completa a través de vectores no conocidos relacionados a "suplantación de dirección remota". • http://gallery.menalto.com/gallery_2.2.5_released http://secunia.com/advisories/30650 http://secunia.com/advisories/30826 http://www.securityfocus.com/bid/29681 https://exchange.xforce.ibmcloud.com/vulnerabilities/43028 https://www.redhat.com/archives/fedora-package-announce/2008-June/msg00766.html https://www.redhat.com/archives/fedora-package-announce/2008-June/msg00836.html • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •

CVSS: 6.5EPSS: 0%CPEs: 28EXPL: 1

Multiple SQL injection vulnerabilities in Coppermine Photo Gallery (CPG) before 1.4.15 allow remote authenticated administrators to execute arbitrary SQL commands via the (1) albumid, (2) startpic, and (3) numpics parameters to util.php; and (4) cid_array parameter to reviewcom.php. Múltiples vulnerabilidades de inyección SQL en Coppermine Photo Gallery (CPG) en versiones anteriores a la 1.4.15 permiten que administradores remotos autenticados ejecuten comandos SQL arbitrarios mediante los parámetros (1) albumid, (2) startpic y (3) numpics en util.php; y el parámetro (4) cid_array en reviewcom.php. • https://www.exploit-db.com/exploits/4950 http://coppermine-gallery.net/forum/index.php?topic=50103.0 http://secunia.com/advisories/28682 http://www.securityfocus.com/archive/1/487351/100/200/threaded http://www.securityfocus.com/bid/27509 http://www.securitytracker.com/id?1019285 http://www.vupen.com/english/advisories/2008/0367 http://www.waraxe.us/advisory-66.html • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •

CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0

Unspecified vulnerability in the Installation application in Menalto Gallery before 2.2.4 has unknown impact and attack vectors related to "web-accessibility protection of the storage folder." Vulnerabilidad no especificada en la aplicación de instalacón en Menalto Gallery, en versiones anteriores a la 2.2.4. Tiene un impacto desconocido y vectores de ataque relacionados con "Proteccion de la accesibilidad web del directorio de almacenamiento" • http://bugs.gentoo.org/show_bug.cgi?id=203217 http://gallery.menalto.com/gallery_2.2.4_released http://osvdb.org/41670 http://secunia.com/advisories/28898 http://security.gentoo.org/glsa/glsa-200802-04.xml https://exchange.xforce.ibmcloud.com/vulnerabilities/39987 •

CVSS: 7.5EPSS: 1%CPEs: 1EXPL: 0

Menalto Gallery before 2.2.4 does not properly check for malicious file extensions during file uploads, which allows attackers to execute arbitrary code via the (1) Core application or (2) MIME module. Menalto Gallery anterior a 2.2.4 no comprueba extensiones de fichero maliciosas durante la subida de ficheros, lo cual permite a atacantes remotos ejecutar código de su elección mediante los módulos (1) Core o (2) MIME. • http://bugs.gentoo.org/show_bug.cgi?id=203217 http://gallery.menalto.com/gallery_2.2.4_released http://osvdb.org/41669 http://secunia.com/advisories/28898 http://security.gentoo.org/glsa/glsa-200802-04.xml • CWE-20: Improper Input Validation •