Page 7 of 74 results (0.004 seconds)

CVSS: 4.3EPSS: 0%CPEs: 8EXPL: 0

Cross-site scripting (XSS) vulnerability in Menalto Gallery before 2.2.5 allows remote attackers to inject arbitrary web script or HTML via the (1) host and (2) path components of a URL. Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en Menalto Gallery anterior a 2.2.5 permite a atacantes remotos inyectar scripts web o HTML mediante los componentes (1) host y (2) path de un URL. • http://gallery.menalto.com/gallery_2.2.5_released http://secunia.com/advisories/30650 http://secunia.com/advisories/30826 http://www.securityfocus.com/bid/29681 https://exchange.xforce.ibmcloud.com/vulnerabilities/43024 https://www.redhat.com/archives/fedora-package-announce/2008-June/msg00766.html https://www.redhat.com/archives/fedora-package-announce/2008-June/msg00836.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 5.0EPSS: 0%CPEs: 8EXPL: 0

Unspecified vulnerability in the album-select module in Menalto Gallery before 2.2.5 allows remote attackers to obtain titles of hidden albums by attempting to add a new album to a hidden album. Vulnerabilidad sin expecificar en el módulo de album-select en Menalto Gallery anteriores a 2.2.5, permite a atacantes remotos conseguir títulos de los álbunes ocultos cuando intenta añadir un nuevo album a uno oculto. • http://gallery.menalto.com/gallery_2.2.5_released http://secunia.com/advisories/30650 http://secunia.com/advisories/30826 http://www.securityfocus.com/bid/29681 https://exchange.xforce.ibmcloud.com/vulnerabilities/43025 https://www.redhat.com/archives/fedora-package-announce/2008-June/msg00766.html https://www.redhat.com/archives/fedora-package-announce/2008-June/msg00836.html • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •

CVSS: 5.0EPSS: 0%CPEs: 8EXPL: 0

Menalto Gallery before 2.2.5 does not enforce permissions for non-album items that have been protected by a password, which might allow remote attackers to bypass intended access restrictions. Menalto Gallery anterior a 2.2.5 no hace cumplir los permisos para los elementos non-album que han sido protegidos con contraseña; esto puede permitir a atacantes remotos evitar las restricciones de acceso pretendidas. • http://gallery.menalto.com/gallery_2.2.5_released http://secunia.com/advisories/30650 http://secunia.com/advisories/30826 http://www.securityfocus.com/bid/29681 https://exchange.xforce.ibmcloud.com/vulnerabilities/43031 https://www.redhat.com/archives/fedora-package-announce/2008-June/msg00766.html https://www.redhat.com/archives/fedora-package-announce/2008-June/msg00836.html • CWE-264: Permissions, Privileges, and Access Controls •

CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 1

SQL injection vulnerability in index.php in Photokorn Gallery 1.543 allows remote attackers to execute arbitrary SQL commands via the pic parameter in a showpic action. Vulnerabilidad de inyección SQL en index.php en Photokorn Gallery 1.543. Permite a atacantes remotos ejecutar comandos SQL de su elección a tavés del parámetro pic en una acción showpic. • https://www.exploit-db.com/exploits/5065 http://www.securityfocus.com/bid/27627 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •

CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0

The URL rewrite module in Menalto Gallery before 2.2.4 allows attackers to include and execute arbitrary local files via unknown vectors related to the admin controller. El módulo URL rewrite para Menalto Gallery anterior a 2.2.4 permite a atacantes remotos incluir y ejecutar ficheros locales de su elección mediante vectores desconocidos relacionados con el controlador de la administración. • http://bugs.gentoo.org/show_bug.cgi?id=203217 http://gallery.menalto.com/gallery_2.2.4_released http://osvdb.org/41674 http://secunia.com/advisories/28898 http://security.gentoo.org/glsa/glsa-200802-04.xml •