CVSS: 7.5EPSS: 1%CPEs: 8EXPL: 0CVE-2008-2722
https://notcve.org/view.php?id=CVE-2008-2722
Menalto Gallery before 2.2.5 allows remote attackers to bypass permissions for sub-albums via a ZIP archive. Menalto Gallery anterior a 2.2.5, permite a atacantes remotos evitar permisos para sub-albums a través de un archivo ZIP. • http://gallery.menalto.com/gallery_2.2.5_released http://secunia.com/advisories/30650 http://secunia.com/advisories/30826 http://www.securityfocus.com/bid/29681 https://exchange.xforce.ibmcloud.com/vulnerabilities/43027 https://www.redhat.com/archives/fedora-package-announce/2008-June/msg00766.html https://www.redhat.com/archives/fedora-package-announce/2008-June/msg00836.html • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 5.0EPSS: 0%CPEs: 8EXPL: 0CVE-2008-2723
https://notcve.org/view.php?id=CVE-2008-2723
embed.php in Menalto Gallery before 2.2.5 allows remote attackers to obtain the full path via unknown vectors related to "spoofing the remote address." embed.php de Menalto Gallery versiones anteriores a 2.2.5 permite a atacantes remotos obtener la ruta completa a través de vectores no conocidos relacionados a "suplantación de dirección remota". • http://gallery.menalto.com/gallery_2.2.5_released http://secunia.com/advisories/30650 http://secunia.com/advisories/30826 http://www.securityfocus.com/bid/29681 https://exchange.xforce.ibmcloud.com/vulnerabilities/43028 https://www.redhat.com/archives/fedora-package-announce/2008-June/msg00766.html https://www.redhat.com/archives/fedora-package-announce/2008-June/msg00836.html • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 5.0EPSS: 0%CPEs: 8EXPL: 0CVE-2008-2724
https://notcve.org/view.php?id=CVE-2008-2724
Menalto Gallery before 2.2.5 does not enforce permissions for non-album items that have been protected by a password, which might allow remote attackers to bypass intended access restrictions. Menalto Gallery anterior a 2.2.5 no hace cumplir los permisos para los elementos non-album que han sido protegidos con contraseña; esto puede permitir a atacantes remotos evitar las restricciones de acceso pretendidas. • http://gallery.menalto.com/gallery_2.2.5_released http://secunia.com/advisories/30650 http://secunia.com/advisories/30826 http://www.securityfocus.com/bid/29681 https://exchange.xforce.ibmcloud.com/vulnerabilities/43031 https://www.redhat.com/archives/fedora-package-announce/2008-June/msg00766.html https://www.redhat.com/archives/fedora-package-announce/2008-June/msg00836.html • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 1CVE-2008-0614 – PhotoKorn Gallery 1.543 - 'pic' SQL Injection
https://notcve.org/view.php?id=CVE-2008-0614
SQL injection vulnerability in index.php in Photokorn Gallery 1.543 allows remote attackers to execute arbitrary SQL commands via the pic parameter in a showpic action. Vulnerabilidad de inyección SQL en index.php en Photokorn Gallery 1.543. Permite a atacantes remotos ejecutar comandos SQL de su elección a tavés del parámetro pic en una acción showpic. • https://www.exploit-db.com/exploits/5065 http://www.securityfocus.com/bid/27627 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2007-6688
https://notcve.org/view.php?id=CVE-2007-6688
Unspecified vulnerability in the Installation application in Menalto Gallery before 2.2.4 has unknown impact and attack vectors related to "web-accessibility protection of the storage folder." Vulnerabilidad no especificada en la aplicación de instalacón en Menalto Gallery, en versiones anteriores a la 2.2.4. Tiene un impacto desconocido y vectores de ataque relacionados con "Proteccion de la accesibilidad web del directorio de almacenamiento" • http://bugs.gentoo.org/show_bug.cgi?id=203217 http://gallery.menalto.com/gallery_2.2.4_released http://osvdb.org/41670 http://secunia.com/advisories/28898 http://security.gentoo.org/glsa/glsa-200802-04.xml https://exchange.xforce.ibmcloud.com/vulnerabilities/39987 •