CVE-2007-6692
https://notcve.org/view.php?id=CVE-2007-6692
Open redirect vulnerability in Menalto Gallery before 2.2.4 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the (1) Core and (2) print modules. Vulnerabilidad de redirección libre en Menalto Gallery, en versiones anteriores a la 2.2.4, permite que atacantes remotos redirijan a los usuarios a sitios web arbitrarios y lleven a cabo ataques de phising, a través de una URL en los módulos (1) Core y (2) print • http://bugs.gentoo.org/show_bug.cgi?id=203217 http://gallery.menalto.com/gallery_2.2.4_released http://osvdb.org/41660 http://osvdb.org/41661 http://secunia.com/advisories/28898 http://security.gentoo.org/glsa/glsa-200802-04.xml • CWE-59: Improper Link Resolution Before File Access ('Link Following') •
CVE-2007-4650
https://notcve.org/view.php?id=CVE-2007-4650
Multiple unspecified vulnerabilities in Gallery before 2.2.3 allow attackers to (1) rename items, (2) read and modify item properties, or (3) lock and replace items via unknown vectors in (a) the WebDAV module; and (4) edit unspecified data files using "linked items" in WebDAV and (b) Reupload modules. Múltiples vulnerabilidades no especificadas en Gallery anterior a 2.2.3 permite a atacantes (1) renombrar artículos, (2) leer y modificar propiedades de artículos, o (3) ver y reemplazar artículos mediante vectores no especificados en (a) el módulo WebDAV; y (4) editar información de ficheros no especificados utilizando "artículos enlazados" en WebDAV y (b) módulos Reupload. • http://bugs.gentoo.org/show_bug.cgi?id=191587 http://gallery.menalto.com/gallery_2.2.3_released http://osvdb.org/41657 http://osvdb.org/41658 http://secunia.com/advisories/26716 http://secunia.com/advisories/26719 http://secunia.com/advisories/27502 http://secunia.com/advisories/27594 http://security.gentoo.org/glsa/glsa-200711-03.xml http://www.debian.org/security/2007/dsa-1404 http://www.securityfocus.com/bid/25580 http://www.vupen.com/english/advisories • CWE-264: Permissions, Privileges, and Access Controls •
CVE-2006-4030
https://notcve.org/view.php?id=CVE-2006-4030
Unspecified vulnerability in the stats module in Gallery 1.5.1-RC2 and earlier allows remote attackers to obtain sensitive information via unspecified attack vectors, related to "two file exposure bugs." Vulnerabilidad no especificada en el módulo de estadísticas en Gallery 1.5.1-RC2 y anteriores permite a atacantes remotos obtener información sensible a través de vectores de ataque desconocidos, relacionados con "dos bugs de exposición de archivos". • http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=325285 http://secunia.com/advisories/16594 http://secunia.com/advisories/21502 http://www.debian.org/security/2006/dsa-1148 http://www.securityfocus.com/bid/19453 http://www.vupen.com/english/advisories/2006/3250 •
CVE-2006-1696
https://notcve.org/view.php?id=CVE-2006-1696
Cross-site scripting (XSS) vulnerability in Gallery before 1.5.3 allows remote attackers to inject arbitrary web script or HTML via unknown attack vectors. • http://secunia.com/advisories/19580 http://sourceforge.net/project/shownotes.php?release_id=408602&group_id=7130 http://www.osvdb.org/24466 http://www.securityfocus.com/bid/17437 http://www.vupen.com/english/advisories/2006/1285 https://exchange.xforce.ibmcloud.com/vulnerabilities/25707 •
CVE-2006-0587
https://notcve.org/view.php?id=CVE-2006-0587
Unspecified vulnerability in util.php in Gallery before 1.5.2-pl2 allows remote authenticated users with trick an owner into modifying stored album data and possibly executing arbitrary code via unspecified vectors involving a crafted link to a crafted file. Vulnerabilidad no especificada en util.php de Gallery anteriores a 1.5.2-pl12 permite a usuarios remotos autenticados engañar a un propietario para modificar datos de álbumes almacenados y posiblemente ejecutar código de su elección mediante vectores no especificados que conllevan un enlace artesanal a un fichero artesanal. • http://archives.neohapsis.com/archives/bugtraq/2006-02/0224.html http://archives.neohapsis.com/archives/bugtraq/2006-02/0286.html http://gallery.menalto.com/gallery_1_5_2_pl2_security_release http://secunia.com/advisories/18735 http://securitytracker.com/id?1015641 http://www.digitalarmaments.com/2006140293402395.html http://www.osvdb.org/22944 http://www.osvdb.org/23256 http://www.securityfocus.com/bid/16533 https://exchange.xforce.ibmcloud.com/vulnerabilities/24538 https://exchang •