Page 9 of 47 results (0.010 seconds)

CVSS: 6.4EPSS: 0%CPEs: 1EXPL: 0

Multiple unspecified vulnerabilities in Gallery before 2.2.3 allow attackers to (1) rename items, (2) read and modify item properties, or (3) lock and replace items via unknown vectors in (a) the WebDAV module; and (4) edit unspecified data files using "linked items" in WebDAV and (b) Reupload modules. Múltiples vulnerabilidades no especificadas en Gallery anterior a 2.2.3 permite a atacantes (1) renombrar artículos, (2) leer y modificar propiedades de artículos, o (3) ver y reemplazar artículos mediante vectores no especificados en (a) el módulo WebDAV; y (4) editar información de ficheros no especificados utilizando "artículos enlazados" en WebDAV y (b) módulos Reupload. • http://bugs.gentoo.org/show_bug.cgi?id=191587 http://gallery.menalto.com/gallery_2.2.3_released http://osvdb.org/41657 http://osvdb.org/41658 http://secunia.com/advisories/26716 http://secunia.com/advisories/26719 http://secunia.com/advisories/27502 http://secunia.com/advisories/27594 http://security.gentoo.org/glsa/glsa-200711-03.xml http://www.debian.org/security/2007/dsa-1404 http://www.securityfocus.com/bid/25580 http://www.vupen.com/english/advisories&#x • CWE-264: Permissions, Privileges, and Access Controls •

CVSS: 5.0EPSS: 0%CPEs: 15EXPL: 0

Unspecified vulnerability in the stats module in Gallery 1.5.1-RC2 and earlier allows remote attackers to obtain sensitive information via unspecified attack vectors, related to "two file exposure bugs." Vulnerabilidad no especificada en el módulo de estadísticas en Gallery 1.5.1-RC2 y anteriores permite a atacantes remotos obtener información sensible a través de vectores de ataque desconocidos, relacionados con "dos bugs de exposición de archivos". • http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=325285 http://secunia.com/advisories/16594 http://secunia.com/advisories/21502 http://www.debian.org/security/2006/dsa-1148 http://www.securityfocus.com/bid/19453 http://www.vupen.com/english/advisories/2006/3250 •

CVSS: 5.0EPSS: 0%CPEs: 1EXPL: 1

Cross-site request forgery (CSRF) vulnerability in Invision Gallery before 1.3.1 allows remote attackers to delete albums and images as another user via a link or IMG tag to the (1) albums or (2) delimg actions. • http://marc.info/?l=bugtraq&m=111834146710329&w=2 http://www.gulftech.org/?node=research&article_id=00079-06092005 • CWE-352: Cross-Site Request Forgery (CSRF) •

CVSS: 4.3EPSS: 0%CPEs: 13EXPL: 1

Cross-site scripting (XSS) vulnerability in search.php of Gallery 1.1 through 1.3.4 allows remote attackers to insert arbitrary web script via the searchstring parameter. Vulnerabilidad en sitios cruzados en search.php de Gallery 1.1 a 1.3.4 permite a atacantes remotos insertar script web mediante el parámetro searchstring • https://www.exploit-db.com/exploits/22961 http://gallery.menalto.com/modules.php?op=modload&name=News&file=article&sid=82&mode=thread&order=0&thold=0 http://marc.info/?l=bugtraq&m=106252092421469&w=2 http://www.debian.org/security/2003/dsa-355 http://www.securityfocus.com/archive/1/330676 http://www.securityfocus.com/archive/1/348641/30/21790/threaded •

CVSS: 7.5EPSS: 19%CPEs: 1EXPL: 2

Gallery photo album package before 1.3.1 allows local and possibly remote attackers to execute arbitrary code via a modified GALLERY_BASEDIR variable that points to a directory or URL that contains a Trojan horse init.php script. El paquete album de fotos Gallery anterior a 1.3.1permite a atacantes locales y posiblemente remotos ejecutar código arbitrario mediante una variable GALLERY_BASEDIR que apunta a un directorio o una URL que contiene un script php.ini que sea caballo de Troya. • https://www.exploit-db.com/exploits/21676 http://archives.neohapsis.com/archives/bugtraq/2002-07/0471.html http://gallery.menalto.com/modules.php?op=modload&name=News&file=article&sid=50&mode=thread&order=0&thold=0 http://www.debian.org/security/2002/dsa-138 http://www.securityfocus.com/bid/5375 https://exchange.xforce.ibmcloud.com/vulnerabilities/9737 •