Page 9 of 51 results (0.004 seconds)

CVSS: 6.4EPSS: 0%CPEs: 1EXPL: 0

Multiple unspecified vulnerabilities in Gallery before 2.2.3 allow attackers to (1) rename items, (2) read and modify item properties, or (3) lock and replace items via unknown vectors in (a) the WebDAV module; and (4) edit unspecified data files using "linked items" in WebDAV and (b) Reupload modules. Múltiples vulnerabilidades no especificadas en Gallery anterior a 2.2.3 permite a atacantes (1) renombrar artículos, (2) leer y modificar propiedades de artículos, o (3) ver y reemplazar artículos mediante vectores no especificados en (a) el módulo WebDAV; y (4) editar información de ficheros no especificados utilizando "artículos enlazados" en WebDAV y (b) módulos Reupload. • http://bugs.gentoo.org/show_bug.cgi?id=191587 http://gallery.menalto.com/gallery_2.2.3_released http://osvdb.org/41657 http://osvdb.org/41658 http://secunia.com/advisories/26716 http://secunia.com/advisories/26719 http://secunia.com/advisories/27502 http://secunia.com/advisories/27594 http://security.gentoo.org/glsa/glsa-200711-03.xml http://www.debian.org/security/2007/dsa-1404 http://www.securityfocus.com/bid/25580 http://www.vupen.com/english/advisories&#x • CWE-264: Permissions, Privileges, and Access Controls •

CVSS: 5.0EPSS: 0%CPEs: 15EXPL: 0

Unspecified vulnerability in the stats module in Gallery 1.5.1-RC2 and earlier allows remote attackers to obtain sensitive information via unspecified attack vectors, related to "two file exposure bugs." Vulnerabilidad no especificada en el módulo de estadísticas en Gallery 1.5.1-RC2 y anteriores permite a atacantes remotos obtener información sensible a través de vectores de ataque desconocidos, relacionados con "dos bugs de exposición de archivos". • http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=325285 http://secunia.com/advisories/16594 http://secunia.com/advisories/21502 http://www.debian.org/security/2006/dsa-1148 http://www.securityfocus.com/bid/19453 http://www.vupen.com/english/advisories/2006/3250 •

CVSS: 4.3EPSS: 0%CPEs: 20EXPL: 0

Cross-site scripting (XSS) vulnerability in Gallery before 1.5.3 allows remote attackers to inject arbitrary web script or HTML via unknown attack vectors. • http://secunia.com/advisories/19580 http://sourceforge.net/project/shownotes.php?release_id=408602&group_id=7130 http://www.osvdb.org/24466 http://www.securityfocus.com/bid/17437 http://www.vupen.com/english/advisories/2006/1285 https://exchange.xforce.ibmcloud.com/vulnerabilities/25707 •

CVSS: 6.5EPSS: 0%CPEs: 16EXPL: 0

Unspecified vulnerability in util.php in Gallery before 1.5.2-pl2 allows remote authenticated users with trick an owner into modifying stored album data and possibly executing arbitrary code via unspecified vectors involving a crafted link to a crafted file. Vulnerabilidad no especificada en util.php de Gallery anteriores a 1.5.2-pl12 permite a usuarios remotos autenticados engañar a un propietario para modificar datos de álbumes almacenados y posiblemente ejecutar código de su elección mediante vectores no especificados que conllevan un enlace artesanal a un fichero artesanal. • http://archives.neohapsis.com/archives/bugtraq/2006-02/0224.html http://archives.neohapsis.com/archives/bugtraq/2006-02/0286.html http://gallery.menalto.com/gallery_1_5_2_pl2_security_release http://secunia.com/advisories/18735 http://securitytracker.com/id?1015641 http://www.digitalarmaments.com/2006140293402395.html http://www.osvdb.org/22944 http://www.osvdb.org/23256 http://www.securityfocus.com/bid/16533 https://exchange.xforce.ibmcloud.com/vulnerabilities/24538 https://exchang •

CVSS: 4.3EPSS: 0%CPEs: 16EXPL: 0

Cross-site scripting (XSS) vulnerability in Gallery before 1.5.2 allows remote attackers to inject arbitrary web script or HTML via unknown attack vectors, possibly involving the user name (fullname). • http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=325285 http://gallery.menalto.com/page/gallery_1_5_2_release http://secunia.com/advisories/18557 http://secunia.com/advisories/18627 http://secunia.com/advisories/21502 http://www.gentoo.org/security/en/glsa/glsa-200601-13.xml http://www.osvdb.org/22660 http://www.securityfocus.com/bid/16334 http://www.us.debian.org/security/2006/dsa-1148 http://www.vupen.com/english/advisories/2006/0282 https://exchange.xforc •