CVSS: 10.0EPSS: 5%CPEs: 1EXPL: 1CVE-2007-2715 – Snaps! Gallery 1.4.4 - Remote User Pass Change
https://notcve.org/view.php?id=CVE-2007-2715
Admin/users.php in Snaps! Gallery 1.4.4 allows remote attackers to change arbitrary usernames and passwords via the (1) username, or the (2) password and password2 parameters in an edit action. Admin/users.php en el Snaps! Gallery 1.4.4 permite a atacantes remotos cambiar nombres de usuario y contraseñas de su elección a través de los parámetros (1) username o (2) password y password2 en una acción de edición. • https://www.exploit-db.com/exploits/3900 http://0day.2600.ir/exploits/3900 http://www.securityfocus.com/bid/23940 http://www.vupen.com/english/advisories/2007/1781 https://exchange.xforce.ibmcloud.com/vulnerabilities/34300 •
CVSS: 5.0EPSS: 0%CPEs: 15EXPL: 0CVE-2006-4030
https://notcve.org/view.php?id=CVE-2006-4030
Unspecified vulnerability in the stats module in Gallery 1.5.1-RC2 and earlier allows remote attackers to obtain sensitive information via unspecified attack vectors, related to "two file exposure bugs." Vulnerabilidad no especificada en el módulo de estadísticas en Gallery 1.5.1-RC2 y anteriores permite a atacantes remotos obtener información sensible a través de vectores de ataque desconocidos, relacionados con "dos bugs de exposición de archivos". • http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=325285 http://secunia.com/advisories/16594 http://secunia.com/advisories/21502 http://www.debian.org/security/2006/dsa-1148 http://www.securityfocus.com/bid/19453 http://www.vupen.com/english/advisories/2006/3250 •
CVSS: 4.3EPSS: 0%CPEs: 20EXPL: 0CVE-2006-1696
https://notcve.org/view.php?id=CVE-2006-1696
Cross-site scripting (XSS) vulnerability in Gallery before 1.5.3 allows remote attackers to inject arbitrary web script or HTML via unknown attack vectors. • http://secunia.com/advisories/19580 http://sourceforge.net/project/shownotes.php?release_id=408602&group_id=7130 http://www.osvdb.org/24466 http://www.securityfocus.com/bid/17437 http://www.vupen.com/english/advisories/2006/1285 https://exchange.xforce.ibmcloud.com/vulnerabilities/25707 •
CVSS: 6.5EPSS: 0%CPEs: 16EXPL: 0CVE-2006-0587
https://notcve.org/view.php?id=CVE-2006-0587
Unspecified vulnerability in util.php in Gallery before 1.5.2-pl2 allows remote authenticated users with trick an owner into modifying stored album data and possibly executing arbitrary code via unspecified vectors involving a crafted link to a crafted file. Vulnerabilidad no especificada en util.php de Gallery anteriores a 1.5.2-pl12 permite a usuarios remotos autenticados engañar a un propietario para modificar datos de álbumes almacenados y posiblemente ejecutar código de su elección mediante vectores no especificados que conllevan un enlace artesanal a un fichero artesanal. • http://archives.neohapsis.com/archives/bugtraq/2006-02/0224.html http://archives.neohapsis.com/archives/bugtraq/2006-02/0286.html http://gallery.menalto.com/gallery_1_5_2_pl2_security_release http://secunia.com/advisories/18735 http://securitytracker.com/id?1015641 http://www.digitalarmaments.com/2006140293402395.html http://www.osvdb.org/22944 http://www.osvdb.org/23256 http://www.securityfocus.com/bid/16533 https://exchange.xforce.ibmcloud.com/vulnerabilities/24538 https://exchang •
CVSS: 4.3EPSS: 0%CPEs: 16EXPL: 0CVE-2006-0330
https://notcve.org/view.php?id=CVE-2006-0330
Cross-site scripting (XSS) vulnerability in Gallery before 1.5.2 allows remote attackers to inject arbitrary web script or HTML via unknown attack vectors, possibly involving the user name (fullname). • http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=325285 http://gallery.menalto.com/page/gallery_1_5_2_release http://secunia.com/advisories/18557 http://secunia.com/advisories/18627 http://secunia.com/advisories/21502 http://www.gentoo.org/security/en/glsa/glsa-200601-13.xml http://www.osvdb.org/22660 http://www.securityfocus.com/bid/16334 http://www.us.debian.org/security/2006/dsa-1148 http://www.vupen.com/english/advisories/2006/0282 https://exchange.xforc •