Page 9 of 43 results (0.007 seconds)

CVSS: 6.8EPSS: 4%CPEs: 8EXPL: 0

Cross-site scripting (XSS) vulnerability in Gallery 1.4.4-pl3 and earlier allows remote attackers to execute arbitrary web script or HTML via "specially formed URLs," possibly via the include parameter in index.php. Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en Gallery 1.4.4-pl3 y anteriores permite a atacantes remotos ejecutar script web o HTML de su elección mediante "URL s especialmente malformadas", posiblemente mediante un parámetro include en index.php • http://g3cko.info/gallery2-4.patch http://gallery.menalto.com/modules.php?op=modload&name=News&file=article&sid=142&mode=thread&order=0&thold=0 http://www.debian.org/security/2005/dsa-642 http://www.gentoo.org/security/en/glsa/glsa-200411-10.xml http://www.securityfocus.com/bid/11602 https://exchange.xforce.ibmcloud.com/vulnerabilities/17948 •

CVSS: 10.0EPSS: 0%CPEs: 18EXPL: 0

Gallery 1.4.3 and earlier allows remote attackers to bypass authentication and obtain Gallery administrator privileges. Gallery 1.4.3 y anteriores permite a atacantes remotos saltarse la autenticación y obtener privilegios de administrador de Gallery. • http://secunia.com/advisories/11752 http://security.gentoo.org/glsa/glsa-200406-10.xml http://www.debian.org/security/2004/dsa-512 http://www.securityfocus.com/bid/10451 https://exchange.xforce.ibmcloud.com/vulnerabilities/16301 •

CVSS: 7.5EPSS: 2%CPEs: 2EXPL: 3

PHP remote file include vulnerability in index.php for Gallery 1.4 and 1.4-pl1, when running on Windows or in Configuration mode on Unix, allows remote attackers to inject arbitrary PHP code via a URL in the GALLERY_BASEDIR parameter, a different vulnerability than CVE-2002-1412. NOTE: this issue might be exploitable only during installation, or if the administrator has not run a security script after installation. • https://www.exploit-db.com/exploits/23238 http://www.securityfocus.com/archive/1/341044 http://www.securityfocus.com/archive/1/341094 http://www.securityfocus.com/archive/1/341098 http://www.securityfocus.com/bid/8814 https://exchange.xforce.ibmcloud.com/vulnerabilities/13419 • CWE-94: Improper Control of Generation of Code ('Code Injection') •