Page 9 of 69 results (0.015 seconds)

CVSS: 5.0EPSS: 0%CPEs: 15EXPL: 0

Unspecified vulnerability in the stats module in Gallery 1.5.1-RC2 and earlier allows remote attackers to obtain sensitive information via unspecified attack vectors, related to "two file exposure bugs." Vulnerabilidad no especificada en el módulo de estadísticas en Gallery 1.5.1-RC2 y anteriores permite a atacantes remotos obtener información sensible a través de vectores de ataque desconocidos, relacionados con "dos bugs de exposición de archivos". • http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=325285 http://secunia.com/advisories/16594 http://secunia.com/advisories/21502 http://www.debian.org/security/2006/dsa-1148 http://www.securityfocus.com/bid/19453 http://www.vupen.com/english/advisories/2006/3250 •

CVSS: 4.3EPSS: 0%CPEs: 20EXPL: 0

Cross-site scripting (XSS) vulnerability in Gallery before 1.5.3 allows remote attackers to inject arbitrary web script or HTML via unknown attack vectors. • http://secunia.com/advisories/19580 http://sourceforge.net/project/shownotes.php?release_id=408602&group_id=7130 http://www.osvdb.org/24466 http://www.securityfocus.com/bid/17437 http://www.vupen.com/english/advisories/2006/1285 https://exchange.xforce.ibmcloud.com/vulnerabilities/25707 •

CVSS: 5.0EPSS: 3%CPEs: 14EXPL: 1

Directory traversal vulnerability in Gallery 2.0.3 and earlier, and 2.1 before RC-2a, allows remote attackers to include arbitrary PHP files via ".." (dot dot) sequences in the stepOrder parameter to (1) upgrade/index.php or (2) install/index.php. • https://www.exploit-db.com/exploits/1566 http://gallery.menalto.com/2.0.4_and_2.1_rc_2a_update http://secunia.com/advisories/19175 http://www.securityfocus.com/bid/17051 http://www.vupen.com/english/advisories/2006/0895 https://exchange.xforce.ibmcloud.com/vulnerabilities/25129 •

CVSS: 6.4EPSS: 1%CPEs: 1EXPL: 0

Gallery 2 up to 2.0.2 allows remote attackers to spoof their IP address via a modified X-Forwarded-For (X_FORWARDED_FOR) HTTP header, which is checked by Gallery before other more reliable sources of IP address information, such as REMOTE_ADDR. • http://archives.neohapsis.com/archives/bugtraq/2006-02/0621.html http://gallery.menalto.com/gallery_2.0.3_released http://secunia.com/advisories/19104 http://securitytracker.com/id?1015717 http://www.gulftech.org/?node=research&article_id=00106-03022006 http://www.vupen.com/english/advisories/2006/0813 https://exchange.xforce.ibmcloud.com/vulnerabilities/25120 •

CVSS: 4.3EPSS: 0%CPEs: 11EXPL: 1

Cross-site scripting (XSS) vulnerability in Gallery 2 up to 2.0.2 allows remote attackers to inject arbitrary web script or HTML via the X-Forwarded-For (X_FORWARDED_FOR) HTTP header, which is not properly handled when adding a comment to an album. • https://www.exploit-db.com/exploits/43837 http://archives.neohapsis.com/archives/bugtraq/2006-02/0621.html http://gallery.menalto.com/gallery_2.0.3_released http://secunia.com/advisories/19104 http://securitytracker.com/id?1015717 http://www.gulftech.org/?node=research&article_id=00106-03022006 http://www.osvdb.org/23596 http://www.securityfocus.com/bid/16940 http://www.vupen.com/english/advisories/2006/0813 https://exchange.xforce.ibmcloud.com/vulnerabilities/25117 •