Filtered by vendor Menalto
Subscribe
Total
23 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2012-4342 | 1 Menalto | 1 Gallery | 2023-12-10 | 4.3 MEDIUM | N/A |
Multiple cross-site scripting (XSS) vulnerabilities in Gallery 3 before 3.0.4 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||
CVE-2012-1113 | 2 Maian, Menalto | 2 Gallery, Gallery | 2023-12-10 | 4.3 MEDIUM | N/A |
Multiple cross-site scripting (XSS) vulnerabilities in the administration subsystem in Gallery 2 before 2.3.2 and 3 before 3.0.3 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||
CVE-2013-2138 | 1 Menalto | 1 Gallery | 2023-12-10 | 7.5 HIGH | N/A |
The (1) uploadify and (2) flowplayer SWF files in Gallery 3 before 3.0.8 do not properly remove query parameters and fragments, which allows remote attackers to have an unspecified impact via a replay attack. | |||||
CVE-2013-2240 | 1 Menalto | 1 Gallery | 2023-12-10 | 7.5 HIGH | N/A |
lib/flowplayer.swf.php in Gallery 3 before 3.0.9 does not properly remove query fragments, which allows remote attackers to have an unspecified impact via a replay attack, a different vulnerability than CVE-2013-2138. | |||||
CVE-2012-4343 | 1 Menalto | 1 Gallery | 2023-12-10 | 7.5 HIGH | N/A |
Multiple unspecified vulnerabilities in Gallery 3 before 3.0.4 allow attackers to execute arbitrary PHP code via unknown vectors. | |||||
CVE-2013-2241 | 1 Menalto | 1 Gallery | 2023-12-10 | 5.0 MEDIUM | N/A |
modules/gallery/helpers/data_rest.php in Gallery 3 before 3.0.9 allows remote attackers to bypass intended access restrictions and obtain sensitive information (image files) via the "full" string in the size parameter. | |||||
CVE-2012-2405 | 2 Maian, Menalto | 2 Gallery, Gallery | 2023-12-10 | 10.0 HIGH | N/A |
Gallery 2 before 2.3.2 and 3 before 3.0.3 does not properly implement encryption, which has unspecified impact and attack vectors, a different vulnerability than CVE-2012-1113. | |||||
CVE-2010-4353 | 1 Menalto | 1 Gallery | 2023-12-10 | 6.0 MEDIUM | N/A |
Unrestricted file upload vulnerability in modules/gallery/models/item.php in Menalto Gallery before 3.0 and beta allows remote authenticated users with upload permissions to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in an unspecified directory. | |||||
CVE-2008-3600 | 1 Menalto | 1 Gallery | 2023-12-10 | 6.8 MEDIUM | N/A |
Directory traversal vulnerability in contrib/phpBB2/modules.php in Gallery 1.5.7 and 1.6-alpha3, when register_globals is enabled, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the phpEx parameter within a modload action. | |||||
CVE-2008-2722 | 1 Menalto | 1 Gallery | 2023-12-10 | 7.5 HIGH | N/A |
Menalto Gallery before 2.2.5 allows remote attackers to bypass permissions for sub-albums via a ZIP archive. | |||||
CVE-2008-2720 | 1 Menalto | 1 Gallery | 2023-12-10 | 4.3 MEDIUM | N/A |
Cross-site scripting (XSS) vulnerability in Menalto Gallery before 2.2.5 allows remote attackers to inject arbitrary web script or HTML via the (1) host and (2) path components of a URL. | |||||
CVE-2008-2724 | 1 Menalto | 1 Gallery | 2023-12-10 | 5.0 MEDIUM | N/A |
Menalto Gallery before 2.2.5 does not enforce permissions for non-album items that have been protected by a password, which might allow remote attackers to bypass intended access restrictions. | |||||
CVE-2008-2721 | 1 Menalto | 1 Gallery | 2023-12-10 | 5.0 MEDIUM | N/A |
Unspecified vulnerability in the album-select module in Menalto Gallery before 2.2.5 allows remote attackers to obtain titles of hidden albums by attempting to add a new album to a hidden album. | |||||
CVE-2008-2723 | 1 Menalto | 1 Gallery | 2023-12-10 | 5.0 MEDIUM | N/A |
embed.php in Menalto Gallery before 2.2.5 allows remote attackers to obtain the full path via unknown vectors related to "spoofing the remote address." | |||||
CVE-2007-6685 | 1 Menalto | 1 Gallery Publish Xp Module | 2023-12-10 | 10.0 HIGH | N/A |
Unspecified vulnerability in the Publish XP module Menalto Gallery before 2.2.4 allows attackers to create albums and upload files via unknown vectors. | |||||
CVE-2007-6690 | 1 Menalto | 1 Gallery | 2023-12-10 | 10.0 HIGH | N/A |
The Gallery Remote module in Menalto Gallery before 2.2.4 does not check permissions for unspecified GR commands, which has unknown impact and attack vectors. | |||||
CVE-2007-6688 | 1 Menalto | 1 Gallery | 2023-12-10 | 10.0 HIGH | N/A |
Unspecified vulnerability in the Installation application in Menalto Gallery before 2.2.4 has unknown impact and attack vectors related to "web-accessibility protection of the storage folder." | |||||
CVE-2007-6687 | 1 Menalto | 1 Gallery | 2023-12-10 | 4.3 MEDIUM | N/A |
Multiple cross-site scripting (XSS) vulnerabilities in Menalto Gallery before 2.2.4 allow remote attackers to inject arbitrary web script or HTML via crafted filenames to the (1) Core or (2) add-item modules; or via (3) HTTP PROPPATCH in the WebDAV module. | |||||
CVE-2007-6693 | 1 Menalto | 1 Gallery Webcam Module | 2023-12-10 | 10.0 HIGH | N/A |
Unspecified vulnerability in the WebCam module in Menalto Gallery before 2.2.4 has unknown impact and attack vectors related to a "proxied request." | |||||
CVE-2007-6691 | 1 Menalto | 1 Gallery | 2023-12-10 | 10.0 HIGH | N/A |
Multiple unspecified vulnerabilities in Menalto Gallery before 2.2.4 have unknown impact, related to (1) "hotlink protection" in the URL rewrite module, (2) a WebDAV view in the WebDAV module, (3) a comment view in the Comment module, (4) unspecified "item information disclosure attacks" in the Core module Gallery application, (5) the slideshow in the Slideshow module, and (6) multiple Print modules. |