Show filters
21 Total Results
Displaying 11-20 of 21
Sort by:
Attacker Value
Unknown

CVE-2009-1911

Disclosure Date: June 04, 2009 (last updated October 04, 2023)
Directory traversal vulnerability in .include/init.php (aka admin/_include/init.php) in QuiXplorer 2.3.2 and earlier, as used in TinyWebGallery (TWG) 1.7.6 and earlier, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the lang parameter to admin/index.php.
0
0
Attacker Value
Unknown

CVE-2008-4531

Disclosure Date: October 09, 2008 (last updated October 04, 2023)
SQL injection vulnerability in Brilliant Gallery 5.x before 5.x-4.2, a module for Drupal, allows remote attackers to execute arbitrary SQL commands via unspecified vectors, related to queries. NOTE: this might be the same issue as CVE-2008-4338.
0
0
Attacker Value
Unknown

CVE-2008-4530

Disclosure Date: October 09, 2008 (last updated October 04, 2023)
Cross-site scripting (XSS) vulnerability in Brilliant Gallery 5.x before 5.x-4.2, a module for Drupal, allows remote authenticated users with permissions to inject arbitrary web script or HTML via unspecified vectors related to posting of answers.
0
0
Attacker Value
Unknown

CVE-2008-4167

Disclosure Date: September 22, 2008 (last updated October 04, 2023)
useradmin.php in Easy Photo Gallery (aka Ezphotogallery) 2.1 does not require administrative authentication, which allows remote attackers to (1) add or (2) remove an Administrator account.
0
0
Attacker Value
Unknown

CVE-2008-2724

Disclosure Date: June 16, 2008 (last updated October 04, 2023)
Menalto Gallery before 2.2.5 does not enforce permissions for non-album items that have been protected by a password, which might allow remote attackers to bypass intended access restrictions.
0
0
Attacker Value
Unknown

CVE-2008-2721

Disclosure Date: June 16, 2008 (last updated October 04, 2023)
Unspecified vulnerability in the album-select module in Menalto Gallery before 2.2.5 allows remote attackers to obtain titles of hidden albums by attempting to add a new album to a hidden album.
0
0
Attacker Value
Unknown

CVE-2008-2723

Disclosure Date: June 16, 2008 (last updated October 04, 2023)
embed.php in Menalto Gallery before 2.2.5 allows remote attackers to obtain the full path via unknown vectors related to "spoofing the remote address."
0
0
Attacker Value
Unknown

CVE-2008-2722

Disclosure Date: June 16, 2008 (last updated October 04, 2023)
Menalto Gallery before 2.2.5 allows remote attackers to bypass permissions for sub-albums via a ZIP archive.
0
0
Attacker Value
Unknown

CVE-2008-2720

Disclosure Date: June 16, 2008 (last updated October 04, 2023)
Cross-site scripting (XSS) vulnerability in Menalto Gallery before 2.2.5 allows remote attackers to inject arbitrary web script or HTML via the (1) host and (2) path components of a URL.
0
0
Attacker Value
Unknown

CVE-2006-1219

Disclosure Date: March 14, 2006 (last updated February 22, 2025)
Directory traversal vulnerability in Gallery 2.0.3 and earlier, and 2.1 before RC-2a, allows remote attackers to include arbitrary PHP files via ".." (dot dot) sequences in the stepOrder parameter to (1) upgrade/index.php or (2) install/index.php.
0
0
View More Topics  < Previous  Next >