43 matches found
EUVD-2012-4286
Malware in sbrugna...
EUVD-2013-2103
Malware in sbrugna...
EUVD-2013-2062
Malware in sbrugna...
EUVD-2012-4287
Malware in sbrugna...
EUVD-2013-2192
Malware in sbrugna...
CVE-2012-4342
Multiple cross-site scripting XSS vulnerabilities in Gallery 3 before 3.0.4 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors...
CVE-2012-4343
Multiple unspecified vulnerabilities in Gallery 3 before 3.0.4 allow attackers to execute arbitrary PHP code via unknown vectors...
CVE-2013-2087
Multiple cross-site scripting XSS vulnerabilities in Gallery 3 before 3.0.7 allow remote attackers to inject arbitrary web script or HTML via the 1 movie title to modules/gallery/controllers/movies.php or 2 key variable to modules/gallery/views/erroradmin.html.php...
Cross site scripting
Multiple cross-site scripting XSS vulnerabilities in Gallery 3 before 3.0.7 allow remote attackers to inject arbitrary web script or HTML via the 1 movie title to modules/gallery/controllers/movies.php or 2 key variable to modules/gallery/views/erroradmin.html.php...
CVE-2013-2087
Multiple cross-site scripting XSS vulnerabilities in Gallery 3 before 3.0.7 allow remote attackers to inject arbitrary web script or HTML via the 1 movie title to modules/gallery/controllers/movies.php or 2 key variable to modules/gallery/views/erroradmin.html.php...
CVE-2013-2087
CVE-2013-2087 vulnerabilities affect Gallery 3 up to version 3.0.6 (before 3.0.7). The issue arises from two XSS vectors: (1) the movie title passed to modules/gallery/controllers/movies.php and (2) the key variable used in modules/gallery/views/error_admin.html.php. Successful exploitation allow...
CVE-2013-2087
Multiple cross-site scripting XSS vulnerabilities in Gallery 3 before 3.0.7 allow remote attackers to inject arbitrary web script or HTML via the 1 movie title to modules/gallery/controllers/movies.php or 2 key variable to modules/gallery/views/erroradmin.html.php...
CVE-2013-2240
lib/flowplayer.swf.php in Gallery 3 before 3.0.9 does not properly remove query fragments, which allows remote attackers to have an unspecified impact via a replay attack, a different vulnerability than CVE-2013-2138...
CVE-2013-2138
The 1 uploadify and 2 flowplayer SWF files in Gallery 3 before 3.0.8 do not properly remove query parameters and fragments, which allows remote attackers to have an unspecified impact via a replay attack...
Design/Logic Flaw
modules/gallery/helpers/datarest.php in Gallery 3 before 3.0.9 allows remote attackers to bypass intended access restrictions and obtain sensitive information image files via the "full" string in the size parameter...
Security feature bypass
lib/flowplayer.swf.php in Gallery 3 before 3.0.9 does not properly remove query fragments, which allows remote attackers to have an unspecified impact via a replay attack, a different vulnerability than CVE-2013-2138...
Design/Logic Flaw
The 1 uploadify and 2 flowplayer SWF files in Gallery 3 before 3.0.8 do not properly remove query parameters and fragments, which allows remote attackers to have an unspecified impact via a replay attack...
CVE-2013-2138
The 1 uploadify and 2 flowplayer SWF files in Gallery 3 before 3.0.8 do not properly remove query parameters and fragments, which allows remote attackers to have an unspecified impact via a replay attack...
CVE-2013-2241
The CVE-2013-2241 issue affects Gallery3 before 3.0.9, where data_rest.php could bypass access restrictions via the size parameter with the string “full,” allowing an attacker to access sensitive image files. The vulnerability is rooted in improper access control checks in the data_rest core modu...
CVE-2013-2240
The CVE-2013-2240 issue affects Gallery 3, specifically the lib/flowplayer.swf.php component used in Gallery 3 prior to version 3.0.9. The vulnerability arises because query fragments are not properly removed, which could enable a remote attacker to achieve an unspecified impact via a replay atta...