43 matches found
EUVD-2012-4286
Malware in sbrugna...
EUVD-2012-4287
Malware in sbrugna...
EUVD-2013-2192
Malware in sbrugna...
EUVD-2013-2103
Malware in sbrugna...
EUVD-2013-2062
Malware in sbrugna...
CVE-2012-4342
Multiple cross-site scripting XSS vulnerabilities in Gallery 3 before 3.0.4 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors...
CVE-2012-4343
Multiple unspecified vulnerabilities in Gallery 3 before 3.0.4 allow attackers to execute arbitrary PHP code via unknown vectors...
CVE-2013-2087
Multiple cross-site scripting XSS vulnerabilities in Gallery 3 before 3.0.7 allow remote attackers to inject arbitrary web script or HTML via the 1 movie title to modules/gallery/controllers/movies.php or 2 key variable to modules/gallery/views/erroradmin.html.php...
CVE-2013-2087
Multiple cross-site scripting XSS vulnerabilities in Gallery 3 before 3.0.7 allow remote attackers to inject arbitrary web script or HTML via the 1 movie title to modules/gallery/controllers/movies.php or 2 key variable to modules/gallery/views/erroradmin.html.php...
Cross site scripting
Multiple cross-site scripting XSS vulnerabilities in Gallery 3 before 3.0.7 allow remote attackers to inject arbitrary web script or HTML via the 1 movie title to modules/gallery/controllers/movies.php or 2 key variable to modules/gallery/views/erroradmin.html.php...
CVE-2013-2087
Multiple cross-site scripting XSS vulnerabilities in Gallery 3 before 3.0.7 allow remote attackers to inject arbitrary web script or HTML via the 1 movie title to modules/gallery/controllers/movies.php or 2 key variable to modules/gallery/views/erroradmin.html.php...
CVE-2013-2087
CVE-2013-2087 vulnerabilities affect Gallery 3 up to version 3.0.6 (before 3.0.7). The issue arises from two XSS vectors: (1) the movie title passed to modules/gallery/controllers/movies.php and (2) the key variable used in modules/gallery/views/error_admin.html.php. Successful exploitation allow...
CVE-2013-2240
lib/flowplayer.swf.php in Gallery 3 before 3.0.9 does not properly remove query fragments, which allows remote attackers to have an unspecified impact via a replay attack, a different vulnerability than CVE-2013-2138...
CVE-2013-2138
The 1 uploadify and 2 flowplayer SWF files in Gallery 3 before 3.0.8 do not properly remove query parameters and fragments, which allows remote attackers to have an unspecified impact via a replay attack...
Design/Logic Flaw
modules/gallery/helpers/datarest.php in Gallery 3 before 3.0.9 allows remote attackers to bypass intended access restrictions and obtain sensitive information image files via the "full" string in the size parameter...
Design/Logic Flaw
The 1 uploadify and 2 flowplayer SWF files in Gallery 3 before 3.0.8 do not properly remove query parameters and fragments, which allows remote attackers to have an unspecified impact via a replay attack...
CVE-2013-2138
The 1 uploadify and 2 flowplayer SWF files in Gallery 3 before 3.0.8 do not properly remove query parameters and fragments, which allows remote attackers to have an unspecified impact via a replay attack...
Security feature bypass
lib/flowplayer.swf.php in Gallery 3 before 3.0.9 does not properly remove query fragments, which allows remote attackers to have an unspecified impact via a replay attack, a different vulnerability than CVE-2013-2138...
CVE-2013-2240
lib/flowplayer.swf.php in Gallery 3 before 3.0.9 does not properly remove query fragments, which allows remote attackers to have an unspecified impact via a replay attack, a different vulnerability than CVE-2013-2138...
CVE-2013-2241
modules/gallery/helpers/datarest.php in Gallery 3 before 3.0.9 allows remote attackers to bypass intended access restrictions and obtain sensitive information image files via the "full" string in the size parameter...