43 matches found
EUVD-2013-2062
Malware in sbrugna...
EUVD-2013-2103
Malware in sbrugna...
EUVD-2012-4287
Malware in sbrugna...
EUVD-2012-4286
Malware in sbrugna...
EUVD-2013-2192
Malware in sbrugna...
CVE-2012-4342
Multiple cross-site scripting XSS vulnerabilities in Gallery 3 before 3.0.4 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors...
CVE-2012-4343
Multiple unspecified vulnerabilities in Gallery 3 before 3.0.4 allow attackers to execute arbitrary PHP code via unknown vectors...
CVE-2013-2087
Multiple cross-site scripting XSS vulnerabilities in Gallery 3 before 3.0.7 allow remote attackers to inject arbitrary web script or HTML via the 1 movie title to modules/gallery/controllers/movies.php or 2 key variable to modules/gallery/views/erroradmin.html.php...
CVE-2013-2087
Multiple cross-site scripting XSS vulnerabilities in Gallery 3 before 3.0.7 allow remote attackers to inject arbitrary web script or HTML via the 1 movie title to modules/gallery/controllers/movies.php or 2 key variable to modules/gallery/views/erroradmin.html.php...
Cross site scripting
Multiple cross-site scripting XSS vulnerabilities in Gallery 3 before 3.0.7 allow remote attackers to inject arbitrary web script or HTML via the 1 movie title to modules/gallery/controllers/movies.php or 2 key variable to modules/gallery/views/erroradmin.html.php...
CVE-2013-2087
Multiple cross-site scripting XSS vulnerabilities in Gallery 3 before 3.0.7 allow remote attackers to inject arbitrary web script or HTML via the 1 movie title to modules/gallery/controllers/movies.php or 2 key variable to modules/gallery/views/erroradmin.html.php...
CVE-2013-2087
CVE-2013-2087 vulnerabilities affect Gallery 3 up to version 3.0.6 (before 3.0.7). The issue arises from two XSS vectors: (1) the movie title passed to modules/gallery/controllers/movies.php and (2) the key variable used in modules/gallery/views/error_admin.html.php. Successful exploitation allow...
CVE-2013-2240
lib/flowplayer.swf.php in Gallery 3 before 3.0.9 does not properly remove query fragments, which allows remote attackers to have an unspecified impact via a replay attack, a different vulnerability than CVE-2013-2138...
CVE-2013-2138
The 1 uploadify and 2 flowplayer SWF files in Gallery 3 before 3.0.8 do not properly remove query parameters and fragments, which allows remote attackers to have an unspecified impact via a replay attack...
Design/Logic Flaw
modules/gallery/helpers/datarest.php in Gallery 3 before 3.0.9 allows remote attackers to bypass intended access restrictions and obtain sensitive information image files via the "full" string in the size parameter...
CVE-2013-2138
The 1 uploadify and 2 flowplayer SWF files in Gallery 3 before 3.0.8 do not properly remove query parameters and fragments, which allows remote attackers to have an unspecified impact via a replay attack...
Security feature bypass
lib/flowplayer.swf.php in Gallery 3 before 3.0.9 does not properly remove query fragments, which allows remote attackers to have an unspecified impact via a replay attack, a different vulnerability than CVE-2013-2138...
Design/Logic Flaw
The 1 uploadify and 2 flowplayer SWF files in Gallery 3 before 3.0.8 do not properly remove query parameters and fragments, which allows remote attackers to have an unspecified impact via a replay attack...
CVE-2013-2241
The CVE-2013-2241 issue affects Gallery3 before 3.0.9, where data_rest.php could bypass access restrictions via the size parameter with the string “full,” allowing an attacker to access sensitive image files. The vulnerability is rooted in improper access control checks in the data_rest core modu...
CVE-2013-2240
lib/flowplayer.swf.php in Gallery 3 before 3.0.9 does not properly remove query fragments, which allows remote attackers to have an unspecified impact via a replay attack, a different vulnerability than CVE-2013-2138...