Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
gallery gallery 2.2.3 vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2008-4129
Gallery prior to 1.5.9, and 2.x prior to 2.2.6, does not properly handle ZIP archives containing symbolic links, which allows remote authenticated users to conduct directory traversal attacks and read arbitrary files via vectors related to the archive upload (aka zip upload) func...
Gallery Gallery 2.2.2
Gallery Gallery 2.2.0
Gallery Gallery 2.2.1
Gallery Gallery 2.2.4
Gallery Gallery 2.2.3
Gallery Gallery
NA
CVE-2008-4130
Cross-site scripting (XSS) vulnerability in Gallery 2.x prior to 2.2.6 allows remote malicious users to inject arbitrary web script or HTML via a crafted Flash animation, related to the ability of the animation to "interact with the embedding page."
Gallery Gallery 2.2.4
Gallery Gallery 2.2.3
Gallery Gallery 2.2.2
Gallery Gallery 2.2.1
Gallery Gallery 2.2.0
Gallery Gallery
NA
CVE-2008-3662
Gallery prior to 1.5.9, and 2.x prior to 2.2.6, does not set the secure flag for the session cookie in an https session, which can cause the cookie to be sent in http requests and make it easier for remote malicious users to capture this cookie.
Gallery Gallery 2.2.1
Gallery Gallery 2.2.0
Gallery Gallery 2.2.3
Gallery Gallery 2.2.2
Gallery Gallery
Gallery Gallery 2.2.4
NA
CVE-2008-2721
Unspecified vulnerability in the album-select module in Menalto Gallery prior to 2.2.5 allows remote malicious users to obtain titles of hidden albums by attempting to add a new album to a hidden album.
Menalto Gallery 2.2.2
Menalto Gallery 2.2.3
Menalto Gallery
Menalto Gallery 2.1
Menalto Gallery 2.1.1
Menalto Gallery 2.1.2
Menalto Gallery 2.2.0
Menalto Gallery 2.2.1
NA
CVE-2008-2722
Menalto Gallery prior to 2.2.5 allows remote malicious users to bypass permissions for sub-albums via a ZIP archive.
Menalto Gallery 2.2.1
Menalto Gallery 2.2.2
Menalto Gallery 2.2.3
Menalto Gallery
Menalto Gallery 2.1
Menalto Gallery 2.1.1
Menalto Gallery 2.1.2
Menalto Gallery 2.2.0
NA
CVE-2008-2723
embed.php in Menalto Gallery prior to 2.2.5 allows remote malicious users to obtain the full path via unknown vectors related to "spoofing the remote address."
Menalto Gallery 2.2.0
Menalto Gallery 2.2.1
Menalto Gallery 2.2.2
Menalto Gallery 2.2.3
Menalto Gallery
Menalto Gallery 2.1
Menalto Gallery 2.1.1
Menalto Gallery 2.1.2
NA
CVE-2008-2720
Cross-site scripting (XSS) vulnerability in Menalto Gallery prior to 2.2.5 allows remote malicious users to inject arbitrary web script or HTML via the (1) host and (2) path components of a URL.
Menalto Gallery 2.2.2
Menalto Gallery 2.2.3
Menalto Gallery 2.1
Menalto Gallery
Menalto Gallery 2.1.1
Menalto Gallery 2.1.2
Menalto Gallery 2.2.0
Menalto Gallery 2.2.1
NA
CVE-2008-2724
Menalto Gallery prior to 2.2.5 does not enforce permissions for non-album items that have been protected by a password, which might allow remote malicious users to bypass intended access restrictions.
Menalto Gallery 2.2.0
Menalto Gallery 2.2.1
Menalto Gallery 2.2.2
Menalto Gallery 2.2.3
Menalto Gallery 2.1
Menalto Gallery 2.2.4
Menalto Gallery 2.1.1
Menalto Gallery 2.1.2
NA
CVE-2010-4353
Unrestricted file upload vulnerability in modules/gallery/models/item.php in Menalto Gallery prior to 3.0 and beta allows remote authenticated users with upload permissions to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct ...
Menalto Gallery 2.1.1
Menalto Gallery 1.6
Menalto Gallery 2.1.2
Menalto Gallery 1.5.7
Menalto Gallery
Menalto Gallery 2.2.2
Menalto Gallery 2.1
Menalto Gallery 2.2.4
Menalto Gallery 2.2.0
Menalto Gallery 2.2.3
Menalto Gallery 2.2.1
NA
CVE-2007-4650
Multiple unspecified vulnerabilities in Gallery prior to 2.2.3 allow malicious users to (1) rename items, (2) read and modify item properties, or (3) lock and replace items via unknown vectors in (a) the WebDAV module; and (4) edit unspecified data files using "linked items&...
Bharat Mediratta Gallery
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-3661
open redirect
CVE-2024-25512
CVE-2024-33788
command injection
SSTI
CVE-2024-0043
CVE-2024-29210
CVE-2024-25510
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
NEXT »