This CPE summary could be partial or incomplete. Please contact us for a detailed listing.
Summary
| Detail | |||
|---|---|---|---|
| Vendor | Menalto | First view | 2013-10-09 |
| Product | Gallery | Last view | 2013-10-09 |
| Version | 3.0.4 | Type | Application |
| Update | * | ||
| Edition | * | ||
| Language | * | ||
| Sofware Edition | * | ||
| Target Software | * | ||
| Target Hardware | * | ||
| Other | * | ||
| CPE Product | cpe:2.3:a:menalto:gallery | ||
Activity : Overall
Related : CVE
| Date | Alert | Description | |
|---|---|---|---|
| 5 | 2013-10-09 | CVE-2013-2241 | modules/gallery/helpers/data_rest.php in Gallery 3 before 3.0.9 allows remote attackers to bypass intended access restrictions and obtain sensitive information (image files) via the "full" string in the size parameter. |
| 7.5 | 2013-10-09 | CVE-2013-2240 | lib/flowplayer.swf.php in Gallery 3 before 3.0.9 does not properly remove query fragments, which allows remote attackers to have an unspecified impact via a replay attack, a different vulnerability than CVE-2013-2138. |
| 7.5 | 2013-10-09 | CVE-2013-2138 | The (1) uploadify and (2) flowplayer SWF files in Gallery 3 before 3.0.8 do not properly remove query parameters and fragments, which allows remote attackers to have an unspecified impact via a replay attack. |
CWE : Common Weakness Enumeration
| % | id | Name |
|---|---|---|
| 50% (1) | CWE-264 | Permissions, Privileges, and Access Controls |
| 50% (1) | CWE-20 | Improper Input Validation |
Nessus® Vulnerability Scanner
| id | Description |
|---|---|
| 2013-07-18 | Name: The remote FreeBSD host is missing a security-related update. File: freebsd_pkg_9b037a0def2c11e2b4a08c705af55518.nasl - Type: ACT_GATHER_INFO |
| 2013-07-16 | Name: The remote Fedora host is missing a security update. File: fedora_2013-12384.nasl - Type: ACT_GATHER_INFO |
| 2013-07-16 | Name: The remote Fedora host is missing a security update. File: fedora_2013-12424.nasl - Type: ACT_GATHER_INFO |
| 2013-07-16 | Name: The remote Fedora host is missing a security update. File: fedora_2013-12441.nasl - Type: ACT_GATHER_INFO |
| 2013-07-03 | Name: The remote web server contains a PHP application that is affected by multiple... File: gallery_309.nasl - Type: ACT_GATHER_INFO |
| 2013-06-19 | Name: The remote web server contains a PHP application that is affected by multiple... File: gallery_308.nasl - Type: ACT_GATHER_INFO |
