Every CVE whose affected-product data names Menalto Gallery, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (21)
CVE-2007-6688 — CVSS 10.0 (critical): Unspecified vulnerability in the Installation application in Menalto Gallery before 2.2.4 has unknown impact and attack vectors related to…
CVE-2012-2405 — CVSS 10.0 (critical): Gallery 2 before 2.3.2 and 3 before 3.0.3 does not properly implement encryption, which has unspecified impact and attack vectors, a…
CVE-2007-6690 — CVSS 10.0 (critical): The Gallery Remote module in Menalto Gallery before 2.2.4 does not check permissions for unspecified GR commands, which has unknown impact…
CVE-2007-6691 — CVSS 10.0 (critical): Multiple unspecified vulnerabilities in Menalto Gallery before 2.2.4 have unknown impact, related to (1) "hotlink protection" in the URL…
CVE-2007-6686 — CVSS 10.0 (critical): The URL rewrite module in Menalto Gallery before 2.2.4 allows attackers to include and execute arbitrary local files via unknown vectors…
CVE-2008-2722 — CVSS 7.5 (high): Menalto Gallery before 2.2.5 allows remote attackers to bypass permissions for sub-albums via a ZIP archive.
CVE-2013-2138 — CVSS 7.5 (high): The (1) uploadify and (2) flowplayer SWF files in Gallery 3 before 3.0.8 do not properly remove query parameters and fragments, which…
CVE-2013-2240 — CVSS 7.5 (high): lib/flowplayer.swf.php in Gallery 3 before 3.0.9 does not properly remove query fragments, which allows remote attackers to have an…
CVE-2012-4343 — CVSS 7.5 (high): Multiple unspecified vulnerabilities in Gallery 3 before 3.0.4 allow attackers to execute arbitrary PHP code via unknown vectors.
CVE-2007-6689 — CVSS 7.5 (high): Menalto Gallery before 2.2.4 does not properly check for malicious file extensions during file uploads, which allows attackers to execute…
CVE-2008-3600 — CVSS 6.8 (medium): Directory traversal vulnerability in contrib/phpBB2/modules.php in Gallery 1.5.7 and 1.6-alpha3, when register_globals is enabled, allows…
CVE-2007-6692 — CVSS 6.4 (medium): Open redirect vulnerability in Menalto Gallery before 2.2.4 allows remote attackers to redirect users to arbitrary web sites and conduct…
CVE-2010-4353 — CVSS 6.0 (medium): Unrestricted file upload vulnerability in modules/gallery/models/item.php in Menalto Gallery before 3.0 and beta allows remote…
CVE-2013-2241 — CVSS 5.0 (medium): modules/gallery/helpers/data_rest.php in Gallery 3 before 3.0.9 allows remote attackers to bypass intended access restrictions and obtain…
CVE-2008-2721 — CVSS 5.0 (medium): Unspecified vulnerability in the album-select module in Menalto Gallery before 2.2.5 allows remote attackers to obtain titles of hidden…
CVE-2008-2723 — CVSS 5.0 (medium): embed.php in Menalto Gallery before 2.2.5 allows remote attackers to obtain the full path via unknown vectors related to "spoofing the…
CVE-2008-2724 — CVSS 5.0 (medium): Menalto Gallery before 2.2.5 does not enforce permissions for non-album items that have been protected by a password, which might allow…
CVE-2012-4342 — CVSS 4.3 (medium): Multiple cross-site scripting (XSS) vulnerabilities in Gallery 3 before 3.0.4 allow remote attackers to inject arbitrary web script or HTML…
CVE-2012-1113 — CVSS 4.3 (medium): Multiple cross-site scripting (XSS) vulnerabilities in the administration subsystem in Gallery 2 before 2.3.2 and 3 before 3.0.3 allow…
CVE-2008-2720 — CVSS 4.3 (medium): Cross-site scripting (XSS) vulnerability in Menalto Gallery before 2.2.5 allows remote attackers to inject arbitrary web script or HTML via…
CVE-2007-6687 — CVSS 4.3 (medium): Multiple cross-site scripting (XSS) vulnerabilities in Menalto Gallery before 2.2.4 allow remote attackers to inject arbitrary web script…