Vulnerabilities > Menalto > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2013-10-10 | CVE-2013-2240 | Unspecified vulnerability in Menalto Gallery lib/flowplayer.swf.php in Gallery 3 before 3.0.9 does not properly remove query fragments, which allows remote attackers to have an unspecified impact via a replay attack, a different vulnerability than CVE-2013-2138. | 7.5 |
| 2013-10-10 | CVE-2013-2138 | Improper Input Validation vulnerability in Menalto Gallery The (1) uploadify and (2) flowplayer SWF files in Gallery 3 before 3.0.8 do not properly remove query parameters and fragments, which allows remote attackers to have an unspecified impact via a replay attack. | 7.5 |
| 2012-08-15 | CVE-2012-4343 | Remote Security vulnerability in Gallery Multiple unspecified vulnerabilities in Gallery 3 before 3.0.4 allow attackers to execute arbitrary PHP code via unknown vectors. | 7.5 |
| 2008-06-16 | CVE-2008-2722 | Permissions, Privileges, and Access Controls vulnerability in Menalto Gallery Menalto Gallery before 2.2.5 allows remote attackers to bypass permissions for sub-albums via a ZIP archive. | 7.5 |
| 2008-01-17 | CVE-2007-6689 | Improper Input Validation vulnerability in Menalto Gallery Menalto Gallery before 2.2.4 does not properly check for malicious file extensions during file uploads, which allows attackers to execute arbitrary code via the (1) Core application or (2) MIME module. | 7.5 |