Search CVE reports
1 – 10 of 49 results
CVE-2011-1028
Medium priorityThe $smarty.template variable in Smarty3 allows attackers to possibly execute arbitrary PHP code via the sysplugins/smarty_internal_compile_private_special_variable.php file.
3 affected packages
gallery2, moodle, smarty
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
gallery2 | — | — | — | — | Not in release |
moodle | — | — | — | — | Not affected |
smarty | — | — | — | — | Not in release |
CVE-2014-8350
Medium prioritySmarty before 3.1.21 allows remote attackers to bypass the secure mode restrictions and execute arbitrary PHP code as demonstrated by "{literal}<{/literal}script language=php>" in a template.
4 affected packages
gallery2, moodle, smarty, smarty3
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
gallery2 | — | — | — | Not in release | Not in release |
moodle | — | — | — | Not affected | Not affected |
smarty | — | — | — | Not in release | Not in release |
smarty3 | — | — | — | Not affected | Not affected |
CVE-2013-2087
Medium priorityMultiple cross-site scripting (XSS) vulnerabilities in Gallery 3 before 3.0.7 allow remote attackers to inject arbitrary web script or HTML via the (1) movie title to modules/gallery/controllers/movies.php or (2) key variable to...
1 affected packages
gallery
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
gallery | — | — | — | — | Not in release |
CVE-2013-2138
Medium priorityThe (1) uploadify and (2) flowplayer SWF files in Gallery 3 before 3.0.8 do not properly remove query parameters and fragments, which allows remote attackers to have an unspecified impact via a replay attack.
2 affected packages
gallery, gallery2
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
gallery | — | — | — | — | — |
gallery2 | — | — | — | — | — |
CVE-2012-4437
Medium priorityCross-site scripting (XSS) vulnerability in the SmartyException class in Smarty (aka smarty-php) before 3.1.12 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors that trigger a Smarty exception.
4 affected packages
gallery2, moodle, smarty, smarty3
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
gallery2 | — | — | — | — | Not in release |
moodle | — | — | — | — | Not affected |
smarty | — | — | — | — | Not in release |
smarty3 | — | — | — | — | Not affected |
CVE-2012-4343
Medium priorityMultiple unspecified vulnerabilities in Gallery 3 before 3.0.4 allow attackers to execute arbitrary PHP code via unknown vectors.
2 affected packages
gallery, gallery2
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
gallery | — | — | — | — | — |
gallery2 | — | — | — | — | — |
CVE-2012-4342
Medium priorityMultiple cross-site scripting (XSS) vulnerabilities in Gallery 3 before 3.0.4 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.
2 affected packages
gallery, gallery2
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
gallery | — | — | — | — | — |
gallery2 | — | — | — | — | — |
CVE-2012-2405
Medium priorityGallery 2 before 2.3.2 and 3 before 3.0.3 does not properly implement encryption, which has unspecified impact and attack vectors, a different vulnerability than CVE-2012-1113.
1 affected packages
gallery2
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
gallery2 | — | — | — | — | Not in release |
CVE-2012-1113
Medium priorityMultiple cross-site scripting (XSS) vulnerabilities in the administration subsystem in Gallery 2 before 2.3.2 and 3 before 3.0.3 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.
1 affected packages
gallery2
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
gallery2 | — | — | — | — | Not in release |
CVE-2012-1066
Medium priorityCross-site scripting (XSS) vulnerability in the template module in SmartyCMS 0.9.4 allows remote attackers to inject arbitrary web script or HTML via the title bar.
3 affected packages
gallery2, moodle, smarty
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
gallery2 | — | — | — | — | Not in release |
moodle | — | — | — | — | Not affected |
smarty | — | — | — | — | Not in release |