Search CVE reports


Toggle filters

1 – 10 of 49 results


CVE-2011-1028

Medium priority
Ignored

The $smarty.template variable in Smarty3 allows attackers to possibly execute arbitrary PHP code via the sysplugins/smarty_internal_compile_private_special_variable.php file.

3 affected packages

gallery2, moodle, smarty

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
gallery2 Not in release
moodle Not affected
smarty Not in release
Show less packages

CVE-2014-8350

Medium priority
Ignored

Smarty before 3.1.21 allows remote attackers to bypass the secure mode restrictions and execute arbitrary PHP code as demonstrated by "{literal}<{/literal}script language=php>" in a template.

4 affected packages

gallery2, moodle, smarty, smarty3

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
gallery2 Not in release Not in release
moodle Not affected Not affected
smarty Not in release Not in release
smarty3 Not affected Not affected
Show less packages

CVE-2013-2087

Medium priority
Ignored

Multiple cross-site scripting (XSS) vulnerabilities in Gallery 3 before 3.0.7 allow remote attackers to inject arbitrary web script or HTML via the (1) movie title to modules/gallery/controllers/movies.php or (2) key variable to...

1 affected packages

gallery

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
gallery Not in release
Show less packages

CVE-2013-2138

Medium priority
Not affected

The (1) uploadify and (2) flowplayer SWF files in Gallery 3 before 3.0.8 do not properly remove query parameters and fragments, which allows remote attackers to have an unspecified impact via a replay attack.

2 affected packages

gallery, gallery2

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
gallery
gallery2
Show less packages

CVE-2012-4437

Medium priority
Ignored

Cross-site scripting (XSS) vulnerability in the SmartyException class in Smarty (aka smarty-php) before 3.1.12 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors that trigger a Smarty exception.

4 affected packages

gallery2, moodle, smarty, smarty3

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
gallery2 Not in release
moodle Not affected
smarty Not in release
smarty3 Not affected
Show less packages

CVE-2012-4343

Medium priority
Not affected

Multiple unspecified vulnerabilities in Gallery 3 before 3.0.4 allow attackers to execute arbitrary PHP code via unknown vectors.

2 affected packages

gallery, gallery2

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
gallery
gallery2
Show less packages

CVE-2012-4342

Medium priority
Not affected

Multiple cross-site scripting (XSS) vulnerabilities in Gallery 3 before 3.0.4 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.

2 affected packages

gallery, gallery2

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
gallery
gallery2
Show less packages

CVE-2012-2405

Medium priority
Ignored

Gallery 2 before 2.3.2 and 3 before 3.0.3 does not properly implement encryption, which has unspecified impact and attack vectors, a different vulnerability than CVE-2012-1113.

1 affected packages

gallery2

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
gallery2 Not in release
Show less packages

CVE-2012-1113

Medium priority
Ignored

Multiple cross-site scripting (XSS) vulnerabilities in the administration subsystem in Gallery 2 before 2.3.2 and 3 before 3.0.3 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.

1 affected packages

gallery2

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
gallery2 Not in release
Show less packages

CVE-2012-1066

Medium priority
Ignored

Cross-site scripting (XSS) vulnerability in the template module in SmartyCMS 0.9.4 allows remote attackers to inject arbitrary web script or HTML via the title bar.

3 affected packages

gallery2, moodle, smarty

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
gallery2 Not in release
moodle Not affected
smarty Not in release
Show less packages