VYPR

Gallery

by Invision Power Services

CVEs (26)

  • CVE-2005-1947MedJun 9, 2005
    risk 0.28cvss 4.3epss 0.00

    Cross-site request forgery (CSRF) vulnerability in Invision Gallery before 1.3.1 allows remote attackers to delete albums and images as another user via a link or IMG tag to the (1) albums or (2) delimg actions.

  • CVE-2008-0421Jan 23, 2008
    risk 0.03cvss epss 0.01

    SQL injection vulnerability in Invision Gallery 2.0.7 and earlier allows remote attackers to execute arbitrary SQL commands via the album parameter in a rate command.

  • CVE-2006-5206Oct 10, 2006
    risk 0.03cvss epss 0.01

    SQL injection vulnerability in Invision Gallery 2.0.7 allows remote attackers to execute arbitrary SQL commands via the album parameter in (1) index.php and (2) forum/index.php, when the rate command in the gallery automodule is used.

  • CVE-2006-5205Oct 10, 2006
    risk 0.03cvss epss 0.03

    Directory traversal vulnerability in Invision Gallery 2.0.7 allows remote attackers to read arbitrary files via a .. (dot dot) sequence in the dir parameter in (1) index.php and (2) forum/index.php, when the viewimage command in the gallery module is used.

  • CVE-2005-3395Nov 1, 2005
    risk 0.03cvss epss 0.03

    SQL injection vulnerability in Invision Gallery 2.0.3 allows remote attackers to execute arbitrary SQL commands via the st parameter.

  • CVE-2005-1948Jun 9, 2005
    risk 0.03cvss epss 0.01

    Multiple SQL injection vulnerabilities in Invision Gallery before 1.3.1 allow remote attackers to execute arbitrary SQL commands via (1) the comment parameter in an editcomment action or (2) the rating parameter when voting on a photo.

  • CVE-2004-1835Dec 31, 2004
    risk 0.03cvss epss 0.05

    Multiple SQL injection vulnerabilities in index.php in Invision Gallery 1.0.1 allow remote attackers to execute arbitrary SQL via the (1) img, (2) cat, (3) sort_key, (4) order_key, (5) user, or (6) album parameters.

  • CVE-2023-52376Feb 18, 2024
    risk 0.00cvss epss 0.00

    Information management vulnerability in the Gallery module.Successful exploitation of this vulnerability may affect service confidentiality.

  • CVE-2024-20827Feb 6, 2024
    risk 0.00cvss epss 0.00

    Improper access control vulnerability in Samsung Gallery prior to version 14.5.04.4 allows physical attackers to access the picture using physical keyboard on the lockscreen.

  • CVE-2023-30725Sep 6, 2023
    risk 0.00cvss epss 0.00

    Improper authentication in LocalProvier of Gallery prior to version 14.5.01.2 allows attacker to access the data in content provider.

  • CVE-2023-30724Sep 6, 2023
    risk 0.00cvss epss 0.00

    Improper authentication in GallerySearchProvider of Gallery prior to version 14.5.01.2 allows attacker to access search history.

  • CVE-2022-48513Jul 6, 2023
    risk 0.00cvss epss 0.00

    Vulnerability of identity verification being bypassed in the Gallery module. Successful exploitation of this vulnerability may cause out-of-bounds access.

  • CVE-2023-31225May 26, 2023
    risk 0.00cvss epss 0.00

    The Gallery app has the risk of hijacking attacks. Successful exploitation of this vulnerability may cause download failures and affect product availability.

  • CVE-2022-33706Jul 11, 2022
    risk 0.00cvss epss 0.00

    Improper access control vulnerability in Samsung Gallery prior to version 13.1.05.8 allows physical attackers to access the pictures using S Pen air gesture.

  • CVE-2021-25379Apr 9, 2021
    risk 0.00cvss epss 0.00

    Intent redirection vulnerability in Gallery prior to version 5.4.16.1 allows attacker to execute privileged action.

  • CVE-2016-11045Apr 7, 2020
    risk 0.00cvss epss 0.00

    An issue was discovered on Samsung mobile devices with L(5.0/5.1) software. The Gallery library allow memory corruption via a malformed image. The Samsung ID is SVE-2016-5317 (May 2016).

  • CVE-2019-20593Mar 24, 2020
    risk 0.00cvss epss 0.00

    An issue was discovered on Samsung mobile devices with N(7.x) and O(8.x) software. Gallery leaks Private Mode thumbnails. The Samsung ID is SVE-2019-14208 (July 2019).

  • CVE-2019-20623Mar 24, 2020
    risk 0.00cvss epss 0.00

    An issue was discovered on Samsung mobile devices with N(7.1), O(8.x), and P(9.0) software. Gallery has uninitialized memory disclosure. The Samsung ID is SVE-2018-13060 (February 2019).

  • CVE-2019-20616Mar 24, 2020
    risk 0.00cvss epss 0.00

    An issue was discovered on Samsung mobile devices with N(7.x) and O(8.x) software. Gallery leaks a thumbnail of Private Mode content. The Samsung ID is SVE-2018-13563 (March 2019).

  • CVE-2019-20579Mar 24, 2020
    risk 0.00cvss epss 0.00

    An issue was discovered on Samsung mobile devices with N(7.x), O(8.x), and P(9.0) software. Gallery allows attackers to enable Location information sharing from the lock screen. The Samsung ID is SVE-2019-14462 (August 2019).

Page 1 of 2

VYPR — Vulnerability Intelligence