I noticed that this error (HTTP 406) mostly occurs on servers which are running the ModSecurity tools. There is an item in the blacklist which will prevent items uploaded with the Shockwave mime-type to be saved to the server as a prevention against hacking. All you need to do is whitelist this rule on the server for the affected line. Your hosting company should be able to do this for you if they are worth their salt.

Here is an outline for cpanel for all you web hosters who got asked to do this and want to be worth your salt;)

First, trip the rule yourself by trying to upload a file through the flash uploader. Check the error messages on the server relating to ModSecurity:
     

tail -n100 /usr/local/apache/logs/error_log | grep ModSec

You should find something like this:
     

[Fri May 25 09:41:26 2012] [error] [client 123.45.67.89] ModSecurity: Access denied with code 406 (phase 2). Pattern match "^Shockwave Flash" at REQUEST_HEADERS:User-Agent. [file "/usr/local/apache/conf/modsec2.user.conf"] [line "203"] [hostname "images.domain.com"] [uri "/admin/include/uploadify/uploadify.php"] [unique_id "T7@MBTIcTDQAAH21mHoAAAAG"]

406, eh? Sounds familiar. This tells you which script tripped the rule (/admin/include/uploadify/uploadify.php, starting from the docroot), and where the rule is located (/usr/local/apache/conf/modsec2.user.conf). As this error message did not include an ID, you will need to add one to the modsec2.user.conf file (on line 203, as it states). Here is the old line:
     

SecRule HTTP_User-Agent  "^Shockwave Flash"

And the new line:
     

SecRule HTTP_User-Agent  "^Shockwave Flash" "id:1234567"

I picked an arbitrary number higher than 1000000 to prevent myself from overlapping any other numbered rules. Finally, add an exception to the rule in the whilelist document, which for cpanel servers is in /usr/local/apache/conf/modsec2/whitelist.conf:
     

<LocationMatch "/admin/include/uploadify/uploadify.php">
secruleremovebyid 1234567
</LocationMatch>

This will keep the Shockwave rule in place for the remainder of the server, but turn it off just for this one php script. Restart apache:
     

service httpd restart

Finally, test the uploads and make sure they work! If you're still having errors, check for new ModSec rules in the error log. As you can tell from the error message, I accessed piwigo from a subdomain. If you access the piwigo site in more than one way (like from images.domain.com or from domain.com/images), then you will need to add another LocationMatch entry in the whitelist for the same script, but starting with /images/admin... to catch this location as well.

Enjoy mass multiple file uploads :)