Product:

Gallery

(Gallery_project)
Repositories

Unknown:

This might be proprietary software.

#Vulnerabilities 29
Date Id Summary Products Score Patch Annotated
2005-01-10 CVE-2004-1106 Cross-site scripting (XSS) vulnerability in Gallery 1.4.4-pl3 and earlier allows remote attackers to execute arbitrary web script or HTML via "specially formed URLs," possibly via the include parameter in index.php. Gallery, Linux N/A
2006-02-08 CVE-2006-0587 Unspecified vulnerability in util.php in Gallery before 1.5.2-pl2 allows remote authenticated users with trick an owner into modifying stored album data and possibly executing arbitrary code via unspecified vectors involving a crafted link to a crafted file. Gallery N/A
2020-01-22 CVE-2012-4919 Gallery Plugin1.4 for WordPress has a Remote File Include Vulnerability Gallery N/A
2006-08-16 CVE-2006-4030 Unspecified vulnerability in the stats module in Gallery 1.5.1-RC2 and earlier allows remote attackers to obtain sensitive information via unspecified attack vectors, related to "two file exposure bugs." Gallery N/A
2006-04-11 CVE-2006-1696 Cross-site scripting (XSS) vulnerability in Gallery before 1.5.3 allows remote attackers to inject arbitrary web script or HTML via unknown attack vectors. Gallery N/A
2006-03-14 CVE-2006-1219 Directory traversal vulnerability in Gallery 2.0.3 and earlier, and 2.1 before RC-2a, allows remote attackers to include arbitrary PHP files via ".." (dot dot) sequences in the stepOrder parameter to (1) upgrade/index.php or (2) install/index.php. Gallery N/A
2006-03-09 CVE-2006-1128 Directory traversal vulnerability in the session handling class (GallerySession.class) in Gallery 2 up to 2.0.2 allows remote attackers to access and delete files by specifying the session in a cookie, which is used in constructing file paths before the session value is sanitized. Gallery N/A
2006-03-09 CVE-2006-1127 Cross-site scripting (XSS) vulnerability in Gallery 2 up to 2.0.2 allows remote attackers to inject arbitrary web script or HTML via the X-Forwarded-For (X_FORWARDED_FOR) HTTP header, which is not properly handled when adding a comment to an album. Gallery N/A
2006-03-09 CVE-2006-1126 Gallery 2 up to 2.0.2 allows remote attackers to spoof their IP address via a modified X-Forwarded-For (X_FORWARDED_FOR) HTTP header, which is checked by Gallery before other more reliable sources of IP address information, such as REMOTE_ADDR. Gallery N/A
2006-01-20 CVE-2006-0330 Cross-site scripting (XSS) vulnerability in Gallery before 1.5.2 allows remote attackers to inject arbitrary web script or HTML via unknown attack vectors, possibly involving the user name (fullname). Gallery N/A