Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Gallery
(Gallery_project)| Repositories |
Unknown: This might be proprietary software. |
| #Vulnerabilities | 29 |
| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2005-01-10 | CVE-2004-1106 | Cross-site scripting (XSS) vulnerability in Gallery 1.4.4-pl3 and earlier allows remote attackers to execute arbitrary web script or HTML via "specially formed URLs," possibly via the include parameter in index.php. | Gallery, Linux | N/A | ||
| 2006-02-08 | CVE-2006-0587 | Unspecified vulnerability in util.php in Gallery before 1.5.2-pl2 allows remote authenticated users with trick an owner into modifying stored album data and possibly executing arbitrary code via unspecified vectors involving a crafted link to a crafted file. | Gallery | N/A | ||
| 2020-01-22 | CVE-2012-4919 | Gallery Plugin1.4 for WordPress has a Remote File Include Vulnerability | Gallery | N/A | ||
| 2006-08-16 | CVE-2006-4030 | Unspecified vulnerability in the stats module in Gallery 1.5.1-RC2 and earlier allows remote attackers to obtain sensitive information via unspecified attack vectors, related to "two file exposure bugs." | Gallery | N/A | ||
| 2006-04-11 | CVE-2006-1696 | Cross-site scripting (XSS) vulnerability in Gallery before 1.5.3 allows remote attackers to inject arbitrary web script or HTML via unknown attack vectors. | Gallery | N/A | ||
| 2006-03-14 | CVE-2006-1219 | Directory traversal vulnerability in Gallery 2.0.3 and earlier, and 2.1 before RC-2a, allows remote attackers to include arbitrary PHP files via ".." (dot dot) sequences in the stepOrder parameter to (1) upgrade/index.php or (2) install/index.php. | Gallery | N/A | ||
| 2006-03-09 | CVE-2006-1128 | Directory traversal vulnerability in the session handling class (GallerySession.class) in Gallery 2 up to 2.0.2 allows remote attackers to access and delete files by specifying the session in a cookie, which is used in constructing file paths before the session value is sanitized. | Gallery | N/A | ||
| 2006-03-09 | CVE-2006-1127 | Cross-site scripting (XSS) vulnerability in Gallery 2 up to 2.0.2 allows remote attackers to inject arbitrary web script or HTML via the X-Forwarded-For (X_FORWARDED_FOR) HTTP header, which is not properly handled when adding a comment to an album. | Gallery | N/A | ||
| 2006-03-09 | CVE-2006-1126 | Gallery 2 up to 2.0.2 allows remote attackers to spoof their IP address via a modified X-Forwarded-For (X_FORWARDED_FOR) HTTP header, which is checked by Gallery before other more reliable sources of IP address information, such as REMOTE_ADDR. | Gallery | N/A | ||
| 2006-01-20 | CVE-2006-0330 | Cross-site scripting (XSS) vulnerability in Gallery before 1.5.2 allows remote attackers to inject arbitrary web script or HTML via unknown attack vectors, possibly involving the user name (fullname). | Gallery | N/A |