Gallery Project

Gallery

28 vulnerabilities found.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
9.8

CVE-2012-4919

  • EPSS 1.87%
  • Published 22.01.2020 19:15:10
  • Last modified 21.11.2024 01:43:45

Gallery Plugin1.4 for WordPress has a Remote File Include Vulnerability

5

CVE-2006-4030

  • EPSS 0.65%
  • Published 16.08.2006 22:04:00
  • Last modified 03.04.2025 01:03:51

Unspecified vulnerability in the stats module in Gallery 1.5.1-RC2 and earlier allows remote attackers to obtain sensitive information via unspecified attack vectors, related to "two file exposure bugs."

4.3

CVE-2006-1696

  • EPSS 0.53%
  • Published 11.04.2006 10:02:00
  • Last modified 03.04.2025 01:03:51

Cross-site scripting (XSS) vulnerability in Gallery before 1.5.3 allows remote attackers to inject arbitrary web script or HTML via unknown attack vectors.

5

CVE-2006-1219

  • EPSS 10.28%
  • Published 14.03.2006 02:02:00
  • Last modified 03.04.2025 01:03:51

Directory traversal vulnerability in Gallery 2.0.3 and earlier, and 2.1 before RC-2a, allows remote attackers to include arbitrary PHP files via ".." (dot dot) sequences in the stepOrder parameter to (1) upgrade/index.php or (2) install/index.php.

6.4

CVE-2006-1128

  • EPSS 9.7%
  • Published 09.03.2006 22:02:00
  • Last modified 03.04.2025 01:03:51

Directory traversal vulnerability in the session handling class (GallerySession.class) in Gallery 2 up to 2.0.2 allows remote attackers to access and delete files by specifying the session in a cookie, which is used in constructing file paths before ...

4.3

CVE-2006-1127

  • EPSS 4.93%
  • Published 09.03.2006 22:02:00
  • Last modified 03.04.2025 01:03:51

Cross-site scripting (XSS) vulnerability in Gallery 2 up to 2.0.2 allows remote attackers to inject arbitrary web script or HTML via the X-Forwarded-For (X_FORWARDED_FOR) HTTP header, which is not properly handled when adding a comment to an album.

6.4

CVE-2006-1126

  • EPSS 0.76%
  • Published 09.03.2006 22:02:00
  • Last modified 03.04.2025 01:03:51

Gallery 2 up to 2.0.2 allows remote attackers to spoof their IP address via a modified X-Forwarded-For (X_FORWARDED_FOR) HTTP header, which is checked by Gallery before other more reliable sources of IP address information, such as REMOTE_ADDR.

6.5

CVE-2006-0587

  • EPSS 2.21%
  • Published 08.02.2006 01:02:00
  • Last modified 03.04.2025 01:03:51

Unspecified vulnerability in util.php in Gallery before 1.5.2-pl2 allows remote authenticated users with trick an owner into modifying stored album data and possibly executing arbitrary code via unspecified vectors involving a crafted link to a craft...

4.3

CVE-2006-0330

  • EPSS 1.35%
  • Published 21.01.2006 00:03:00
  • Last modified 03.04.2025 01:03:51

Cross-site scripting (XSS) vulnerability in Gallery before 1.5.2 allows remote attackers to inject arbitrary web script or HTML via unknown attack vectors, possibly involving the user name (fullname).

5

CVE-2005-4023

  • EPSS 0.4%
  • Published 05.12.2005 11:03:00
  • Last modified 03.04.2025 01:03:51

Unspecified vulnerability in the zipcart module in Gallery 2.0 before 2.0.2 allows remote attackers to read arbitrary files via unknown vectors.