- EPSS 1.41%
- Veröffentlicht 05.12.2005 11:03:00
- Zuletzt bearbeitet 16.06.2026 22:18:04
The installer for Gallery 2.0 before 2.0.2 stores the install log under the web document root with insufficient access control, which allows remote attackers to obtain sensitive information.
CVE-2005-3251
- EPSS 1.9%
- Veröffentlicht 17.10.2005 20:06:00
- Zuletzt bearbeitet 16.06.2026 22:16:34
Directory traversal vulnerability in the gallery script in Gallery 2.0 (G2) allows remote attackers to read or include arbitrary files via ".." sequences in the g2_itemId parameter.
CVE-2005-2734
- EPSS 1.72%
- Veröffentlicht 30.08.2005 11:45:00
- Zuletzt bearbeitet 16.06.2026 22:15:34
Cross-site scripting (XSS) vulnerability in Gallery 1.5.1-RC2 and earlier allows remote attackers to inject arbitrary web script or HTML via EXIF data, such as the Camera Model Tag.
CVE-2005-2596
- EPSS 0.38%
- Veröffentlicht 17.08.2005 04:00:00
- Zuletzt bearbeitet 16.06.2026 22:15:16
User.php in Gallery, as used in Postnuke, allows users with any Admin privileges to gain access to all galleries.
- EPSS 1.43%
- Veröffentlicht 02.05.2005 04:00:00
- Zuletzt bearbeitet 16.06.2026 22:10:43
main.php in Gallery 2.0 Alpha allows remote attackers to gain sensitive information by changing the value of g2_subView parameter, which reveals the path in an error message.
- EPSS 1.61%
- Veröffentlicht 02.05.2005 04:00:00
- Zuletzt bearbeitet 16.06.2026 22:10:43
Cross-site scripting vulnerability in login.php in Gallery 1.4.4-pl2 allows remote attackers to inject arbitrary web script or HTML via the username field.
CVE-2005-0219
- EPSS 1.35%
- Veröffentlicht 02.05.2005 04:00:00
- Zuletzt bearbeitet 16.06.2026 22:10:43
Multiple cross-site scripting (XSS) vulnerabilities in Gallery 1.3.4-pl1 allow remote attackers to inject arbitrary web script or HTML via (1) the index field in add_comment.php, (2) set_albumName, (3) slide_index, (4) slide_full, (5) slide_loop, (6)...
CVE-2005-0221
- EPSS 1.4%
- Veröffentlicht 17.01.2005 05:00:00
- Zuletzt bearbeitet 16.06.2026 22:10:43
Cross-site scripting (XSS) vulnerability in login.php in Gallery 2.0 Alpha allows remote attackers to inject arbitrary web script or HTML via the g2_form[subject] field.
CVE-2004-1106
- EPSS 1.48%
- Veröffentlicht 10.01.2005 05:00:00
- Zuletzt bearbeitet 16.06.2026 22:07:02
Cross-site scripting (XSS) vulnerability in Gallery 1.4.4-pl3 and earlier allows remote attackers to execute arbitrary web script or HTML via "specially formed URLs," possibly via the include parameter in index.php.
- EPSS 7.35%
- Veröffentlicht 31.12.2004 05:00:00
- Zuletzt bearbeitet 16.06.2026 22:09:03
The register_globals simulation capability in Gallery 1.3.1 through 1.4.1 allows remote attackers to modify the HTTP_POST_VARS variable and conduct a PHP remote file inclusion attack via the GALLERY_BASEDIR parameter, a different vulnerability than C...