Lucene search
K
Gallery ProjectGallery

28 matches found

CVE
CVE
added 2005/02/06 5:0 a.m.753 views

CVE-2005-0219

CVE-2005-0219 : The connected sources describe multiple XSS vulnerabilities in Gallery 1.3.4-pl1, allowing remote attackers to inject arbitrary script/HTML via fields in add_comment.php (index), slideshow_low.php (set_albumName, slide_index, slide_full, slide_loop, slide_pause, slide_dir), and se...

4.3CVSS5.7AI score0.01352EPSS
CVE
CVE
added 2020/01/22 6:3 p.m.105 views

CVE-2012-4919

The CVE-2012-4919 entry applies to the WordPress Gallery Plugin (Gallery Plugin for WordPress). The vulnerability is a Remote File Inclusion via the load parameter of the update_order.php script, caused by insufficient input validation. This allows an unauthenticated, remote attacker to include a...

9.8CVSS9.5AI score0.0286EPSS
Web
CVE
CVE
added 2005/10/17 4:0 a.m.94 views

CVE-2005-3251

CVE-2005-3251 is a directory traversal flaw in Gallery 2.0 (G2) where the g2_itemId parameter of main.php can be crafted by an attacker to read/include arbitrary files. Multiple OpenVAS/Nessus-derived feeds corroborate a read-access vulnerability affecting Gallery 2.x deployments, with the issue ...

6.4CVSS6.6AI score0.01901EPSS
CVE
CVE
added 2004/12/01 5:0 a.m.90 views

CVE-2004-1106

CVE-2004-1106 affects Gallery up to version 1.4.4-pl3, with the vulnerability located in index.php include handling. The issue is a cross-site scripting (XSS) flaw that lets remote attackers provide specially formed URLs to inject arbitrary web script or HTML, via the include parameter, potential...

6.8CVSS5.9AI score0.01477EPSS
CVE
CVE
added 2005/08/16 4:0 a.m.80 views

CVE-2003-1227

Technical details for CVE-2003-1227 are not provided in the supplied documents. Please monitor for updates from official advisories and vendor notices.

7.5CVSS7AI score0.06663EPSS
CVE
CVE
added 2004/09/01 4:0 a.m.79 views

CVE-2002-1412

CVE-2002-1412 affects Gallery (Gallery project photo album) prior to 1.3.1. Affected component is the GALLERY_BASEDIR handling in the Gallery codebase. The underlying issue allows local and possibly remote attackers to execute arbitrary code by supplying a modified GALLERY_BASEDIR that points to ...

7.5CVSS7.3AI score0.39498EPSS
CVE
CVE
added 2004/06/08 4:0 a.m.78 views

CVE-2004-0522

CVE-2004-0522 affects Gallery; multiple OpenVAS entries document a remote authentication bypass that lets an attacker gain administrator privileges. Vulnerable are Gallery versions up to 1.4.3 (and variants prior to 1.4.3-pl1 per Nessus notes) with a network-based attack surface (CVSS v2 base 10....

10CVSS6.6AI score0.02831EPSS
CVE
CVE
added 2005/05/27 4:0 a.m.72 views

CVE-2004-2124

The CVE-2004-2124 entry describes a PHP remote file inclusion vulnerability in Gallery versions 1.3.1–1.4.1 caused by the register_globals simulation capability that lets an attacker modify HTTP_POST_VARS and trigger inclusion via the GALLERY_BASEDIR parameter. This is a distinct issue from CVE-2...

5CVSS6.3AI score0.07353EPSS
CVE
CVE
added 2006/01/21 12:0 a.m.71 views

CVE-2006-0330

CVE-2006-0330 is an XSS vulnerability in the Gallery web application (gallery) affecting user registration fields (notably fullname). The issue is publicly documented across multiple advisories (Debian, Gentoo GLSA, OSS, etc.), with an explicit remediation path: upgrade Gallery to version 1.5.2 o...

4.3CVSS5.6AI score0.01843EPSS
CVE
CVE
added 2006/03/09 10:0 p.m.67 views

CVE-2006-1127

CVE-2006-1127 describes a cross-site scripting (XSS) vulnerability in Gallery 2 up to 2.0.2. A remote attacker can inject arbitrary script/HTML through the X-Forwarded-For header when adding a comment to an album. Reported sources (e.g., Exploit-DB/Nessus entries) corroborate multiple Gallery 2 v...

4.3CVSS5.6AI score0.0248EPSS
CVE
CVE
added 2005/08/17 4:0 a.m.65 views

CVE-2005-2596

CVE-2005-2596 concerns a programming error in the Gallery component used with Postnuke that allows any user with Admin privileges to access all galleries. Open-source advisories and Debian security notes describe a remote-attack surface stemming from a bug in the gallery code that grants full gal...

4.6CVSS6.5AI score0.00379EPSS
CVE
CVE
added 2006/03/09 10:0 p.m.64 views

CVE-2006-1128

CVE-2006-1128 is a directory traversal vulnerability in Gallery 2 (up to 2.0.2) where the session value from a cookie is used to build file paths before sanitization, allowing remote attackers to access and delete files. Connected sources confirm the affected component is GallerySession.class and...

6.4CVSS6.6AI score0.03918EPSS
CVE
CVE
added 2005/02/06 5:0 a.m.63 views

CVE-2005-0220

The CVE-2005-0220 entry concerns Gallery (affected: Gallery 1.4.4-pl2) with a cross-site scripting vulnerability in login.php where the username field is not properly sanitized. The underlying issue allows remote attackers to inject arbitrary script/HTML via the username parameter, enabling poten...

5CVSS5.9AI score0.01611EPSS
CVE
CVE
added 2005/08/29 4:0 a.m.62 views

CVE-2005-2734

Gallery: XSS via EXIF data (CVE-2005-2734) affects Gallery 1.5.1-RC2 and earlier. An attacker can inject script/HTML through EXIF fields (e.g., Camera Model Tag). Debian/DSA-1148 and OpenVAS references indicate remote, pre-patch exposure; remediation is upgrading to fixed Gallery packages (e.g., ...

4.3CVSS5.6AI score0.01715EPSS
CVE
CVE
added 2003/08/01 4:0 a.m.59 views

CVE-2003-0614

CVE-2003-0614 is a cross-site scripting (XSS) vulnerability in Gallery (web-based photo album) affecting Gallery 1.1 through 1.3.4. The vulnerability resides in search.php, where unsanitized input from the searchstring parameter can be exploited to inject arbitrary JavaScript into a victim’s brow...

4.3CVSS5.7AI score0.03939EPSS
CVE
CVE
added 2006/02/08 1:0 a.m.57 views

CVE-2006-0587

Affected software. Gallery versions prior to 1.5.2-pl2. Vulnerability. An unspecified issue in util.php allows remote authenticated users to trick an owner into modifying stored album data and possibly execute arbitrary code via a crafted link to a crafted file. Impact. As described, potential ar...

6.5CVSS6.6AI score0.02675EPSS
CVE
CVE
added 2002/06/25 4:0 a.m.56 views

CVE-2001-1234

CVE-2001-1234 affects Bharat Mediratta’s Gallery PHP script (versions before 1.2.1). A remote file inclusion flaw in the includedir parameter allows an attacker to include arbitrary remote files, enabling remote code execution with the web server’s privileges. The issue is documented by a Nessus ...

7.5CVSS7.8AI score0.03504EPSS
CVE
CVE
added 2005/11/16 7:37 a.m.55 views

CVE-2002-2130

CVE-2002-2130 affects Gallery 1.3.2, specifically the publish_xp_docs.php module. The root cause is that the GALLERY_BASEDIR parameter can be modified to reference a URL on a remote web server that contains code, allowing remote attackers to execute arbitrary PHP code. Impact is described as remo...

7.5CVSS8AI score0.0159EPSS
CVE
CVE
added 2006/03/14 2:0 a.m.54 views

CVE-2006-1219

Vulnerability summary (CVE-2006-1219) : A directory traversal / local file inclusion flaw affects Gallery 2.0.3 and earlier, and 2.1 before RC-2a. The issue allows an attacker to cause the application to include arbitrary PHP files via dot-dot sequences in the stepOrder parameter sent to (1) upgr...

5CVSS6.9AI score0.03747EPSS
Web
CVE
CVE
added 2005/08/16 4:0 a.m.53 views

CVE-2002-2123

The CVE-2002-2123 entry concerns Gallery 1.3.2’s publish_xp_docs.php PHP remote file inclusion vulnerability. An attacker can specify a URL to an init.php in the GALLERY_BASEDIR parameter, enabling arbitrary PHP code execution on the affected system. The affected software/function is publish_xp_d...

7.5CVSS7.4AI score0.02357EPSS
CVE
CVE
added 2005/02/06 5:0 a.m.53 views

CVE-2005-0222

The CVE-2005-0222 entry concerns Gallery 2.0 Alpha where main.php exposes sensitive path information via the g2_subView parameter, enabling remote information disclosure. The underlying issue is a lack of proper validation/error handling that reveals the file path in an error message when g2_subV...

5CVSS6.5AI score0.01425EPSS
CVE
CVE
added 2006/08/16 9:0 p.m.53 views

CVE-2006-4030

CVE-2006-4030 affects Gallery (1.5.1-RC2 and earlier) where missing input sanitising in the stats module allows information disclosure. OpenVAS Debian DSAs confirm the issue as one of several remote vulnerabilities; the CVSS base score is 5.0 (Partial confidentiality impact, network access, no au...

5CVSS6.1AI score0.01499EPSS
CVE
CVE
added 2005/12/05 11:0 a.m.52 views

CVE-2005-4023

The Gallery 2.0 ZipCart module contains an unspecified vulnerability in versions before 2.0.2 that allows an unauthenticated, remote attacker to read arbitrary files, subject to web server user privileges. Exploitation requires the ZipCart module to be installed and active; the vectors are not di...

5CVSS6.7AI score0.01425EPSS
CVE
CVE
added 2005/02/13 5:0 a.m.49 views

CVE-2004-1466

CVE-2004-1466 affects Gallery. Vulnerable in the upload handling where save_photos.php stores uploads in a temporary directory; if that directory is under the webroot, a remote attacker could upload a PHP file and, within a 30‑second window before deletion, execute arbitrary code. The issue is tr...

7.5CVSS7.3AI score0.05233EPSS
CVE
CVE
added 2005/02/06 5:0 a.m.48 views

CVE-2005-0221

Affected software: Gallery 2.0 Alpha (Gallery login.php). Vulnerability: Cross-site scripting (XSS) via g2_form[subject]. Root cause: user-supplied input in login form is not properly sanitized, allowing injection of arbitrary HTML/script. Impact: remote attacker could exploit to run script in a ...

4.3CVSS5.7AI score0.01398EPSS
CVE
CVE
added 2006/03/09 10:0 p.m.48 views

CVE-2006-1126

Gallery 2 up to 2.0.2 has an IP-spoofing flaw where a remote attacker can spoof X-Forwarded-For, which is trusted over REMOTE_ADDR. Affected: Gallery 2.x prior to 2.0.3. Root cause: server uses X_FORWARDED_FOR in IP checks. Impact: potential partial confidentiality/integrity exposure; possible fo...

6.4CVSS6.6AI score0.0154EPSS
CVE
CVE
added 2005/12/05 11:0 a.m.45 views

CVE-2005-4021

CVE-2005-4021 affects Gallery 2.0 before 2.0.2. The install log is stored under the web document root with insufficient access control, enabling a remote attacker to retrieve sensitive information via a simple GET request. Nessus plugin NASL-21019 corroborates that the installation data directory...

5CVSS6.6AI score0.01409EPSS
CVE
CVE
added 2006/04/11 10:0 a.m.39 views

CVE-2006-1696

Cross-site scripting (XSS) vulnerability in Gallery before 1.5.3 is reported. The issue allows remote attackers to inject arbitrary web script or HTML via unknown attack vectors. Affected product: Gallery (phased before 1.5.3). CVSS v2 base score 4.3 (Medium) with Network attack vector, low to me...

4.3CVSS5.7AI score0.01299EPSS