Gallery@1.4 Security Vulnerabilities and Issues — Gallery@1.4 CVE List

Lucene search

Gallery ProjectGallery1.4

10 matches found

CVE•added 2020/01/22 7:15 p.m.•87 views

CVE-2012-4919

Gallery Plugin1.4 for WordPress has a Remote File Include Vulnerability

9.8CVSS9.5AI score0.01872EPSS

CVE•added 2005/01/10 5:0 a.m.•75 views

CVE-2004-1106

Cross-site scripting (XSS) vulnerability in Gallery 1.4.4-pl3 and earlier allows remote attackers to execute arbitrary web script or HTML via "specially formed URLs," possibly via the include parameter in index.php.

6.8CVSS5.9AI score0.01631EPSS

CVE•added 2005/08/16 4:0 a.m.•65 views

CVE-2003-1227

PHP remote file include vulnerability in index.php for Gallery 1.4 and 1.4-pl1, when running on Windows or in Configuration mode on Unix, allows remote attackers to inject arbitrary PHP code via a URL in the GALLERY_BASEDIR parameter, a different vulnerability than CVE-2002-1412. NOTE: this issue m...

7.5CVSS7AI score0.16272EPSS

CVE•added 2004/08/06 4:0 a.m.•65 views

CVE-2004-0522

Gallery 1.4.3 and earlier allows remote attackers to bypass authentication and obtain Gallery administrator privileges.

10CVSS6.6AI score0.00545EPSS

CVE•added 2005/05/27 4:0 a.m.•56 views

CVE-2004-2124

The register_globals simulation capability in Gallery 1.3.1 through 1.4.1 allows remote attackers to modify the HTTP_POST_VARS variable and conduct a PHP remote file inclusion attack via the GALLERY_BASEDIR parameter, a different vulnerability than CVE-2002-1412.

5CVSS6.3AI score0.16272EPSS

CVE•added 2006/01/21 12:3 a.m.•55 views

CVE-2006-0330

Cross-site scripting (XSS) vulnerability in Gallery before 1.5.2 allows remote attackers to inject arbitrary web script or HTML via unknown attack vectors, possibly involving the user name (fullname).

4.3CVSS5.6AI score0.01345EPSS

CVE•added 2005/08/30 11:45 a.m.•46 views

CVE-2005-2734

Cross-site scripting (XSS) vulnerability in Gallery 1.5.1-RC2 and earlier allows remote attackers to inject arbitrary web script or HTML via EXIF data, such as the Camera Model Tag.

4.3CVSS5.6AI score0.00804EPSS

CVE•added 2006/02/08 1:2 a.m.•43 views

CVE-2006-0587

Unspecified vulnerability in util.php in Gallery before 1.5.2-pl2 allows remote authenticated users with trick an owner into modifying stored album data and possibly executing arbitrary code via unspecified vectors involving a crafted link to a crafted file.

6.5CVSS6.6AI score0.02212EPSS

CVE•added 2006/08/16 10:4 p.m.•38 views

CVE-2006-4030

Unspecified vulnerability in the stats module in Gallery 1.5.1-RC2 and earlier allows remote attackers to obtain sensitive information via unspecified attack vectors, related to "two file exposure bugs."

5CVSS6.1AI score0.00622EPSS

CVE•added 2006/04/11 10:2 a.m.•25 views

CVE-2006-1696

Cross-site scripting (XSS) vulnerability in Gallery before 1.5.3 allows remote attackers to inject arbitrary web script or HTML via unknown attack vectors.

4.3CVSS5.7AI score0.00527EPSS