Gallery@2.0 beta1 Security Vulnerabilities and Issues — Gallery@2.0 beta1 CVE List

Lucene search

Gallery ProjectGallery2.0 beta1

6 matches found

CVE•added 2005/10/17 8:6 p.m.•82 views

CVE-2005-3251

Directory traversal vulnerability in the gallery script in Gallery 2.0 (G2) allows remote attackers to read or include arbitrary files via ".." sequences in the g2_itemId parameter.

6.4CVSS6.6AI score0.01598EPSS

CVE•added 2006/03/09 10:2 p.m.•52 views

CVE-2006-1127

Cross-site scripting (XSS) vulnerability in Gallery 2 up to 2.0.2 allows remote attackers to inject arbitrary web script or HTML via the X-Forwarded-For (X_FORWARDED_FOR) HTTP header, which is not properly handled when adding a comment to an album.

4.3CVSS5.6AI score0.04933EPSS

CVE•added 2006/03/09 10:2 p.m.•47 views

CVE-2006-1128

Directory traversal vulnerability in the session handling class (GallerySession.class) in Gallery 2 up to 2.0.2 allows remote attackers to access and delete files by specifying the session in a cookie, which is used in constructing file paths before the session value is sanitized.

6.4CVSS6.6AI score0.09702EPSS

CVE•added 2006/03/14 2:2 a.m.•41 views

CVE-2006-1219

Directory traversal vulnerability in Gallery 2.0.3 and earlier, and 2.1 before RC-2a, allows remote attackers to include arbitrary PHP files via ".." (dot dot) sequences in the stepOrder parameter to (1) upgrade/index.php or (2) install/index.php.

5CVSS6.9AI score0.08387EPSS

CVE•added 2005/12/05 11:3 a.m.•38 views

CVE-2005-4023

Unspecified vulnerability in the zipcart module in Gallery 2.0 before 2.0.2 allows remote attackers to read arbitrary files via unknown vectors.

5CVSS6.7AI score0.00404EPSS

CVE•added 2005/12/05 11:3 a.m.•30 views

CVE-2005-4021

The installer for Gallery 2.0 before 2.0.2 stores the install log under the web document root with insufficient access control, which allows remote attackers to obtain sensitive information.

5CVSS6.6AI score0.00346EPSS