RSS   Vulnerabilities for 'Gallery'   RSS

2020-01-22
 
CVE-2012-4919

CWE-829
 

 
Gallery Plugin1.4 for WordPress has a Remote File Include Vulnerability

 
2006-08-16
 
CVE-2006-4030

 

 
Unspecified vulnerability in the stats module in Gallery 1.5.1-RC2 and earlier allows remote attackers to obtain sensitive information via unspecified attack vectors, related to "two file exposure bugs."

 
2006-04-11
 
CVE-2006-1696

 

 
Cross-site scripting (XSS) vulnerability in Gallery before 1.5.3 allows remote attackers to inject arbitrary web script or HTML via unknown attack vectors.

 
2006-03-13
 
CVE-2006-1219

 

 
Directory traversal vulnerability in Gallery 2.0.3 and earlier, and 2.1 before RC-2a, allows remote attackers to include arbitrary PHP files via ".." (dot dot) sequences in the stepOrder parameter to (1) upgrade/index.php or (2) install/index.php.

 
2006-03-09
 
CVE-2006-1128

 

 
Directory traversal vulnerability in the session handling class (GallerySession.class) in Gallery 2 up to 2.0.2 allows remote attackers to access and delete files by specifying the session in a cookie, which is used in constructing file paths before the session value is sanitized.

 
 
CVE-2006-1127

 

 
Cross-site scripting (XSS) vulnerability in Gallery 2 up to 2.0.2 allows remote attackers to inject arbitrary web script or HTML via the X-Forwarded-For (X_FORWARDED_FOR) HTTP header, which is not properly handled when adding a comment to an album.

 
 
CVE-2006-1126

 

 
Gallery 2 up to 2.0.2 allows remote attackers to spoof their IP address via a modified X-Forwarded-For (X_FORWARDED_FOR) HTTP header, which is checked by Gallery before other more reliable sources of IP address information, such as REMOTE_ADDR.

 
2006-02-07
 
CVE-2006-0587

 

 
Unspecified vulnerability in util.php in Gallery before 1.5.2-pl2 allows remote authenticated users with trick an owner into modifying stored album data and possibly executing arbitrary code via unspecified vectors involving a crafted link to a crafted file.

 
2006-01-20
 
CVE-2006-0330

 

 
Cross-site scripting (XSS) vulnerability in Gallery before 1.5.2 allows remote attackers to inject arbitrary web script or HTML via unknown attack vectors, possibly involving the user name (fullname).

 
2005-12-05
 
CVE-2005-4023

CWE-Other
 

 
Unspecified vulnerability in the zipcart module in Gallery 2.0 before 2.0.2 allows remote attackers to read arbitrary files via unknown vectors.

 


Copyright 2024, cxsecurity.com

 

Back to Top