Search
Search Results (29 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2006-1696 | 1 Gallery Project | 1 Gallery | 2026-04-16 | N/A |
| Cross-site scripting (XSS) vulnerability in Gallery before 1.5.3 allows remote attackers to inject arbitrary web script or HTML via unknown attack vectors. | ||||
| CVE-2006-1127 | 1 Gallery Project | 1 Gallery | 2026-04-16 | N/A |
| Cross-site scripting (XSS) vulnerability in Gallery 2 up to 2.0.2 allows remote attackers to inject arbitrary web script or HTML via the X-Forwarded-For (X_FORWARDED_FOR) HTTP header, which is not properly handled when adding a comment to an album. | ||||
| CVE-2003-1227 | 1 Gallery Project | 1 Gallery | 2026-04-16 | N/A |
| PHP remote file include vulnerability in index.php for Gallery 1.4 and 1.4-pl1, when running on Windows or in Configuration mode on Unix, allows remote attackers to inject arbitrary PHP code via a URL in the GALLERY_BASEDIR parameter, a different vulnerability than CVE-2002-1412. NOTE: this issue might be exploitable only during installation, or if the administrator has not run a security script after installation. | ||||
| CVE-2002-2123 | 1 Gallery Project | 1 Gallery | 2026-04-16 | N/A |
| PHP remote file inclusion vulnerability in publish_xp_docs.php for Gallery 1.3.2 allows remote attackers to inject arbitrary PHP code by specifying a URL to an init.php file in the GALLERY_BASEDIR parameter. | ||||
| CVE-2004-0522 | 2 Debian, Gallery Project | 2 Debian Linux, Gallery | 2026-04-16 | N/A |
| Gallery 1.4.3 and earlier allows remote attackers to bypass authentication and obtain Gallery administrator privileges. | ||||
| CVE-2004-1106 | 2 Gallery Project, Gentoo | 2 Gallery, Linux | 2026-04-16 | N/A |
| Cross-site scripting (XSS) vulnerability in Gallery 1.4.4-pl3 and earlier allows remote attackers to execute arbitrary web script or HTML via "specially formed URLs," possibly via the include parameter in index.php. | ||||
| CVE-2004-2124 | 1 Gallery Project | 1 Gallery | 2026-04-16 | N/A |
| The register_globals simulation capability in Gallery 1.3.1 through 1.4.1 allows remote attackers to modify the HTTP_POST_VARS variable and conduct a PHP remote file inclusion attack via the GALLERY_BASEDIR parameter, a different vulnerability than CVE-2002-1412. | ||||
| CVE-2006-1126 | 1 Gallery Project | 1 Gallery | 2026-04-16 | N/A |
| Gallery 2 up to 2.0.2 allows remote attackers to spoof their IP address via a modified X-Forwarded-For (X_FORWARDED_FOR) HTTP header, which is checked by Gallery before other more reliable sources of IP address information, such as REMOTE_ADDR. | ||||
| CVE-2012-4919 | 1 Gallery Project | 1 Gallery | 2024-11-21 | 9.8 Critical |
| Gallery Plugin1.4 for WordPress has a Remote File Include Vulnerability | ||||