Gallery
CVEs (27)
| CVE | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2005-0220 | 0.00 | — | 0.01 | May 2, 2005 | Cross-site scripting vulnerability in login.php in Gallery 1.4.4-pl2 allows remote attackers to inject arbitrary web script or HTML via the username field. | ||
| CVE-2005-0221 | 0.00 | — | 0.01 | Jan 17, 2005 | Cross-site scripting (XSS) vulnerability in login.php in Gallery 2.0 Alpha allows remote attackers to inject arbitrary web script or HTML via the g2_form[subject] field. | ||
| CVE-2004-1106 | 0.00 | — | 0.02 | Jan 10, 2005 | Cross-site scripting (XSS) vulnerability in Gallery 1.4.4-pl3 and earlier allows remote attackers to execute arbitrary web script or HTML via "specially formed URLs," possibly via the include parameter in index.php. | ||
| CVE-2004-0522 | 0.00 | — | 0.01 | Aug 6, 2004 | Gallery 1.4.3 and earlier allows remote attackers to bypass authentication and obtain Gallery administrator privileges. | ||
| CVE-2002-2123 | 0.00 | — | 0.01 | Dec 31, 2002 | PHP remote file inclusion vulnerability in publish_xp_docs.php for Gallery 1.3.2 allows remote attackers to inject arbitrary PHP code by specifying a URL to an init.php file in the GALLERY_BASEDIR parameter. | ||
| CVE-2002-2130 | 0.00 | — | 0.01 | Dec 31, 2002 | publish_xp_docs.php in Gallery 1.3.2 allows remote attackers to execute arbitrary PHP code by modifying the GALLERY_BASEDIR parameter to reference a URL on a remote web server that contains the code. | ||
| CVE-2001-1234 | 0.00 | — | 0.04 | Oct 2, 2001 | Bharat Mediratta Gallery PHP script before 1.2.1 allows remote attackers to execute arbitrary code by including files from remote web sites via an HTTP request that modifies the includedir variable. |
- CVE-2005-0220May 2, 2005risk 0.00cvss —epss 0.01
Cross-site scripting vulnerability in login.php in Gallery 1.4.4-pl2 allows remote attackers to inject arbitrary web script or HTML via the username field.
- CVE-2005-0221Jan 17, 2005risk 0.00cvss —epss 0.01
Cross-site scripting (XSS) vulnerability in login.php in Gallery 2.0 Alpha allows remote attackers to inject arbitrary web script or HTML via the g2_form[subject] field.
- CVE-2004-1106Jan 10, 2005risk 0.00cvss —epss 0.02
Cross-site scripting (XSS) vulnerability in Gallery 1.4.4-pl3 and earlier allows remote attackers to execute arbitrary web script or HTML via "specially formed URLs," possibly via the include parameter in index.php.
- CVE-2004-0522Aug 6, 2004risk 0.00cvss —epss 0.01
Gallery 1.4.3 and earlier allows remote attackers to bypass authentication and obtain Gallery administrator privileges.
- CVE-2002-2123Dec 31, 2002risk 0.00cvss —epss 0.01
PHP remote file inclusion vulnerability in publish_xp_docs.php for Gallery 1.3.2 allows remote attackers to inject arbitrary PHP code by specifying a URL to an init.php file in the GALLERY_BASEDIR parameter.
- CVE-2002-2130Dec 31, 2002risk 0.00cvss —epss 0.01
publish_xp_docs.php in Gallery 1.3.2 allows remote attackers to execute arbitrary PHP code by modifying the GALLERY_BASEDIR parameter to reference a URL on a remote web server that contains the code.
- CVE-2001-1234Oct 2, 2001risk 0.00cvss —epss 0.04
Bharat Mediratta Gallery PHP script before 1.2.1 allows remote attackers to execute arbitrary code by including files from remote web sites via an HTTP request that modifies the includedir variable.
Page 2 of 2