CVE-2002-2123 — CVSS 7.5 (high): PHP remote file inclusion vulnerability in publish_xp_docs.php for Gallery 1.3.2 allows remote attackers to inject arbitrary PHP code by…
CVE-2002-2130 — CVSS 7.5 (high): publish_xp_docs.php in Gallery 1.3.2 allows remote attackers to execute arbitrary PHP code by modifying the GALLERY_BASEDIR parameter to…
CVE-2003-1227 — CVSS 7.5 (high): PHP remote file include vulnerability in index.php for Gallery 1.4 and 1.4-pl1, when running on Windows or in Configuration mode on Unix…
CVE-2001-1234 — CVSS 7.5 (high): Bharat Mediratta Gallery PHP script before 1.2.1 allows remote attackers to execute arbitrary code by including files from remote web sites…
CVE-2002-1412 — CVSS 7.5 (high): Gallery photo album package before 1.3.1 allows local and possibly remote attackers to execute arbitrary code via a modified…
CVE-2004-1466 — CVSS 7.5 (high): The set_time_limit function in Gallery before 1.4.4_p2 deletes non-image files in a temporary directory every 30 seconds after they have…
CVE-2004-1106 — CVSS 6.8 (medium): Cross-site scripting (XSS) vulnerability in Gallery 1.4.4-pl3 and earlier allows remote attackers to execute arbitrary web script or HTML…
CVE-2006-0587 — CVSS 6.5 (medium): Unspecified vulnerability in util.php in Gallery before 1.5.2-pl2 allows remote authenticated users with trick an owner into modifying…
CVE-2006-1126 — CVSS 6.4 (medium): Gallery 2 up to 2.0.2 allows remote attackers to spoof their IP address via a modified X-Forwarded-For (X_FORWARDED_FOR) HTTP header, which…
CVE-2005-3251 — CVSS 6.4 (medium): Directory traversal vulnerability in the gallery script in Gallery 2.0 (G2) allows remote attackers to read or include arbitrary files via…
CVE-2006-1128 — CVSS 6.4 (medium): Directory traversal vulnerability in the session handling class (GallerySession.class) in Gallery 2 up to 2.0.2 allows remote attackers to…
CVE-2005-4023 — CVSS 5.0 (medium): Unspecified vulnerability in the zipcart module in Gallery 2.0 before 2.0.2 allows remote attackers to read arbitrary files via unknown…
CVE-2004-2124 — CVSS 5.0 (medium): The register_globals simulation capability in Gallery 1.3.1 through 1.4.1 allows remote attackers to modify the HTTP_POST_VARS variable and…
CVE-2005-0220 — CVSS 5.0 (medium): Cross-site scripting vulnerability in login.php in Gallery 1.4.4-pl2 allows remote attackers to inject arbitrary web script or HTML via the…
CVE-2005-0222 — CVSS 5.0 (medium): main.php in Gallery 2.0 Alpha allows remote attackers to gain sensitive information by changing the value of g2_subView parameter, which…
CVE-2005-4021 — CVSS 5.0 (medium): The installer for Gallery 2.0 before 2.0.2 stores the install log under the web document root with insufficient access control, which…
CVE-2006-1219 — CVSS 5.0 (medium): Directory traversal vulnerability in Gallery 2.0.3 and earlier, and 2.1 before RC-2a, allows remote attackers to include arbitrary PHP…
CVE-2006-4030 — CVSS 5.0 (medium): Unspecified vulnerability in the stats module in Gallery 1.5.1-RC2 and earlier allows remote attackers to obtain sensitive information via…
CVE-2005-2596 — CVSS 4.6 (medium): User.php in Gallery, as used in Postnuke, allows users with any Admin privileges to gain access to all galleries.
CVE-2006-1127 — CVSS 4.3 (medium): Cross-site scripting (XSS) vulnerability in Gallery 2 up to 2.0.2 allows remote attackers to inject arbitrary web script or HTML via the…
CVE-2005-0221 — CVSS 4.3 (medium): Cross-site scripting (XSS) vulnerability in login.php in Gallery 2.0 Alpha allows remote attackers to inject arbitrary web script or HTML…
CVE-2005-0219 — CVSS 4.3 (medium): Multiple cross-site scripting (XSS) vulnerabilities in Gallery 1.3.4-pl1 allow remote attackers to inject arbitrary web script or HTML via…
CVE-2006-1696 — CVSS 4.3 (medium): Cross-site scripting (XSS) vulnerability in Gallery before 1.5.3 allows remote attackers to inject arbitrary web script or HTML via unknown…
CVE-2003-0614 — CVSS 4.3 (medium): Cross-site scripting (XSS) vulnerability in search.php of Gallery 1.1 through 1.3.4 allows remote attackers to insert arbitrary web script…
CVE-2005-2734 — CVSS 4.3 (medium): Cross-site scripting (XSS) vulnerability in Gallery 1.5.1-RC2 and earlier allows remote attackers to inject arbitrary web script or HTML…
CVE-2006-0330 — CVSS 4.3 (medium): Cross-site scripting (XSS) vulnerability in Gallery before 1.5.2 allows remote attackers to inject arbitrary web script or HTML via unknown…