Vulnerabilities > Gallery Project > Gallery > 1.4.1

DATE CVE VULNERABILITY TITLE RISK
2006-08-16 CVE-2006-4030 Information Disclosure vulnerability in Gallery Stats Module Unspecified
Unspecified vulnerability in the stats module in Gallery 1.5.1-RC2 and earlier allows remote attackers to obtain sensitive information via unspecified attack vectors, related to "two file exposure bugs." Update to version 1.5-pl1.
network
low complexity
gallery-project
5.0
2006-04-11 CVE-2006-1696 Cross-Site Scripting vulnerability in Gallery
Cross-site scripting (XSS) vulnerability in Gallery before 1.5.3 allows remote attackers to inject arbitrary web script or HTML via unknown attack vectors.
network
gallery-project
4.3
2006-01-21 CVE-2006-0330 HTML Injection vulnerability in Gallery User Name
Cross-site scripting (XSS) vulnerability in Gallery before 1.5.2 allows remote attackers to inject arbitrary web script or HTML via unknown attack vectors, possibly involving the user name (fullname).
network
gallery-project
4.3
2005-08-30 CVE-2005-2734 Unspecified vulnerability in Gallery Project Gallery
Cross-site scripting (XSS) vulnerability in Gallery 1.5.1-RC2 and earlier allows remote attackers to inject arbitrary web script or HTML via EXIF data, such as the Camera Model Tag.
network
gallery-project
4.3
2004-12-31 CVE-2004-2124 Remote Global Variable Injection vulnerability in Gallery
The register_globals simulation capability in Gallery 1.3.1 through 1.4.1 allows remote attackers to modify the HTTP_POST_VARS variable and conduct a PHP remote file inclusion attack via the GALLERY_BASEDIR parameter, a different vulnerability than CVE-2002-1412.
network
low complexity
gallery-project
5.0
2004-08-06 CVE-2004-0522 Authentication Bypass vulnerability in Gallery Project and Debian
Gallery 1.4.3 and earlier allows remote attackers to bypass authentication and obtain Gallery administrator privileges.
network
low complexity
gallery-project debian
critical
10.0