Vulnerabilities > Gallery Project > Gallery > 1.4
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-01-22 | CVE-2012-4919 | Inclusion of Functionality from Untrusted Control Sphere vulnerability in Gallery Project Gallery 1.4 Gallery Plugin1.4 for WordPress has a Remote File Include Vulnerability | 7.5 |
| 2006-08-16 | CVE-2006-4030 | Information Disclosure vulnerability in Gallery Stats Module Unspecified Unspecified vulnerability in the stats module in Gallery 1.5.1-RC2 and earlier allows remote attackers to obtain sensitive information via unspecified attack vectors, related to "two file exposure bugs." Update to version 1.5-pl1. | 5.0 |
| 2006-04-11 | CVE-2006-1696 | Cross-Site Scripting vulnerability in Gallery Cross-site scripting (XSS) vulnerability in Gallery before 1.5.3 allows remote attackers to inject arbitrary web script or HTML via unknown attack vectors. network gallery-project | 4.3 |
| 2006-01-21 | CVE-2006-0330 | HTML Injection vulnerability in Gallery User Name Cross-site scripting (XSS) vulnerability in Gallery before 1.5.2 allows remote attackers to inject arbitrary web script or HTML via unknown attack vectors, possibly involving the user name (fullname). network gallery-project | 4.3 |
| 2005-08-30 | CVE-2005-2734 | Unspecified vulnerability in Gallery Project Gallery Cross-site scripting (XSS) vulnerability in Gallery 1.5.1-RC2 and earlier allows remote attackers to inject arbitrary web script or HTML via EXIF data, such as the Camera Model Tag. network gallery-project | 4.3 |
| 2004-12-31 | CVE-2004-2124 | Remote Global Variable Injection vulnerability in Gallery The register_globals simulation capability in Gallery 1.3.1 through 1.4.1 allows remote attackers to modify the HTTP_POST_VARS variable and conduct a PHP remote file inclusion attack via the GALLERY_BASEDIR parameter, a different vulnerability than CVE-2002-1412. | 5.0 |
| 2004-08-06 | CVE-2004-0522 | Authentication Bypass vulnerability in Gallery Project and Debian Gallery 1.4.3 and earlier allows remote attackers to bypass authentication and obtain Gallery administrator privileges. | 10.0 |
| 2003-12-31 | CVE-2003-1227 | Code Injection vulnerability in Gallery Project Gallery 1.4/1.4Pl1 PHP remote file include vulnerability in index.php for Gallery 1.4 and 1.4-pl1, when running on Windows or in Configuration mode on Unix, allows remote attackers to inject arbitrary PHP code via a URL in the GALLERY_BASEDIR parameter, a different vulnerability than CVE-2002-1412. | 7.5 |