Vulnerabilities > Gallery Project > Gallery > 2.0.alpha1
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2006-03-14 | CVE-2006-1219 | Local File Include vulnerability in Gallery Directory traversal vulnerability in Gallery 2.0.3 and earlier, and 2.1 before RC-2a, allows remote attackers to include arbitrary PHP files via ".." (dot dot) sequences in the stepOrder parameter to (1) upgrade/index.php or (2) install/index.php. | 5.0 |
2006-03-09 | CVE-2006-1128 | Unspecified vulnerability in Gallery Project Gallery Directory traversal vulnerability in the session handling class (GallerySession.class) in Gallery 2 up to 2.0.2 allows remote attackers to access and delete files by specifying the session in a cookie, which is used in constructing file paths before the session value is sanitized. | 6.4 |
2006-03-09 | CVE-2006-1127 | HTML Injection vulnerability in Gallery Album Comments Cross-site scripting (XSS) vulnerability in Gallery 2 up to 2.0.2 allows remote attackers to inject arbitrary web script or HTML via the X-Forwarded-For (X_FORWARDED_FOR) HTTP header, which is not properly handled when adding a comment to an album. network gallery-project | 4.3 |
2005-12-05 | CVE-2005-4022 | Input Validation vulnerability in Gallery Cross-site scripting (XSS) vulnerability in the "Add Image From Web" feature in Gallery 2.0 before 2.0.2 allows remote attackers to inject arbitrary web script or HTML via Javascript in an IMG tag. network gallery-project | 4.3 |
2005-12-05 | CVE-2005-4021 | Input Validation vulnerability in Gallery The installer for Gallery 2.0 before 2.0.2 stores the install log under the web document root with insufficient access control, which allows remote attackers to obtain sensitive information. | 5.0 |
2005-10-17 | CVE-2005-3251 | Directory Traversal vulnerability in Gallery Directory traversal vulnerability in the gallery script in Gallery 2.0 (G2) allows remote attackers to read or include arbitrary files via ".." sequences in the g2_itemId parameter. | 6.4 |