Vulnerabilities > Gallery Project > Gallery > 2.0.alpha2

DATE CVE VULNERABILITY TITLE RISK
2006-03-14 CVE-2006-1219 Local File Include vulnerability in Gallery
Directory traversal vulnerability in Gallery 2.0.3 and earlier, and 2.1 before RC-2a, allows remote attackers to include arbitrary PHP files via ".." (dot dot) sequences in the stepOrder parameter to (1) upgrade/index.php or (2) install/index.php.
network
low complexity
gallery-project
5.0
2006-03-09 CVE-2006-1128 Unspecified vulnerability in Gallery Project Gallery
Directory traversal vulnerability in the session handling class (GallerySession.class) in Gallery 2 up to 2.0.2 allows remote attackers to access and delete files by specifying the session in a cookie, which is used in constructing file paths before the session value is sanitized.
network
low complexity
gallery-project
6.4
2006-03-09 CVE-2006-1127 HTML Injection vulnerability in Gallery Album Comments
Cross-site scripting (XSS) vulnerability in Gallery 2 up to 2.0.2 allows remote attackers to inject arbitrary web script or HTML via the X-Forwarded-For (X_FORWARDED_FOR) HTTP header, which is not properly handled when adding a comment to an album.
network
gallery-project
4.3
2005-12-05 CVE-2005-4022 Input Validation vulnerability in Gallery
Cross-site scripting (XSS) vulnerability in the "Add Image From Web" feature in Gallery 2.0 before 2.0.2 allows remote attackers to inject arbitrary web script or HTML via Javascript in an IMG tag.
network
gallery-project
4.3
2005-12-05 CVE-2005-4021 Input Validation vulnerability in Gallery
The installer for Gallery 2.0 before 2.0.2 stores the install log under the web document root with insufficient access control, which allows remote attackers to obtain sensitive information.
network
low complexity
gallery-project
5.0
2005-10-17 CVE-2005-3251 Directory Traversal vulnerability in Gallery
Directory traversal vulnerability in the gallery script in Gallery 2.0 (G2) allows remote attackers to read or include arbitrary files via ".." sequences in the g2_itemId parameter.
network
low complexity
gallery-project
6.4