Vulnerabilities > Gallery Project > Gallery

DATE CVE VULNERABILITY TITLE RISK
2004-08-06 CVE-2004-0522 Authentication Bypass vulnerability in Gallery Project and Debian
Gallery 1.4.3 and earlier allows remote attackers to bypass authentication and obtain Gallery administrator privileges.
network
low complexity
gallery-project debian
critical
10.0
2003-12-31 CVE-2003-1227 Code Injection vulnerability in Gallery Project Gallery 1.4/1.4Pl1
PHP remote file include vulnerability in index.php for Gallery 1.4 and 1.4-pl1, when running on Windows or in Configuration mode on Unix, allows remote attackers to inject arbitrary PHP code via a URL in the GALLERY_BASEDIR parameter, a different vulnerability than CVE-2002-1412.
network
low complexity
gallery-project CWE-94
7.5
2003-08-27 CVE-2003-0614 Unspecified vulnerability in Gallery Project Gallery
Cross-site scripting (XSS) vulnerability in search.php of Gallery 1.1 through 1.3.4 allows remote attackers to insert arbitrary web script via the searchstring parameter.
network
gallery-project
4.3
2003-04-11 CVE-2002-1412 Remote File Include vulnerability in Bharat Mediratta Gallery
Gallery photo album package before 1.3.1 allows local and possibly remote attackers to execute arbitrary code via a modified GALLERY_BASEDIR variable that points to a directory or URL that contains a Trojan horse init.php script.
network
low complexity
gallery-project
7.5
2002-12-31 CVE-2002-2130 Remote Code Execution vulnerability in Gallery Project Gallery 1.3.2
publish_xp_docs.php in Gallery 1.3.2 allows remote attackers to execute arbitrary PHP code by modifying the GALLERY_BASEDIR parameter to reference a URL on a remote web server that contains the code.
network
low complexity
gallery-project
7.5
2002-12-31 CVE-2002-2123 Remote Code Execution vulnerability in Gallery Project Gallery 1.3.2
PHP remote file inclusion vulnerability in publish_xp_docs.php for Gallery 1.3.2 allows remote attackers to inject arbitrary PHP code by specifying a URL to an init.php file in the GALLERY_BASEDIR parameter.
network
low complexity
gallery-project
7.5
2001-10-02 CVE-2001-1234 Remote Arbitrary Code Execution vulnerability in Gallery Project Gallery 1.1/1.2/1.2.1
Bharat Mediratta Gallery PHP script before 1.2.1 allows remote attackers to execute arbitrary code by including files from remote web sites via an HTTP request that modifies the includedir variable.
network
low complexity
gallery-project
7.5