Vulnerabilities > Gallery Project > Gallery > Medium

DATE CVE VULNERABILITY TITLE RISK
2006-08-16 CVE-2006-4030 Information Disclosure vulnerability in Gallery Stats Module Unspecified
Unspecified vulnerability in the stats module in Gallery 1.5.1-RC2 and earlier allows remote attackers to obtain sensitive information via unspecified attack vectors, related to "two file exposure bugs." Update to version 1.5-pl1.
network
low complexity
gallery-project
5.0
2006-04-11 CVE-2006-1696 Cross-Site Scripting vulnerability in Gallery
Cross-site scripting (XSS) vulnerability in Gallery before 1.5.3 allows remote attackers to inject arbitrary web script or HTML via unknown attack vectors.
network
gallery-project
4.3
2006-03-14 CVE-2006-1219 Local File Include vulnerability in Gallery
Directory traversal vulnerability in Gallery 2.0.3 and earlier, and 2.1 before RC-2a, allows remote attackers to include arbitrary PHP files via ".." (dot dot) sequences in the stepOrder parameter to (1) upgrade/index.php or (2) install/index.php.
network
low complexity
gallery-project
5.0
2006-03-09 CVE-2006-1128 Unspecified vulnerability in Gallery Project Gallery
Directory traversal vulnerability in the session handling class (GallerySession.class) in Gallery 2 up to 2.0.2 allows remote attackers to access and delete files by specifying the session in a cookie, which is used in constructing file paths before the session value is sanitized.
network
low complexity
gallery-project
6.4
2006-03-09 CVE-2006-1127 HTML Injection vulnerability in Gallery Album Comments
Cross-site scripting (XSS) vulnerability in Gallery 2 up to 2.0.2 allows remote attackers to inject arbitrary web script or HTML via the X-Forwarded-For (X_FORWARDED_FOR) HTTP header, which is not properly handled when adding a comment to an album.
network
gallery-project
4.3
2006-03-09 CVE-2006-1126 Remote Security vulnerability in Gallery Project Gallery 2.0.2
Gallery 2 up to 2.0.2 allows remote attackers to spoof their IP address via a modified X-Forwarded-For (X_FORWARDED_FOR) HTTP header, which is checked by Gallery before other more reliable sources of IP address information, such as REMOTE_ADDR.
network
low complexity
gallery-project
6.4
2006-01-21 CVE-2006-0330 HTML Injection vulnerability in Gallery User Name
Cross-site scripting (XSS) vulnerability in Gallery before 1.5.2 allows remote attackers to inject arbitrary web script or HTML via unknown attack vectors, possibly involving the user name (fullname).
network
gallery-project
4.3
2005-12-05 CVE-2005-4023 Input Validation vulnerability in Gallery
Unspecified vulnerability in the zipcart module in Gallery 2.0 before 2.0.2 allows remote attackers to read arbitrary files via unknown vectors.
network
low complexity
gallery-project
5.0
2005-12-05 CVE-2005-4022 Input Validation vulnerability in Gallery
Cross-site scripting (XSS) vulnerability in the "Add Image From Web" feature in Gallery 2.0 before 2.0.2 allows remote attackers to inject arbitrary web script or HTML via Javascript in an IMG tag.
network
gallery-project
4.3
2005-12-05 CVE-2005-4021 Input Validation vulnerability in Gallery
The installer for Gallery 2.0 before 2.0.2 stores the install log under the web document root with insufficient access control, which allows remote attackers to obtain sensitive information.
network
low complexity
gallery-project
5.0