Vulnerabilities > Gallery Project > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2006-08-16 | CVE-2006-4030 | Information Disclosure vulnerability in Gallery Stats Module Unspecified Unspecified vulnerability in the stats module in Gallery 1.5.1-RC2 and earlier allows remote attackers to obtain sensitive information via unspecified attack vectors, related to "two file exposure bugs." Update to version 1.5-pl1. | 5.0 |
| 2006-04-11 | CVE-2006-1696 | Cross-Site Scripting vulnerability in Gallery Cross-site scripting (XSS) vulnerability in Gallery before 1.5.3 allows remote attackers to inject arbitrary web script or HTML via unknown attack vectors. network gallery-project | 4.3 |
| 2006-03-14 | CVE-2006-1219 | Local File Include vulnerability in Gallery Directory traversal vulnerability in Gallery 2.0.3 and earlier, and 2.1 before RC-2a, allows remote attackers to include arbitrary PHP files via ".." (dot dot) sequences in the stepOrder parameter to (1) upgrade/index.php or (2) install/index.php. | 5.0 |
| 2006-03-09 | CVE-2006-1128 | Unspecified vulnerability in Gallery Project Gallery Directory traversal vulnerability in the session handling class (GallerySession.class) in Gallery 2 up to 2.0.2 allows remote attackers to access and delete files by specifying the session in a cookie, which is used in constructing file paths before the session value is sanitized. | 6.4 |
| 2006-03-09 | CVE-2006-1127 | HTML Injection vulnerability in Gallery Album Comments Cross-site scripting (XSS) vulnerability in Gallery 2 up to 2.0.2 allows remote attackers to inject arbitrary web script or HTML via the X-Forwarded-For (X_FORWARDED_FOR) HTTP header, which is not properly handled when adding a comment to an album. network gallery-project | 4.3 |
| 2006-03-09 | CVE-2006-1126 | Remote Security vulnerability in Gallery Project Gallery 2.0.2 Gallery 2 up to 2.0.2 allows remote attackers to spoof their IP address via a modified X-Forwarded-For (X_FORWARDED_FOR) HTTP header, which is checked by Gallery before other more reliable sources of IP address information, such as REMOTE_ADDR. | 6.4 |
| 2006-01-21 | CVE-2006-0330 | HTML Injection vulnerability in Gallery User Name Cross-site scripting (XSS) vulnerability in Gallery before 1.5.2 allows remote attackers to inject arbitrary web script or HTML via unknown attack vectors, possibly involving the user name (fullname). network gallery-project | 4.3 |
| 2005-12-05 | CVE-2005-4023 | Input Validation vulnerability in Gallery Unspecified vulnerability in the zipcart module in Gallery 2.0 before 2.0.2 allows remote attackers to read arbitrary files via unknown vectors. | 5.0 |
| 2005-12-05 | CVE-2005-4022 | Input Validation vulnerability in Gallery Cross-site scripting (XSS) vulnerability in the "Add Image From Web" feature in Gallery 2.0 before 2.0.2 allows remote attackers to inject arbitrary web script or HTML via Javascript in an IMG tag. network gallery-project | 4.3 |
| 2005-12-05 | CVE-2005-4021 | Input Validation vulnerability in Gallery The installer for Gallery 2.0 before 2.0.2 stores the install log under the web document root with insufficient access control, which allows remote attackers to obtain sensitive information. | 5.0 |