Search
Search Results (29 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2004-0522 | 2 Debian, Gallery Project | 2 Debian Linux, Gallery | 2026-04-16 | N/A |
| Gallery 1.4.3 and earlier allows remote attackers to bypass authentication and obtain Gallery administrator privileges. | ||||
| CVE-2006-0587 | 1 Gallery Project | 1 Gallery | 2026-04-16 | N/A |
| Unspecified vulnerability in util.php in Gallery before 1.5.2-pl2 allows remote authenticated users with trick an owner into modifying stored album data and possibly executing arbitrary code via unspecified vectors involving a crafted link to a crafted file. | ||||
| CVE-2004-1106 | 2 Gallery Project, Gentoo | 2 Gallery, Linux | 2026-04-16 | N/A |
| Cross-site scripting (XSS) vulnerability in Gallery 1.4.4-pl3 and earlier allows remote attackers to execute arbitrary web script or HTML via "specially formed URLs," possibly via the include parameter in index.php. | ||||
| CVE-2005-4023 | 1 Gallery Project | 1 Gallery | 2026-04-16 | N/A |
| Unspecified vulnerability in the zipcart module in Gallery 2.0 before 2.0.2 allows remote attackers to read arbitrary files via unknown vectors. | ||||
| CVE-2004-2124 | 1 Gallery Project | 1 Gallery | 2026-04-16 | N/A |
| The register_globals simulation capability in Gallery 1.3.1 through 1.4.1 allows remote attackers to modify the HTTP_POST_VARS variable and conduct a PHP remote file inclusion attack via the GALLERY_BASEDIR parameter, a different vulnerability than CVE-2002-1412. | ||||
| CVE-2003-0614 | 1 Gallery Project | 1 Gallery | 2026-04-16 | N/A |
| Cross-site scripting (XSS) vulnerability in search.php of Gallery 1.1 through 1.3.4 allows remote attackers to insert arbitrary web script via the searchstring parameter. | ||||
| CVE-2005-2596 | 1 Gallery Project | 1 Gallery | 2026-04-16 | N/A |
| User.php in Gallery, as used in Postnuke, allows users with any Admin privileges to gain access to all galleries. | ||||
| CVE-2005-0219 | 1 Gallery Project | 1 Gallery | 2026-04-16 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Gallery 1.3.4-pl1 allow remote attackers to inject arbitrary web script or HTML via (1) the index field in add_comment.php, (2) set_albumName, (3) slide_index, (4) slide_full, (5) slide_loop, (6) slide_pause, (7) slide_dir fields in slideshow_low.php, or (8) username field in search.php. | ||||
| CVE-2012-4919 | 1 Gallery Project | 1 Gallery | 2024-11-21 | 9.8 Critical |
| Gallery Plugin1.4 for WordPress has a Remote File Include Vulnerability | ||||