CVE-2005-2734
https://notcve.org/view.php?id=CVE-2005-2734
Cross-site scripting (XSS) vulnerability in Gallery 1.5.1-RC2 and earlier allows remote attackers to inject arbitrary web script or HTML via EXIF data, such as the Camera Model Tag. • http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=325285 http://marc.info/?l=bugtraq&m=112511025414488&w=2 http://secunia.com/advisories/16594 http://secunia.com/advisories/21502 http://securitytracker.com/id?1014800 http://sourceforge.net/project/shownotes.php?release_id=352576 http://www.securityfocus.com/bid/14668 http://www.us.debian.org/security/2006/dsa-1148 https://exchange.xforce.ibmcloud.com/vulnerabilities/22020 •
CVE-2005-2603 – My Image Gallery 1.4.1 - 'index.php' Multiple Cross-Site Scripting Vulnerabilities
https://notcve.org/view.php?id=CVE-2005-2603
Cross-site scripting (XSS) vulnerability in index.php for My Image Gallery (Mig ) 1.4.1 allows remote attackers to inject arbitrary web script or HTML via the (1) currDir or (2) image parameters. • https://www.exploit-db.com/exploits/26153 http://secunia.com/advisories/16405 http://secwatch.org/advisories/secwatch/20050813_Mig.txt http://sourceforge.net/project/shownotes.php?release_id=349348 http://www.osvdb.org/18741 http://www.securityfocus.com/bid/14570 http://www.vupen.com/english/advisories/2005/1432 •
CVE-2005-2604
https://notcve.org/view.php?id=CVE-2005-2604
index.php for My Image Gallery (Mig ) 1.4.1 allows remote attackers to obtain the web server path via certain currDir and image arguments, which leaks the path in an error message. • http://secunia.com/advisories/16405 http://secwatch.org/advisories/secwatch/20050813_Mig.txt http://sourceforge.net/project/shownotes.php?release_id=349348 http://www.osvdb.org/18742 http://www.securityfocus.com/bid/14570 http://www.vupen.com/english/advisories/2005/1432 •
CVE-2004-2124 – Gallery 1.3.x/1.4 - Remote Global Variable Injection
https://notcve.org/view.php?id=CVE-2004-2124
The register_globals simulation capability in Gallery 1.3.1 through 1.4.1 allows remote attackers to modify the HTTP_POST_VARS variable and conduct a PHP remote file inclusion attack via the GALLERY_BASEDIR parameter, a different vulnerability than CVE-2002-1412. • https://www.exploit-db.com/exploits/23599 http://gallery.menalto.com/modules.php?op=modload&name=News&file=index http://marc.info/?l=bugtraq&m=107524414317693&w=2 http://secunia.com/advisories/10712 http://www.gentoo.org/security/en/glsa/glsa-200402-04.xml http://www.osvdb.org/3737 http://www.securityfocus.com/bid/9490 https://exchange.xforce.ibmcloud.com/vulnerabilities/14950 •
CVE-2004-1106
https://notcve.org/view.php?id=CVE-2004-1106
Cross-site scripting (XSS) vulnerability in Gallery 1.4.4-pl3 and earlier allows remote attackers to execute arbitrary web script or HTML via "specially formed URLs," possibly via the include parameter in index.php. Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en Gallery 1.4.4-pl3 y anteriores permite a atacantes remotos ejecutar script web o HTML de su elección mediante "URL s especialmente malformadas", posiblemente mediante un parámetro include en index.php • http://g3cko.info/gallery2-4.patch http://gallery.menalto.com/modules.php?op=modload&name=News&file=article&sid=142&mode=thread&order=0&thold=0 http://www.debian.org/security/2005/dsa-642 http://www.gentoo.org/security/en/glsa/glsa-200411-10.xml http://www.securityfocus.com/bid/11602 https://exchange.xforce.ibmcloud.com/vulnerabilities/17948 •