CVSS: 4.3EPSS: 0%CPEs: 11EXPL: 0CVE-2005-4022
https://notcve.org/view.php?id=CVE-2005-4022
Cross-site scripting (XSS) vulnerability in the "Add Image From Web" feature in Gallery 2.0 before 2.0.2 allows remote attackers to inject arbitrary web script or HTML via Javascript in an IMG tag. • http://secunia.com/advisories/17747 http://www.osvdb.org/21221 http://www.securityfocus.com/archive/1/418200/100/0/threaded http://www.securityfocus.com/bid/15614 http://www.vupen.com/english/advisories/2005/2681 •
CVSS: 5.0EPSS: 0%CPEs: 11EXPL: 0CVE-2005-4021
https://notcve.org/view.php?id=CVE-2005-4021
The installer for Gallery 2.0 before 2.0.2 stores the install log under the web document root with insufficient access control, which allows remote attackers to obtain sensitive information. • http://www.securityfocus.com/archive/1/418200/100/0/threaded http://www.securityfocus.com/bid/15614 http://www.vupen.com/english/advisories/2005/2681 •
CVSS: 6.4EPSS: 1%CPEs: 8EXPL: 1CVE-2005-3251
https://notcve.org/view.php?id=CVE-2005-3251
Directory traversal vulnerability in the gallery script in Gallery 2.0 (G2) allows remote attackers to read or include arbitrary files via ".." sequences in the g2_itemId parameter. • http://dipper.info/security/20051012 http://gallery.menalto.com/gallery_2.0.1_released http://secunia.com/advisories/17205 http://securityreason.com/securityalert/88 http://www.vuxml.org/freebsd/47bdabcf-3cf9-11da-baa2-0004614cc33d.html •
CVSS: 4.3EPSS: 0%CPEs: 14EXPL: 0CVE-2005-2734
https://notcve.org/view.php?id=CVE-2005-2734
Cross-site scripting (XSS) vulnerability in Gallery 1.5.1-RC2 and earlier allows remote attackers to inject arbitrary web script or HTML via EXIF data, such as the Camera Model Tag. • http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=325285 http://marc.info/?l=bugtraq&m=112511025414488&w=2 http://secunia.com/advisories/16594 http://secunia.com/advisories/21502 http://securitytracker.com/id?1014800 http://sourceforge.net/project/shownotes.php?release_id=352576 http://www.securityfocus.com/bid/14668 http://www.us.debian.org/security/2006/dsa-1148 https://exchange.xforce.ibmcloud.com/vulnerabilities/22020 •
CVSS: 4.6EPSS: 0%CPEs: 1EXPL: 0CVE-2005-2596
https://notcve.org/view.php?id=CVE-2005-2596
User.php in Gallery, as used in Postnuke, allows users with any Admin privileges to gain access to all galleries. • http://gallery.menalto.com/index.php?name=PNphpBB2&file=viewtopic&t=7048 http://secunia.com/advisories/16389 http://secunia.com/advisories/17367 http://www.debian.org/security/2005/dsa-879 http://www.securityfocus.com/bid/14547 •