CVE-2002-2130
https://notcve.org/view.php?id=CVE-2002-2130
publish_xp_docs.php in Gallery 1.3.2 allows remote attackers to execute arbitrary PHP code by modifying the GALLERY_BASEDIR parameter to reference a URL on a remote web server that contains the code. • http://archives.neohapsis.com/archives/bugtraq/2002-12/0260.html http://gallery.menalto.com/modules.php?op=modload&name=News&file=article&sid=64&mode=thread&order=0&thold=0 http://www.iss.net/security_center/static/10943.php http://www.securityfocus.com/bid/6489 •
CVE-2001-0900 – bharat Mediratta Gallery 1.1/1.2 - Directory Traversal
https://notcve.org/view.php?id=CVE-2001-0900
Directory traversal vulnerability in modules.php in Gallery before 1.2.3 allows remote attackers to read arbitrary files via a .. (dot dot) in the include parameter. • https://www.exploit-db.com/exploits/21157 http://marc.info/?l=bugtraq&m=100619599000590&w=2 http://www.menalto.com/projects/gallery/article.php?sid=33&mode=&order= http://www.osvdb.org/677 http://www.securityfocus.com/bid/3554 https://exchange.xforce.ibmcloud.com/vulnerabilities/7580 •
CVE-2001-1234
https://notcve.org/view.php?id=CVE-2001-1234
Bharat Mediratta Gallery PHP script before 1.2.1 allows remote attackers to execute arbitrary code by including files from remote web sites via an HTTP request that modifies the includedir variable. • http://archives.neohapsis.com/archives/bugtraq/2001-10/0012.html http://prdownloads.sourceforge.net/gallery/gallery-1.2.5.tar.gz http://www.iss.net/security_center/static/7215.php http://www.osvdb.org/1967 http://www.securityfocus.com/bid/3397 •