CVSS: 10.0EPSS: 0%CPEs: 18EXPL: 0CVE-2004-0522
https://notcve.org/view.php?id=CVE-2004-0522
Gallery 1.4.3 and earlier allows remote attackers to bypass authentication and obtain Gallery administrator privileges. Gallery 1.4.3 y anteriores permite a atacantes remotos saltarse la autenticación y obtener privilegios de administrador de Gallery. • http://secunia.com/advisories/11752 http://security.gentoo.org/glsa/glsa-200406-10.xml http://www.debian.org/security/2004/dsa-512 http://www.securityfocus.com/bid/10451 https://exchange.xforce.ibmcloud.com/vulnerabilities/16301 •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2003-1525
https://notcve.org/view.php?id=CVE-2003-1525
Unspecified vulnerability in My Photo Gallery 3.5, and possibly earlier versions, has unknown impact and attack vectors. • http://www.fuzzymonkey.org/newfuzzy/software/perl/photo/README.html http://www.securityfocus.com/bid/8872 https://exchange.xforce.ibmcloud.com/vulnerabilities/13498 •
CVSS: 7.5EPSS: 2%CPEs: 2EXPL: 3CVE-2003-1227 – Gallery 1.4 - 'index.php' Remote File Inclusion
https://notcve.org/view.php?id=CVE-2003-1227
PHP remote file include vulnerability in index.php for Gallery 1.4 and 1.4-pl1, when running on Windows or in Configuration mode on Unix, allows remote attackers to inject arbitrary PHP code via a URL in the GALLERY_BASEDIR parameter, a different vulnerability than CVE-2002-1412. NOTE: this issue might be exploitable only during installation, or if the administrator has not run a security script after installation. • https://www.exploit-db.com/exploits/23238 http://www.securityfocus.com/archive/1/341044 http://www.securityfocus.com/archive/1/341094 http://www.securityfocus.com/archive/1/341098 http://www.securityfocus.com/bid/8814 https://exchange.xforce.ibmcloud.com/vulnerabilities/13419 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 4.6EPSS: 0%CPEs: 5EXPL: 0CVE-2003-0771
https://notcve.org/view.php?id=CVE-2003-0771
Gallery.pm in Apache::Gallery (aka A::G) uses predictable temporary filenames when running Inline::C, which allows local users to execute arbitrary code by creating and modifying the files before Apache::Gallery does. Gallery.pm en Apache::Gallery (también llamado A::G) usa nombres de ficheros temporales predecibles cuando ejecuta Inline::C, lo que permite a usuarios locales ejecutar código arbitrario creando y modificando los ficheros antes de que Apache::Gallery lo haga. • http://marc.info/?l=bugtraq&m=106304236914921&w=2 •
CVSS: 4.3EPSS: 0%CPEs: 13EXPL: 1CVE-2003-0614 – Gallery 1.2/1.3.x - Search Engine Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2003-0614
Cross-site scripting (XSS) vulnerability in search.php of Gallery 1.1 through 1.3.4 allows remote attackers to insert arbitrary web script via the searchstring parameter. Vulnerabilidad en sitios cruzados en search.php de Gallery 1.1 a 1.3.4 permite a atacantes remotos insertar script web mediante el parámetro searchstring • https://www.exploit-db.com/exploits/22961 http://gallery.menalto.com/modules.php?op=modload&name=News&file=article&sid=82&mode=thread&order=0&thold=0 http://marc.info/?l=bugtraq&m=106252092421469&w=2 http://www.debian.org/security/2003/dsa-355 http://www.securityfocus.com/archive/1/330676 http://www.securityfocus.com/archive/1/348641/30/21790/threaded •