CVSS: 9.8EPSS: 1%CPEs: 1EXPL: 1CVE-2007-2076
https://notcve.org/view.php?id=CVE-2007-2076
18 Apr 2007 — PHP remote file inclusion vulnerability in index.php in Maian Gallery 1.0 allows remote attackers to execute arbitrary PHP code via a URL in the path_to_folder parameter. NOTE: this issue was disputed by a third party researcher, but confirmed by the vendor, stating "this problem existed only briefly in v1.0." Vulnerabilidad de inclusión remota de archivo en PHP en index.php de Maian Gallery 1.0 permite a atacantes remotos ejecutar código PHP de su elección mediante una URL en el parámetro path_to_folder. N... • http://archives.neohapsis.com/archives/bugtraq/2007-04/0244.html •
CVSS: 7.5EPSS: 0%CPEs: 15EXPL: 0CVE-2006-4030
https://notcve.org/view.php?id=CVE-2006-4030
16 Aug 2006 — Unspecified vulnerability in the stats module in Gallery 1.5.1-RC2 and earlier allows remote attackers to obtain sensitive information via unspecified attack vectors, related to "two file exposure bugs." Vulnerabilidad no especificada en el módulo de estadísticas en Gallery 1.5.1-RC2 y anteriores permite a atacantes remotos obtener información sensible a través de vectores de ataque desconocidos, relacionados con "dos bugs de exposición de archivos". • http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=325285 •
CVSS: 6.1EPSS: 0%CPEs: 20EXPL: 0CVE-2006-1696
https://notcve.org/view.php?id=CVE-2006-1696
11 Apr 2006 — Cross-site scripting (XSS) vulnerability in Gallery before 1.5.3 allows remote attackers to inject arbitrary web script or HTML via unknown attack vectors. • http://secunia.com/advisories/19580 •
CVSS: 8.0EPSS: 2%CPEs: 16EXPL: 0CVE-2006-0587
https://notcve.org/view.php?id=CVE-2006-0587
08 Feb 2006 — Unspecified vulnerability in util.php in Gallery before 1.5.2-pl2 allows remote authenticated users with trick an owner into modifying stored album data and possibly executing arbitrary code via unspecified vectors involving a crafted link to a crafted file. Vulnerabilidad no especificada en util.php de Gallery anteriores a 1.5.2-pl12 permite a usuarios remotos autenticados engañar a un propietario para modificar datos de álbumes almacenados y posiblemente ejecutar código de su elección mediante vectores no... • http://archives.neohapsis.com/archives/bugtraq/2006-02/0224.html •
CVSS: 6.1EPSS: 1%CPEs: 16EXPL: 0CVE-2006-0330
https://notcve.org/view.php?id=CVE-2006-0330
21 Jan 2006 — Cross-site scripting (XSS) vulnerability in Gallery before 1.5.2 allows remote attackers to inject arbitrary web script or HTML via unknown attack vectors, possibly involving the user name (fullname). • http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=325285 •
CVSS: 6.1EPSS: 0%CPEs: 14EXPL: 0CVE-2005-2734
https://notcve.org/view.php?id=CVE-2005-2734
29 Aug 2005 — Cross-site scripting (XSS) vulnerability in Gallery 1.5.1-RC2 and earlier allows remote attackers to inject arbitrary web script or HTML via EXIF data, such as the Camera Model Tag. • http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=325285 •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2005-2596
https://notcve.org/view.php?id=CVE-2005-2596
17 Aug 2005 — User.php in Gallery, as used in Postnuke, allows users with any Admin privileges to gain access to all galleries. • http://gallery.menalto.com/index.php?name=PNphpBB2&file=viewtopic&t=7048 •
CVSS: 5.0EPSS: 1%CPEs: 1EXPL: 1CVE-2005-1947
https://notcve.org/view.php?id=CVE-2005-1947
09 Jun 2005 — Cross-site request forgery (CSRF) vulnerability in Invision Gallery before 1.3.1 allows remote attackers to delete albums and images as another user via a link or IMG tag to the (1) albums or (2) delimg actions. • http://marc.info/?l=bugtraq&m=111834146710329&w=2 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2005-0219
https://notcve.org/view.php?id=CVE-2005-0219
06 Feb 2005 — Multiple cross-site scripting (XSS) vulnerabilities in Gallery 1.3.4-pl1 allow remote attackers to inject arbitrary web script or HTML via (1) the index field in add_comment.php, (2) set_albumName, (3) slide_index, (4) slide_full, (5) slide_loop, (6) slide_pause, (7) slide_dir fields in slideshow_low.php, or (8) username field in search.php. • http://archives.neohapsis.com/archives/vulnwatch/2005-q1/0031.html •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2005-0220
https://notcve.org/view.php?id=CVE-2005-0220
06 Feb 2005 — Cross-site scripting vulnerability in login.php in Gallery 1.4.4-pl2 allows remote attackers to inject arbitrary web script or HTML via the username field. • http://archives.neohapsis.com/archives/vulnwatch/2005-q1/0031.html •