CVE-2003-0614 – Gallery 1.2/1.3.x - Search Engine Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2003-0614
Cross-site scripting (XSS) vulnerability in search.php of Gallery 1.1 through 1.3.4 allows remote attackers to insert arbitrary web script via the searchstring parameter. Vulnerabilidad en sitios cruzados en search.php de Gallery 1.1 a 1.3.4 permite a atacantes remotos insertar script web mediante el parámetro searchstring • https://www.exploit-db.com/exploits/22961 http://gallery.menalto.com/modules.php?op=modload&name=News&file=article&sid=82&mode=thread&order=0&thold=0 http://marc.info/?l=bugtraq&m=106252092421469&w=2 http://www.debian.org/security/2003/dsa-355 http://www.securityfocus.com/archive/1/330676 http://www.securityfocus.com/archive/1/348641/30/21790/threaded •
CVE-2002-1412 – Bharat Mediratta Gallery 1.x - Remote File Inclusion
https://notcve.org/view.php?id=CVE-2002-1412
Gallery photo album package before 1.3.1 allows local and possibly remote attackers to execute arbitrary code via a modified GALLERY_BASEDIR variable that points to a directory or URL that contains a Trojan horse init.php script. El paquete album de fotos Gallery anterior a 1.3.1permite a atacantes locales y posiblemente remotos ejecutar código arbitrario mediante una variable GALLERY_BASEDIR que apunta a un directorio o una URL que contiene un script php.ini que sea caballo de Troya. • https://www.exploit-db.com/exploits/21676 http://archives.neohapsis.com/archives/bugtraq/2002-07/0471.html http://gallery.menalto.com/modules.php?op=modload&name=News&file=article&sid=50&mode=thread&order=0&thold=0 http://www.debian.org/security/2002/dsa-138 http://www.securityfocus.com/bid/5375 https://exchange.xforce.ibmcloud.com/vulnerabilities/9737 •