CVE-2002-1412 – Bharat Mediratta Gallery 1.x - Remote File Inclusion
https://notcve.org/view.php?id=CVE-2002-1412
Gallery photo album package before 1.3.1 allows local and possibly remote attackers to execute arbitrary code via a modified GALLERY_BASEDIR variable that points to a directory or URL that contains a Trojan horse init.php script. El paquete album de fotos Gallery anterior a 1.3.1permite a atacantes locales y posiblemente remotos ejecutar código arbitrario mediante una variable GALLERY_BASEDIR que apunta a un directorio o una URL que contiene un script php.ini que sea caballo de Troya. • https://www.exploit-db.com/exploits/21676 http://archives.neohapsis.com/archives/bugtraq/2002-07/0471.html http://gallery.menalto.com/modules.php?op=modload&name=News&file=article&sid=50&mode=thread&order=0&thold=0 http://www.debian.org/security/2002/dsa-138 http://www.securityfocus.com/bid/5375 https://exchange.xforce.ibmcloud.com/vulnerabilities/9737 •
CVE-2001-0900 – bharat Mediratta Gallery 1.1/1.2 - Directory Traversal
https://notcve.org/view.php?id=CVE-2001-0900
Directory traversal vulnerability in modules.php in Gallery before 1.2.3 allows remote attackers to read arbitrary files via a .. (dot dot) in the include parameter. • https://www.exploit-db.com/exploits/21157 http://marc.info/?l=bugtraq&m=100619599000590&w=2 http://www.menalto.com/projects/gallery/article.php?sid=33&mode=&order= http://www.osvdb.org/677 http://www.securityfocus.com/bid/3554 https://exchange.xforce.ibmcloud.com/vulnerabilities/7580 •
CVE-2001-1234
https://notcve.org/view.php?id=CVE-2001-1234
Bharat Mediratta Gallery PHP script before 1.2.1 allows remote attackers to execute arbitrary code by including files from remote web sites via an HTTP request that modifies the includedir variable. • http://archives.neohapsis.com/archives/bugtraq/2001-10/0012.html http://prdownloads.sourceforge.net/gallery/gallery-1.2.5.tar.gz http://www.iss.net/security_center/static/7215.php http://www.osvdb.org/1967 http://www.securityfocus.com/bid/3397 •