Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
gallery gallery vulnerabilities and exploits
(subscribe to this query)
6.8
CVSSv2
CVE-2008-5296
Gallery 1.5.x prior to 1.5.10 and 1.6 prior to 1.6-RC3, when register_globals is enabled, allows remote malicious users to bypass authentication and gain administrative via unspecified cookies. NOTE: some of these details are obtained from third party information.
Gallery Gallery
Gallery Gallery 1.4.1
Gallery Gallery 1.4.4
Gallery Gallery 1.3.2
Gallery Gallery 1.3.3
Gallery Gallery 1.5.2
Gallery Gallery 1.5.7
Gallery Gallery 1.2.1
Gallery Gallery 1.3.1
Gallery Gallery 1.5.1
Gallery Gallery 1.3.4
Gallery Gallery 1.4
5
CVSSv2
CVE-2006-4030
Unspecified vulnerability in the stats module in Gallery 1.5.1-RC2 and previous versions allows remote malicious users to obtain sensitive information via unspecified attack vectors, related to "two file exposure bugs."
Gallery Project Gallery 1.4.3 Pl1
Gallery Project Gallery 1.4.3 Pl2
Gallery Project Gallery 1.5
Gallery Project Gallery 1.5.1
Gallery Project Gallery 1.4
Gallery Project Gallery 1.4.4 Pl4
Gallery Project Gallery 1.4.4 Pl5
Gallery Project Gallery 1.4.1
Gallery Project Gallery 1.4.2
Gallery Project Gallery 1.4 Pl1
Gallery Project Gallery 1.4 Pl2
Gallery Project Gallery 1.4.4 Pl2
Gallery Project Gallery 1.4.4 Pl3
Gallery Project Gallery 1.5 Pl1
Gallery Project Gallery
4
CVSSv2
CVE-2008-4129
Gallery prior to 1.5.9, and 2.x prior to 2.2.6, does not properly handle ZIP archives containing symbolic links, which allows remote authenticated users to conduct directory traversal attacks and read arbitrary files via vectors related to the archive upload (aka zip upload) func...
Gallery Gallery 2.2.2
Gallery Gallery 2.2.0
Gallery Gallery 2.2.1
Gallery Gallery 2.2.4
Gallery Gallery 2.2.3
Gallery Gallery
4.3
CVSSv2
CVE-2008-4130
Cross-site scripting (XSS) vulnerability in Gallery 2.x prior to 2.2.6 allows remote malicious users to inject arbitrary web script or HTML via a crafted Flash animation, related to the ability of the animation to "interact with the embedding page."
Gallery Gallery 2.2.4
Gallery Gallery 2.2.3
Gallery Gallery 2.2.2
Gallery Gallery 2.2.1
Gallery Gallery 2.2.0
Gallery Gallery
5
CVSSv2
CVE-2008-3662
Gallery prior to 1.5.9, and 2.x prior to 2.2.6, does not set the secure flag for the session cookie in an https session, which can cause the cookie to be sent in http requests and make it easier for remote malicious users to capture this cookie.
Gallery Gallery 2.2.1
Gallery Gallery 2.2.0
Gallery Gallery 2.2.3
Gallery Gallery 2.2.2
Gallery Gallery
Gallery Gallery 2.2.4
4.3
CVSSv2
CVE-2006-1696
Cross-site scripting (XSS) vulnerability in Gallery prior to 1.5.3 allows remote malicious users to inject arbitrary web script or HTML via unknown attack vectors.
Gallery Project Gallery 1.3.4
Gallery Project Gallery 1.4.4 Pl3
Gallery Project Gallery 1.4.4 Pl4
Gallery Project Gallery 1.5.2
Gallery Project Gallery 1.5.2 Pl1
Gallery Project Gallery 1.4
Gallery Project Gallery 1.4.1
Gallery Project Gallery 1.4.4 Pl5
Gallery Project Gallery 1.4 Pl1
Gallery Project Gallery 1.5.2 Pl2
Gallery Project Gallery 1.5.2 Rc2
Gallery Project Gallery 1.5.2 Rc3
Gallery Project Gallery 1.4.2
Gallery Project Gallery 1.4.3 Pl1
Gallery Project Gallery 1.4 Pl2
Gallery Project Gallery 1.5
Gallery Project Gallery 1.4.3 Pl2
Gallery Project Gallery 1.4.4 Pl2
Gallery Project Gallery 1.5.1
Gallery Project Gallery 1.5.1 Rc2
6.5
CVSSv2
CVE-2006-0587
Unspecified vulnerability in util.php in Gallery prior to 1.5.2-pl2 allows remote authenticated users with trick an owner into modifying stored album data and possibly executing arbitrary code via unspecified vectors involving a crafted link to a crafted file.
Gallery Project Gallery 1.4.3 Pl2
Gallery Project Gallery 1.4.4 Pl2
Gallery Project Gallery 1.4 Pl1
Gallery Project Gallery 1.4.2
Gallery Project Gallery 1.5.1
Gallery Project Gallery 1.5
Gallery Project Gallery 1.4.4 Pl3
Gallery Project Gallery 1.4.1
Gallery Project Gallery 1.5.1 Rc2
Gallery Project Gallery 1.4.3 Pl1
Gallery Project Gallery 1.4.4 Pl4
Gallery Project Gallery 1.5.2 Rc2
Gallery Project Gallery 1.4.4 Pl5
Gallery Project Gallery 1.3.4
Gallery Project Gallery 1.4 Pl2
Gallery Project Gallery 1.4
4.3
CVSSv2
CVE-2006-0330
Cross-site scripting (XSS) vulnerability in Gallery prior to 1.5.2 allows remote malicious users to inject arbitrary web script or HTML via unknown attack vectors, possibly involving the user name (fullname).
Gallery Project Gallery 1.3.4
Gallery Project Gallery 1.4.4 Pl4
Gallery Project Gallery 1.4.4 Pl5
Gallery Project Gallery 1.4.3 Pl2
Gallery Project Gallery 1.4.4 Pl2
Gallery Project Gallery 1.4.4 Pl3
Gallery Project Gallery 1.5.1 Rc2
Gallery Project Gallery 1.5.2 Rc2
Gallery Project Gallery 1.4.2
Gallery Project Gallery 1.4.3 Pl1
Gallery Project Gallery 1.5
Gallery Project Gallery 1.5.1
Gallery Project Gallery 1.4
Gallery Project Gallery 1.4.1
Gallery Project Gallery 1.4 Pl1
Gallery Project Gallery 1.4 Pl2
4.3
CVSSv2
CVE-2005-2734
Cross-site scripting (XSS) vulnerability in Gallery 1.5.1-RC2 and previous versions allows remote malicious users to inject arbitrary web script or HTML via EXIF data, such as the Camera Model Tag.
Gallery Project Gallery 1.4
Gallery Project Gallery 1.4.1
Gallery Project Gallery 1.4.4 Pl5
Gallery Project Gallery 1.4 Pl1
Gallery Project Gallery 1.4.2
Gallery Project Gallery 1.4.3 Pl1
Gallery Project Gallery 1.4 Pl2
Gallery Project Gallery 1.5
Gallery Project Gallery 1.4.3 Pl2
Gallery Project Gallery 1.4.4 Pl2
Gallery Project Gallery 1.5.1
Gallery Project Gallery 1.5.1 Rc2
Gallery Project Gallery 1.4.4 Pl3
Gallery Project Gallery 1.4.4 Pl4
5
CVSSv2
CVE-2006-1219
Directory traversal vulnerability in Gallery 2.0.3 and previous versions, and 2.1 before RC-2a, allows remote malicious users to include arbitrary PHP files via ".." (dot dot) sequences in the stepOrder parameter to (1) upgrade/index.php or (2) install/index.php.
Gallery Project Gallery 2.0.3
Gallery Project Gallery 2.0 Alpha
Gallery Project Gallery 2.0 Beta3
Gallery Project Gallery 2.1 Rc1
Gallery Project Gallery 2.0
Gallery Project Gallery 2.0 Alpha3
Gallery Project Gallery 2.0 Alpha4
Gallery Project Gallery 2.0 Alpha1
Gallery Project Gallery 2.0 Alpha2
Gallery Project Gallery 2.1 Rc2
Gallery Project Gallery 2.0.1
Gallery Project Gallery 2.0.2
Gallery Project Gallery 2.0 Beta1
Gallery Project Gallery 2.0 Beta2
1 EDB exploit
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-7073
CVE-2024-5496
CVE-2024-5495
XPath injection
bypass
CVE-2024-30043
CVE-2024-24919
denial of service
CVE-2024-35468
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
4
5
6
NEXT »