Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
gallery project vulnerabilities and exploits
(subscribe to this query)
6.8
CVSSv2
CVE-2004-1106
Cross-site scripting (XSS) vulnerability in Gallery 1.4.4-pl3 and previous versions allows remote malicious users to execute arbitrary web script or HTML via "specially formed URLs," possibly via the include parameter in index.php.
Gallery Project Gallery 1.4.3 Pl2
Gallery Project Gallery 1.4 Pl1
Gallery Project Gallery 1.4.2
Gallery Project Gallery 1.4.1
Gallery Project Gallery 1.4.3 Pl1
Gallery Project Gallery 1.4 Pl2
Gallery Project Gallery 1.4
Gentoo Linux
6.5
CVSSv2
CVE-2021-34257
Multiple Remote Code Execution (RCE) vulnerabilities exist in WPanel 4 4.3.1 and below via a malicious PHP file upload to (1) Dashboard's Avatar image, (2) Posts Folder image, (3) Pages Folder image and (4) Gallery Folder image.
Wpanel Cms Project Wpanel Cms
6.5
CVSSv2
CVE-2016-10940
The zm-gallery plugin 1.0 for WordPress has SQL injection via the order parameter.
Zm-gallery Project Zm-gallery 1.0
6.5
CVSSv2
CVE-2014-5186
SQL injection vulnerability in the All Video Gallery (all-video-gallery) plugin 1.2 for WordPress allows remote authenticated administrators to execute arbitrary SQL commands via the id parameter in an edit action in the allvideogallery_videos page to wp-admin/admin.php.
All Video Gallery Plugin Project All-video-gallery 1.2
6.5
CVSSv2
CVE-2012-3873
Multiple SQL injection vulnerabilities in Open Constructor 3.12.0 allow remote authenticated users to execute arbitrary SQL commands via the id parameter to (1) data/gallery/edit.php, (2) data/guestbook/edit.php, (3) data/file/edit.php, (4) data/htmltext/edit.php, (5) data/public...
Openconstructor Project Openconstructor 3.12.0
1 EDB exploit
6.5
CVSSv2
CVE-2006-0587
Unspecified vulnerability in util.php in Gallery prior to 1.5.2-pl2 allows remote authenticated users with trick an owner into modifying stored album data and possibly executing arbitrary code via unspecified vectors involving a crafted link to a crafted file.
Gallery Project Gallery 1.4.3 Pl2
Gallery Project Gallery 1.4.4 Pl2
Gallery Project Gallery 1.4 Pl1
Gallery Project Gallery 1.4.2
Gallery Project Gallery 1.5.1
Gallery Project Gallery 1.5
Gallery Project Gallery 1.4.4 Pl3
Gallery Project Gallery 1.4.1
Gallery Project Gallery 1.5.1 Rc2
Gallery Project Gallery 1.4.3 Pl1
Gallery Project Gallery 1.4.4 Pl4
Gallery Project Gallery 1.5.2 Rc2
Gallery Project Gallery 1.4.4 Pl5
Gallery Project Gallery 1.3.4
Gallery Project Gallery 1.4 Pl2
Gallery Project Gallery 1.4
6.4
CVSSv2
CVE-2006-1126
Gallery 2 up to 2.0.2 allows remote malicious users to spoof their IP address via a modified X-Forwarded-For (X_FORWARDED_FOR) HTTP header, which is checked by Gallery before other more reliable sources of IP address information, such as REMOTE_ADDR.
Gallery Project Gallery 2.0.2
6.4
CVSSv2
CVE-2006-1128
Directory traversal vulnerability in the session handling class (GallerySession.class) in Gallery 2 up to 2.0.2 allows remote malicious users to access and delete files by specifying the session in a cookie, which is used in constructing file paths before the session value is san...
Gallery Project Gallery 2.0
Gallery Project Gallery 2.0 Alpha4
Gallery Project Gallery 2.0 Beta1
Gallery Project Gallery 2.0 Beta2
Gallery Project Gallery 2.0.1
Gallery Project Gallery 2.0.2
Gallery Project Gallery 2.0 Beta3
Gallery Project Gallery 2.0 Alpha
Gallery Project Gallery 2.0 Alpha1
Gallery Project Gallery 2.0 Alpha2
Gallery Project Gallery 2.0 Alpha3
1 EDB exploit
6.4
CVSSv2
CVE-2005-3251
Directory traversal vulnerability in the gallery script in Gallery 2.0 (G2) allows remote malicious users to read or include arbitrary files via ".." sequences in the g2_itemId parameter.
Gallery Project Gallery 2.0 Alpha4
Gallery Project Gallery 2.0 Beta1
Gallery Project Gallery 2.0 Beta2
Gallery Project Gallery 2.0 Beta3
Gallery Project Gallery 2.0
Gallery Project Gallery 2.0 Alpha2
Gallery Project Gallery 2.0 Alpha1
Gallery Project Gallery 2.0 Alpha3
5
CVSSv2
CVE-2015-9483
The ThemeMakers Invento Responsive Gallery/Architecture Template component through 2015-05-15 for WordPress allows remote malicious users to obtain sensitive information (such as user_login, user_pass, and user_email values) via a direct request for the wp-content/uploads/tmm_db_...
Invento \\/ Architecture Building Agency Template Project Invento \\/ Architecture Building Agency Template
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
SSTI
CVE-2024-35863
CVE-2024-35910
man-in-the-middle
CVE-2024-35912
CVE-2024-25742
LFI
CVE-2024-32002
CVE-2024-22120
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
NEXT »