Show filters
40 Total Results
Displaying 31-40 of 40
Sort by:
Attacker Value
Unknown

CVE-2006-1600

Disclosure Date: April 03, 2006 (last updated February 22, 2025)
SQL injection vulnerability in category.php in PhpWebGallery 1.4.1 allows remote attackers to execute arbitrary SQL commands via the search parameter.
0
0
Attacker Value
Unknown

CVE-2006-0587

Disclosure Date: February 08, 2006 (last updated February 22, 2025)
Unspecified vulnerability in util.php in Gallery before 1.5.2-pl2 allows remote authenticated users with trick an owner into modifying stored album data and possibly executing arbitrary code via unspecified vectors involving a crafted link to a crafted file.
0
0
Attacker Value
Unknown

CVE-2006-0330

Disclosure Date: January 21, 2006 (last updated February 22, 2025)
Cross-site scripting (XSS) vulnerability in Gallery before 1.5.2 allows remote attackers to inject arbitrary web script or HTML via unknown attack vectors, possibly involving the user name (fullname).
0
0
Attacker Value
Unknown

CVE-2005-4228

Disclosure Date: December 14, 2005 (last updated February 22, 2025)
Multiple SQL injection vulnerabilities in PhpWebGallery 1.5.1 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) since, (2) sort_by, and (3) items_number parameters to comments.php, (4) the search parameter to category.php, and (5) image_id parameter to picture.php. NOTE: it was later reported that the comments.php/sort_by vector also affects 1.7.2 and earlier.
0
0
Attacker Value
Unknown

CVE-2005-2734

Disclosure Date: August 30, 2005 (last updated February 22, 2025)
Cross-site scripting (XSS) vulnerability in Gallery 1.5.1-RC2 and earlier allows remote attackers to inject arbitrary web script or HTML via EXIF data, such as the Camera Model Tag.
0
0
Attacker Value
Unknown

CVE-2005-2603

Disclosure Date: August 17, 2005 (last updated February 22, 2025)
Cross-site scripting (XSS) vulnerability in index.php for My Image Gallery (Mig ) 1.4.1 allows remote attackers to inject arbitrary web script or HTML via the (1) currDir or (2) image parameters.
0
0
Attacker Value
Unknown

CVE-2005-2604

Disclosure Date: August 17, 2005 (last updated February 22, 2025)
index.php for My Image Gallery (Mig ) 1.4.1 allows remote attackers to obtain the web server path via certain currDir and image arguments, which leaks the path in an error message.
0
0
Attacker Value
Unknown

CVE-2004-1106

Disclosure Date: January 10, 2005 (last updated February 22, 2025)
Cross-site scripting (XSS) vulnerability in Gallery 1.4.4-pl3 and earlier allows remote attackers to execute arbitrary web script or HTML via "specially formed URLs," possibly via the include parameter in index.php.
0
0
Attacker Value
Unknown

CVE-2004-2124

Disclosure Date: December 31, 2004 (last updated February 22, 2025)
The register_globals simulation capability in Gallery 1.3.1 through 1.4.1 allows remote attackers to modify the HTTP_POST_VARS variable and conduct a PHP remote file inclusion attack via the GALLERY_BASEDIR parameter, a different vulnerability than CVE-2002-1412.
0
0
Attacker Value
Unknown

CVE-2004-0522

Disclosure Date: August 06, 2004 (last updated February 22, 2025)
Gallery 1.4.3 and earlier allows remote attackers to bypass authentication and obtain Gallery administrator privileges.
0
0
View More Topics  < Previous