Search criteria
84 vulnerabilities found for gallery by gallery_project
FKIE_CVE-2012-4919
Vulnerability from fkie_nvd - Published: 2020-01-22 19:15 - Updated: 2024-11-21 01:43
Severity ?
Summary
Gallery Plugin1.4 for WordPress has a Remote File Include Vulnerability
References
| URL | Tags | ||
|---|---|---|---|
| PSIRT-CNA@flexerasoftware.com | http://www.securityfocus.com/bid/57650 | Third Party Advisory, VDB Entry | |
| PSIRT-CNA@flexerasoftware.com | https://exchange.xforce.ibmcloud.com/vulnerabilities/81713 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/57650 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://exchange.xforce.ibmcloud.com/vulnerabilities/81713 | Third Party Advisory, VDB Entry |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| gallery_project | gallery | 1.4 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:gallery_project:gallery:1.4:*:*:*:*:wordpress:*:*",
"matchCriteriaId": "B7053F00-4330-47E8-AE88-FAFDB96A675E",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Gallery Plugin1.4 for WordPress has a Remote File Include Vulnerability"
},
{
"lang": "es",
"value": "Gallery Plugin versi\u00f3n 1.4 para WordPress, presenta una Vulnerabilidad de Inclusi\u00f3n de Archivo Remota."
}
],
"id": "CVE-2012-4919",
"lastModified": "2024-11-21T01:43:45.077",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-01-22T19:15:10.327",
"references": [
{
"source": "PSIRT-CNA@flexerasoftware.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/57650"
},
{
"source": "PSIRT-CNA@flexerasoftware.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/81713"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/57650"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/81713"
}
],
"sourceIdentifier": "PSIRT-CNA@flexerasoftware.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-829"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2006-4030
Vulnerability from fkie_nvd - Published: 2006-08-16 22:04 - Updated: 2025-04-03 01:03
Severity ?
Summary
Unspecified vulnerability in the stats module in Gallery 1.5.1-RC2 and earlier allows remote attackers to obtain sensitive information via unspecified attack vectors, related to "two file exposure bugs."
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| gallery_project | gallery | * | |
| gallery_project | gallery | 1.4 | |
| gallery_project | gallery | 1.4.1 | |
| gallery_project | gallery | 1.4.2 | |
| gallery_project | gallery | 1.4.3_pl1 | |
| gallery_project | gallery | 1.4.3_pl2 | |
| gallery_project | gallery | 1.4.4_pl2 | |
| gallery_project | gallery | 1.4.4_pl3 | |
| gallery_project | gallery | 1.4.4_pl4 | |
| gallery_project | gallery | 1.4.4_pl5 | |
| gallery_project | gallery | 1.4_pl1 | |
| gallery_project | gallery | 1.4_pl2 | |
| gallery_project | gallery | 1.5 | |
| gallery_project | gallery | 1.5.1 | |
| gallery_project | gallery | 1.5_pl1 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:gallery_project:gallery:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E7891FC7-5630-4AF7-98E8-CF27BA3D6595",
"versionEndIncluding": "1.5.1_rc2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gallery_project:gallery:1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "B821AEB0-7C0C-407E-9CCB-EEB16E1A2719",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gallery_project:gallery:1.4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "F517D6BA-9793-4A4D-BDC6-2F5349F0B354",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gallery_project:gallery:1.4.2:*:*:*:*:*:*:*",
"matchCriteriaId": "E876B0F6-8363-43E0-8E00-E55B04A05F7F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gallery_project:gallery:1.4.3_pl1:*:*:*:*:*:*:*",
"matchCriteriaId": "4131E313-CB18-45D7-9F4C-096EB0337B7D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gallery_project:gallery:1.4.3_pl2:*:*:*:*:*:*:*",
"matchCriteriaId": "4A2D7CE2-1461-4D01-A4B1-9E6F7A68FB2F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gallery_project:gallery:1.4.4_pl2:*:*:*:*:*:*:*",
"matchCriteriaId": "AFA0436A-8294-44B4-B7D1-62A73BE4DFAC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gallery_project:gallery:1.4.4_pl3:*:*:*:*:*:*:*",
"matchCriteriaId": "A9125286-5A7D-4A1B-B5C4-888581B9798C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gallery_project:gallery:1.4.4_pl4:*:*:*:*:*:*:*",
"matchCriteriaId": "54143C9E-0EB0-4137-A01A-3E8C8A7412F0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gallery_project:gallery:1.4.4_pl5:*:*:*:*:*:*:*",
"matchCriteriaId": "89382A13-8E5D-44DC-8D6B-8FD8DCAFE525",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gallery_project:gallery:1.4_pl1:*:*:*:*:*:*:*",
"matchCriteriaId": "3C999044-00FE-4DE1-A235-F036FC9AE09A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gallery_project:gallery:1.4_pl2:*:*:*:*:*:*:*",
"matchCriteriaId": "36A59F6E-A44B-4949-8487-CB089BF1CE5B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gallery_project:gallery:1.5:*:*:*:*:*:*:*",
"matchCriteriaId": "8B6B3525-BD38-47CF-B60A-F392FABDA357",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gallery_project:gallery:1.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "BD453B4B-75B9-476D-B1A6-65AB8E09107E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gallery_project:gallery:1.5_pl1:*:*:*:*:*:*:*",
"matchCriteriaId": "80EB7ED6-F6AE-4E0E-BDEF-6F4E9D12F496",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Unspecified vulnerability in the stats module in Gallery 1.5.1-RC2 and earlier allows remote attackers to obtain sensitive information via unspecified attack vectors, related to \"two file exposure bugs.\""
},
{
"lang": "es",
"value": "Vulnerabilidad no especificada en el m\u00f3dulo de estad\u00edsticas en Gallery 1.5.1-RC2 y anteriores permite a atacantes remotos obtener informaci\u00f3n sensible a trav\u00e9s de vectores de ataque desconocidos, relacionados con \"dos bugs de exposici\u00f3n de archivos\"."
}
],
"evaluatorSolution": "Update to version 1.5-pl1.",
"id": "CVE-2006-4030",
"lastModified": "2025-04-03T01:03:51.193",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2006-08-16T22:04:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=325285"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/16594"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/21502"
},
{
"source": "cve@mitre.org",
"url": "http://www.debian.org/security/2006/dsa-1148"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/19453"
},
{
"source": "cve@mitre.org",
"url": "http://www.vupen.com/english/advisories/2006/3250"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=325285"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/16594"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/21502"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.debian.org/security/2006/dsa-1148"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/19453"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2006/3250"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2006-1696
Vulnerability from fkie_nvd - Published: 2006-04-11 10:02 - Updated: 2025-04-03 01:03
Severity ?
Summary
Cross-site scripting (XSS) vulnerability in Gallery before 1.5.3 allows remote attackers to inject arbitrary web script or HTML via unknown attack vectors.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| gallery_project | gallery | 1.3.4 | |
| gallery_project | gallery | 1.4 | |
| gallery_project | gallery | 1.4.1 | |
| gallery_project | gallery | 1.4.2 | |
| gallery_project | gallery | 1.4.3_pl1 | |
| gallery_project | gallery | 1.4.3_pl2 | |
| gallery_project | gallery | 1.4.4_pl2 | |
| gallery_project | gallery | 1.4.4_pl3 | |
| gallery_project | gallery | 1.4.4_pl4 | |
| gallery_project | gallery | 1.4.4_pl5 | |
| gallery_project | gallery | 1.4_pl1 | |
| gallery_project | gallery | 1.4_pl2 | |
| gallery_project | gallery | 1.5 | |
| gallery_project | gallery | 1.5.1 | |
| gallery_project | gallery | 1.5.1_rc2 | |
| gallery_project | gallery | 1.5.2 | |
| gallery_project | gallery | 1.5.2_pl1 | |
| gallery_project | gallery | 1.5.2_pl2 | |
| gallery_project | gallery | 1.5.2_rc2 | |
| gallery_project | gallery | 1.5.2_rc3 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:gallery_project:gallery:1.3.4:*:*:*:*:*:*:*",
"matchCriteriaId": "EF0D3AAC-9BB0-49E9-BD67-27A635DA34CB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gallery_project:gallery:1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "B821AEB0-7C0C-407E-9CCB-EEB16E1A2719",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gallery_project:gallery:1.4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "F517D6BA-9793-4A4D-BDC6-2F5349F0B354",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gallery_project:gallery:1.4.2:*:*:*:*:*:*:*",
"matchCriteriaId": "E876B0F6-8363-43E0-8E00-E55B04A05F7F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gallery_project:gallery:1.4.3_pl1:*:*:*:*:*:*:*",
"matchCriteriaId": "4131E313-CB18-45D7-9F4C-096EB0337B7D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gallery_project:gallery:1.4.3_pl2:*:*:*:*:*:*:*",
"matchCriteriaId": "4A2D7CE2-1461-4D01-A4B1-9E6F7A68FB2F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gallery_project:gallery:1.4.4_pl2:*:*:*:*:*:*:*",
"matchCriteriaId": "AFA0436A-8294-44B4-B7D1-62A73BE4DFAC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gallery_project:gallery:1.4.4_pl3:*:*:*:*:*:*:*",
"matchCriteriaId": "A9125286-5A7D-4A1B-B5C4-888581B9798C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gallery_project:gallery:1.4.4_pl4:*:*:*:*:*:*:*",
"matchCriteriaId": "54143C9E-0EB0-4137-A01A-3E8C8A7412F0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gallery_project:gallery:1.4.4_pl5:*:*:*:*:*:*:*",
"matchCriteriaId": "89382A13-8E5D-44DC-8D6B-8FD8DCAFE525",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gallery_project:gallery:1.4_pl1:*:*:*:*:*:*:*",
"matchCriteriaId": "3C999044-00FE-4DE1-A235-F036FC9AE09A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gallery_project:gallery:1.4_pl2:*:*:*:*:*:*:*",
"matchCriteriaId": "36A59F6E-A44B-4949-8487-CB089BF1CE5B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gallery_project:gallery:1.5:*:*:*:*:*:*:*",
"matchCriteriaId": "8B6B3525-BD38-47CF-B60A-F392FABDA357",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gallery_project:gallery:1.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "BD453B4B-75B9-476D-B1A6-65AB8E09107E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gallery_project:gallery:1.5.1_rc2:*:*:*:*:*:*:*",
"matchCriteriaId": "1AFCAB08-BADA-4231-96E2-B73462A803D2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gallery_project:gallery:1.5.2:*:*:*:*:*:*:*",
"matchCriteriaId": "B284BCC5-0CA6-44EA-AD68-06B83461A283",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gallery_project:gallery:1.5.2_pl1:*:*:*:*:*:*:*",
"matchCriteriaId": "CCB27D28-BE95-4906-89D0-7BCDB4BB3FC0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gallery_project:gallery:1.5.2_pl2:*:*:*:*:*:*:*",
"matchCriteriaId": "81DEAB40-1BF9-4324-9B32-B56BC71DE050",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gallery_project:gallery:1.5.2_rc2:*:*:*:*:*:*:*",
"matchCriteriaId": "809BC19B-C814-4855-9E0B-387A4137369F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gallery_project:gallery:1.5.2_rc3:*:*:*:*:*:*:*",
"matchCriteriaId": "8BAF08F4-02CE-4A16-8595-EE6C7CA482B9",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in Gallery before 1.5.3 allows remote attackers to inject arbitrary web script or HTML via unknown attack vectors."
}
],
"id": "CVE-2006-1696",
"lastModified": "2025-04-03T01:03:51.193",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2006-04-11T10:02:00.000",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/19580"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://sourceforge.net/project/shownotes.php?release_id=408602\u0026group_id=7130"
},
{
"source": "cve@mitre.org",
"url": "http://www.osvdb.org/24466"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/17437"
},
{
"source": "cve@mitre.org",
"url": "http://www.vupen.com/english/advisories/2006/1285"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25707"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/19580"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://sourceforge.net/project/shownotes.php?release_id=408602\u0026group_id=7130"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.osvdb.org/24466"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/17437"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2006/1285"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25707"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2006-1219
Vulnerability from fkie_nvd - Published: 2006-03-14 02:02 - Updated: 2025-04-03 01:03
Severity ?
Summary
Directory traversal vulnerability in Gallery 2.0.3 and earlier, and 2.1 before RC-2a, allows remote attackers to include arbitrary PHP files via ".." (dot dot) sequences in the stepOrder parameter to (1) upgrade/index.php or (2) install/index.php.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| gallery_project | gallery | 2.0 | |
| gallery_project | gallery | 2.0.1 | |
| gallery_project | gallery | 2.0.2 | |
| gallery_project | gallery | 2.0.3 | |
| gallery_project | gallery | 2.0_alpha | |
| gallery_project | gallery | 2.0_alpha1 | |
| gallery_project | gallery | 2.0_alpha2 | |
| gallery_project | gallery | 2.0_alpha3 | |
| gallery_project | gallery | 2.0_alpha4 | |
| gallery_project | gallery | 2.0_beta1 | |
| gallery_project | gallery | 2.0_beta2 | |
| gallery_project | gallery | 2.0_beta3 | |
| gallery_project | gallery | 2.1_rc1 | |
| gallery_project | gallery | 2.1_rc2 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:gallery_project:gallery:2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "630262DD-0577-4655-B558-3819019A6F2D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gallery_project:gallery:2.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "7DBC419B-13A6-4343-8123-85D47107D5A5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gallery_project:gallery:2.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "68C31C2E-4437-44AB-A464-5D79D907BB34",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gallery_project:gallery:2.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "BAE96617-7CEA-4BA5-A6E2-4A8F0A5215AA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gallery_project:gallery:2.0_alpha:*:*:*:*:*:*:*",
"matchCriteriaId": "CC2A43A4-F48B-4780-9F4C-1006F8963FFC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gallery_project:gallery:2.0_alpha1:*:*:*:*:*:*:*",
"matchCriteriaId": "54931180-0CCA-46B2-B139-EDC35FD7D87A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gallery_project:gallery:2.0_alpha2:*:*:*:*:*:*:*",
"matchCriteriaId": "831E6EDF-1466-4EE1-8987-6580DC80712D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gallery_project:gallery:2.0_alpha3:*:*:*:*:*:*:*",
"matchCriteriaId": "D1DF8B06-63F6-49FE-B98C-4EDCD95A997E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gallery_project:gallery:2.0_alpha4:*:*:*:*:*:*:*",
"matchCriteriaId": "7BB5079E-8FEA-427F-8004-150AD4827C39",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gallery_project:gallery:2.0_beta1:*:*:*:*:*:*:*",
"matchCriteriaId": "3D75B75A-5016-4503-A1A9-0B5BFA439C47",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gallery_project:gallery:2.0_beta2:*:*:*:*:*:*:*",
"matchCriteriaId": "1B8620FD-82E4-4877-8C5A-A95D753FE9E2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gallery_project:gallery:2.0_beta3:*:*:*:*:*:*:*",
"matchCriteriaId": "CAC0225C-6E32-452B-A7E2-0CA91D9028C2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gallery_project:gallery:2.1_rc1:*:*:*:*:*:*:*",
"matchCriteriaId": "DED6C3A5-BA71-4D75-8FFA-ED8C72997A99",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gallery_project:gallery:2.1_rc2:*:*:*:*:*:*:*",
"matchCriteriaId": "66BEAEF5-9CBA-4583-9D4D-E47E1738B8A8",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Directory traversal vulnerability in Gallery 2.0.3 and earlier, and 2.1 before RC-2a, allows remote attackers to include arbitrary PHP files via \"..\" (dot dot) sequences in the stepOrder parameter to (1) upgrade/index.php or (2) install/index.php."
}
],
"id": "CVE-2006-1219",
"lastModified": "2025-04-03T01:03:51.193",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2006-03-14T02:02:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://gallery.menalto.com/2.0.4_and_2.1_rc_2a_update"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/19175"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/17051"
},
{
"source": "cve@mitre.org",
"url": "http://www.vupen.com/english/advisories/2006/0895"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25129"
},
{
"source": "cve@mitre.org",
"url": "https://www.exploit-db.com/exploits/1566"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://gallery.menalto.com/2.0.4_and_2.1_rc_2a_update"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/19175"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/17051"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2006/0895"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25129"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.exploit-db.com/exploits/1566"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2006-1126
Vulnerability from fkie_nvd - Published: 2006-03-09 22:02 - Updated: 2025-04-03 01:03
Severity ?
Summary
Gallery 2 up to 2.0.2 allows remote attackers to spoof their IP address via a modified X-Forwarded-For (X_FORWARDED_FOR) HTTP header, which is checked by Gallery before other more reliable sources of IP address information, such as REMOTE_ADDR.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| gallery_project | gallery | 2.0.2 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:gallery_project:gallery:2.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "68C31C2E-4437-44AB-A464-5D79D907BB34",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Gallery 2 up to 2.0.2 allows remote attackers to spoof their IP address via a modified X-Forwarded-For (X_FORWARDED_FOR) HTTP header, which is checked by Gallery before other more reliable sources of IP address information, such as REMOTE_ADDR."
}
],
"id": "CVE-2006-1126",
"lastModified": "2025-04-03T01:03:51.193",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 6.4,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 4.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2006-03-09T22:02:00.000",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2006-02/0621.html"
},
{
"source": "cve@mitre.org",
"url": "http://gallery.menalto.com/gallery_2.0.3_released"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/19104"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://securitytracker.com/id?1015717"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://www.gulftech.org/?node=research\u0026article_id=00106-03022006"
},
{
"source": "cve@mitre.org",
"url": "http://www.vupen.com/english/advisories/2006/0813"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25120"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2006-02/0621.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://gallery.menalto.com/gallery_2.0.3_released"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/19104"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://securitytracker.com/id?1015717"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://www.gulftech.org/?node=research\u0026article_id=00106-03022006"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2006/0813"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25120"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2006-1127
Vulnerability from fkie_nvd - Published: 2006-03-09 22:02 - Updated: 2025-04-03 01:03
Severity ?
Summary
Cross-site scripting (XSS) vulnerability in Gallery 2 up to 2.0.2 allows remote attackers to inject arbitrary web script or HTML via the X-Forwarded-For (X_FORWARDED_FOR) HTTP header, which is not properly handled when adding a comment to an album.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| gallery_project | gallery | 2.0 | |
| gallery_project | gallery | 2.0.1 | |
| gallery_project | gallery | 2.0.2 | |
| gallery_project | gallery | 2.0_alpha | |
| gallery_project | gallery | 2.0_alpha1 | |
| gallery_project | gallery | 2.0_alpha2 | |
| gallery_project | gallery | 2.0_alpha3 | |
| gallery_project | gallery | 2.0_alpha4 | |
| gallery_project | gallery | 2.0_beta1 | |
| gallery_project | gallery | 2.0_beta2 | |
| gallery_project | gallery | 2.0_beta3 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:gallery_project:gallery:2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "630262DD-0577-4655-B558-3819019A6F2D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gallery_project:gallery:2.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "7DBC419B-13A6-4343-8123-85D47107D5A5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gallery_project:gallery:2.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "68C31C2E-4437-44AB-A464-5D79D907BB34",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gallery_project:gallery:2.0_alpha:*:*:*:*:*:*:*",
"matchCriteriaId": "CC2A43A4-F48B-4780-9F4C-1006F8963FFC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gallery_project:gallery:2.0_alpha1:*:*:*:*:*:*:*",
"matchCriteriaId": "54931180-0CCA-46B2-B139-EDC35FD7D87A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gallery_project:gallery:2.0_alpha2:*:*:*:*:*:*:*",
"matchCriteriaId": "831E6EDF-1466-4EE1-8987-6580DC80712D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gallery_project:gallery:2.0_alpha3:*:*:*:*:*:*:*",
"matchCriteriaId": "D1DF8B06-63F6-49FE-B98C-4EDCD95A997E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gallery_project:gallery:2.0_alpha4:*:*:*:*:*:*:*",
"matchCriteriaId": "7BB5079E-8FEA-427F-8004-150AD4827C39",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gallery_project:gallery:2.0_beta1:*:*:*:*:*:*:*",
"matchCriteriaId": "3D75B75A-5016-4503-A1A9-0B5BFA439C47",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gallery_project:gallery:2.0_beta2:*:*:*:*:*:*:*",
"matchCriteriaId": "1B8620FD-82E4-4877-8C5A-A95D753FE9E2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gallery_project:gallery:2.0_beta3:*:*:*:*:*:*:*",
"matchCriteriaId": "CAC0225C-6E32-452B-A7E2-0CA91D9028C2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in Gallery 2 up to 2.0.2 allows remote attackers to inject arbitrary web script or HTML via the X-Forwarded-For (X_FORWARDED_FOR) HTTP header, which is not properly handled when adding a comment to an album."
}
],
"id": "CVE-2006-1127",
"lastModified": "2025-04-03T01:03:51.193",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2006-03-09T22:02:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://archives.neohapsis.com/archives/bugtraq/2006-02/0621.html"
},
{
"source": "cve@mitre.org",
"url": "http://gallery.menalto.com/gallery_2.0.3_released"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/19104"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://securitytracker.com/id?1015717"
},
{
"source": "cve@mitre.org",
"url": "http://www.gulftech.org/?node=research\u0026article_id=00106-03022006"
},
{
"source": "cve@mitre.org",
"url": "http://www.osvdb.org/23596"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://www.securityfocus.com/bid/16940"
},
{
"source": "cve@mitre.org",
"url": "http://www.vupen.com/english/advisories/2006/0813"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25117"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://archives.neohapsis.com/archives/bugtraq/2006-02/0621.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://gallery.menalto.com/gallery_2.0.3_released"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/19104"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://securitytracker.com/id?1015717"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.gulftech.org/?node=research\u0026article_id=00106-03022006"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.osvdb.org/23596"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://www.securityfocus.com/bid/16940"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2006/0813"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25117"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2006-1128
Vulnerability from fkie_nvd - Published: 2006-03-09 22:02 - Updated: 2025-04-03 01:03
Severity ?
Summary
Directory traversal vulnerability in the session handling class (GallerySession.class) in Gallery 2 up to 2.0.2 allows remote attackers to access and delete files by specifying the session in a cookie, which is used in constructing file paths before the session value is sanitized.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| gallery_project | gallery | 2.0 | |
| gallery_project | gallery | 2.0.1 | |
| gallery_project | gallery | 2.0.2 | |
| gallery_project | gallery | 2.0_alpha | |
| gallery_project | gallery | 2.0_alpha1 | |
| gallery_project | gallery | 2.0_alpha2 | |
| gallery_project | gallery | 2.0_alpha3 | |
| gallery_project | gallery | 2.0_alpha4 | |
| gallery_project | gallery | 2.0_beta1 | |
| gallery_project | gallery | 2.0_beta2 | |
| gallery_project | gallery | 2.0_beta3 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:gallery_project:gallery:2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "630262DD-0577-4655-B558-3819019A6F2D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gallery_project:gallery:2.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "7DBC419B-13A6-4343-8123-85D47107D5A5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gallery_project:gallery:2.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "68C31C2E-4437-44AB-A464-5D79D907BB34",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gallery_project:gallery:2.0_alpha:*:*:*:*:*:*:*",
"matchCriteriaId": "CC2A43A4-F48B-4780-9F4C-1006F8963FFC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gallery_project:gallery:2.0_alpha1:*:*:*:*:*:*:*",
"matchCriteriaId": "54931180-0CCA-46B2-B139-EDC35FD7D87A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gallery_project:gallery:2.0_alpha2:*:*:*:*:*:*:*",
"matchCriteriaId": "831E6EDF-1466-4EE1-8987-6580DC80712D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gallery_project:gallery:2.0_alpha3:*:*:*:*:*:*:*",
"matchCriteriaId": "D1DF8B06-63F6-49FE-B98C-4EDCD95A997E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gallery_project:gallery:2.0_alpha4:*:*:*:*:*:*:*",
"matchCriteriaId": "7BB5079E-8FEA-427F-8004-150AD4827C39",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gallery_project:gallery:2.0_beta1:*:*:*:*:*:*:*",
"matchCriteriaId": "3D75B75A-5016-4503-A1A9-0B5BFA439C47",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gallery_project:gallery:2.0_beta2:*:*:*:*:*:*:*",
"matchCriteriaId": "1B8620FD-82E4-4877-8C5A-A95D753FE9E2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gallery_project:gallery:2.0_beta3:*:*:*:*:*:*:*",
"matchCriteriaId": "CAC0225C-6E32-452B-A7E2-0CA91D9028C2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Directory traversal vulnerability in the session handling class (GallerySession.class) in Gallery 2 up to 2.0.2 allows remote attackers to access and delete files by specifying the session in a cookie, which is used in constructing file paths before the session value is sanitized."
}
],
"id": "CVE-2006-1128",
"lastModified": "2025-04-03T01:03:51.193",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 6.4,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 4.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2006-03-09T22:02:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://archives.neohapsis.com/archives/bugtraq/2006-02/0621.html"
},
{
"source": "cve@mitre.org",
"url": "http://gallery.menalto.com/gallery_2.0.3_released"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/19104"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://securitytracker.com/id?1015717"
},
{
"source": "cve@mitre.org",
"url": "http://www.gulftech.org/?node=research\u0026article_id=00106-03022006"
},
{
"source": "cve@mitre.org",
"url": "http://www.osvdb.org/23597"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/16948"
},
{
"source": "cve@mitre.org",
"url": "http://www.vupen.com/english/advisories/2006/0813"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25118"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://archives.neohapsis.com/archives/bugtraq/2006-02/0621.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://gallery.menalto.com/gallery_2.0.3_released"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/19104"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://securitytracker.com/id?1015717"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.gulftech.org/?node=research\u0026article_id=00106-03022006"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.osvdb.org/23597"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/16948"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2006/0813"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25118"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2006-0587
Vulnerability from fkie_nvd - Published: 2006-02-08 01:02 - Updated: 2025-04-03 01:03
Severity ?
Summary
Unspecified vulnerability in util.php in Gallery before 1.5.2-pl2 allows remote authenticated users with trick an owner into modifying stored album data and possibly executing arbitrary code via unspecified vectors involving a crafted link to a crafted file.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| gallery_project | gallery | 1.3.4 | |
| gallery_project | gallery | 1.4 | |
| gallery_project | gallery | 1.4.1 | |
| gallery_project | gallery | 1.4.2 | |
| gallery_project | gallery | 1.4.3_pl1 | |
| gallery_project | gallery | 1.4.3_pl2 | |
| gallery_project | gallery | 1.4.4_pl2 | |
| gallery_project | gallery | 1.4.4_pl3 | |
| gallery_project | gallery | 1.4.4_pl4 | |
| gallery_project | gallery | 1.4.4_pl5 | |
| gallery_project | gallery | 1.4_pl1 | |
| gallery_project | gallery | 1.4_pl2 | |
| gallery_project | gallery | 1.5 | |
| gallery_project | gallery | 1.5.1 | |
| gallery_project | gallery | 1.5.1_rc2 | |
| gallery_project | gallery | 1.5.2_rc2 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:gallery_project:gallery:1.3.4:*:*:*:*:*:*:*",
"matchCriteriaId": "EF0D3AAC-9BB0-49E9-BD67-27A635DA34CB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gallery_project:gallery:1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "B821AEB0-7C0C-407E-9CCB-EEB16E1A2719",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gallery_project:gallery:1.4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "F517D6BA-9793-4A4D-BDC6-2F5349F0B354",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gallery_project:gallery:1.4.2:*:*:*:*:*:*:*",
"matchCriteriaId": "E876B0F6-8363-43E0-8E00-E55B04A05F7F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gallery_project:gallery:1.4.3_pl1:*:*:*:*:*:*:*",
"matchCriteriaId": "4131E313-CB18-45D7-9F4C-096EB0337B7D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gallery_project:gallery:1.4.3_pl2:*:*:*:*:*:*:*",
"matchCriteriaId": "4A2D7CE2-1461-4D01-A4B1-9E6F7A68FB2F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gallery_project:gallery:1.4.4_pl2:*:*:*:*:*:*:*",
"matchCriteriaId": "AFA0436A-8294-44B4-B7D1-62A73BE4DFAC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gallery_project:gallery:1.4.4_pl3:*:*:*:*:*:*:*",
"matchCriteriaId": "A9125286-5A7D-4A1B-B5C4-888581B9798C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gallery_project:gallery:1.4.4_pl4:*:*:*:*:*:*:*",
"matchCriteriaId": "54143C9E-0EB0-4137-A01A-3E8C8A7412F0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gallery_project:gallery:1.4.4_pl5:*:*:*:*:*:*:*",
"matchCriteriaId": "89382A13-8E5D-44DC-8D6B-8FD8DCAFE525",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gallery_project:gallery:1.4_pl1:*:*:*:*:*:*:*",
"matchCriteriaId": "3C999044-00FE-4DE1-A235-F036FC9AE09A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gallery_project:gallery:1.4_pl2:*:*:*:*:*:*:*",
"matchCriteriaId": "36A59F6E-A44B-4949-8487-CB089BF1CE5B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gallery_project:gallery:1.5:*:*:*:*:*:*:*",
"matchCriteriaId": "8B6B3525-BD38-47CF-B60A-F392FABDA357",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gallery_project:gallery:1.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "BD453B4B-75B9-476D-B1A6-65AB8E09107E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gallery_project:gallery:1.5.1_rc2:*:*:*:*:*:*:*",
"matchCriteriaId": "1AFCAB08-BADA-4231-96E2-B73462A803D2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gallery_project:gallery:1.5.2_rc2:*:*:*:*:*:*:*",
"matchCriteriaId": "809BC19B-C814-4855-9E0B-387A4137369F",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Unspecified vulnerability in util.php in Gallery before 1.5.2-pl2 allows remote authenticated users with trick an owner into modifying stored album data and possibly executing arbitrary code via unspecified vectors involving a crafted link to a crafted file."
},
{
"lang": "es",
"value": "Vulnerabilidad no especificada en util.php de Gallery anteriores a 1.5.2-pl12 permite a usuarios remotos autenticados enga\u00f1ar a un propietario para modificar datos de \u00e1lbumes almacenados y posiblemente ejecutar c\u00f3digo de su elecci\u00f3n mediante vectores no especificados que conllevan un enlace artesanal a un fichero artesanal.\r\n"
}
],
"id": "CVE-2006-0587",
"lastModified": "2025-04-03T01:03:51.193",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": true,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2006-02-08T01:02:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://archives.neohapsis.com/archives/bugtraq/2006-02/0224.html"
},
{
"source": "cve@mitre.org",
"url": "http://archives.neohapsis.com/archives/bugtraq/2006-02/0286.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://gallery.menalto.com/gallery_1_5_2_pl2_security_release"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/18735"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://securitytracker.com/id?1015641"
},
{
"source": "cve@mitre.org",
"tags": [
"URL Repurposed"
],
"url": "http://www.digitalarmaments.com/2006140293402395.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://www.osvdb.org/22944"
},
{
"source": "cve@mitre.org",
"url": "http://www.osvdb.org/23256"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://www.securityfocus.com/bid/16533"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24538"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24768"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://archives.neohapsis.com/archives/bugtraq/2006-02/0224.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://archives.neohapsis.com/archives/bugtraq/2006-02/0286.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://gallery.menalto.com/gallery_1_5_2_pl2_security_release"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/18735"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://securitytracker.com/id?1015641"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"URL Repurposed"
],
"url": "http://www.digitalarmaments.com/2006140293402395.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://www.osvdb.org/22944"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.osvdb.org/23256"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://www.securityfocus.com/bid/16533"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24538"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24768"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2006-0330
Vulnerability from fkie_nvd - Published: 2006-01-21 00:03 - Updated: 2025-04-03 01:03
Severity ?
Summary
Cross-site scripting (XSS) vulnerability in Gallery before 1.5.2 allows remote attackers to inject arbitrary web script or HTML via unknown attack vectors, possibly involving the user name (fullname).
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| gallery_project | gallery | 1.3.4 | |
| gallery_project | gallery | 1.4 | |
| gallery_project | gallery | 1.4.1 | |
| gallery_project | gallery | 1.4.2 | |
| gallery_project | gallery | 1.4.3_pl1 | |
| gallery_project | gallery | 1.4.3_pl2 | |
| gallery_project | gallery | 1.4.4_pl2 | |
| gallery_project | gallery | 1.4.4_pl3 | |
| gallery_project | gallery | 1.4.4_pl4 | |
| gallery_project | gallery | 1.4.4_pl5 | |
| gallery_project | gallery | 1.4_pl1 | |
| gallery_project | gallery | 1.4_pl2 | |
| gallery_project | gallery | 1.5 | |
| gallery_project | gallery | 1.5.1 | |
| gallery_project | gallery | 1.5.1_rc2 | |
| gallery_project | gallery | 1.5.2_rc2 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:gallery_project:gallery:1.3.4:*:*:*:*:*:*:*",
"matchCriteriaId": "EF0D3AAC-9BB0-49E9-BD67-27A635DA34CB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gallery_project:gallery:1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "B821AEB0-7C0C-407E-9CCB-EEB16E1A2719",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gallery_project:gallery:1.4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "F517D6BA-9793-4A4D-BDC6-2F5349F0B354",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gallery_project:gallery:1.4.2:*:*:*:*:*:*:*",
"matchCriteriaId": "E876B0F6-8363-43E0-8E00-E55B04A05F7F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gallery_project:gallery:1.4.3_pl1:*:*:*:*:*:*:*",
"matchCriteriaId": "4131E313-CB18-45D7-9F4C-096EB0337B7D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gallery_project:gallery:1.4.3_pl2:*:*:*:*:*:*:*",
"matchCriteriaId": "4A2D7CE2-1461-4D01-A4B1-9E6F7A68FB2F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gallery_project:gallery:1.4.4_pl2:*:*:*:*:*:*:*",
"matchCriteriaId": "AFA0436A-8294-44B4-B7D1-62A73BE4DFAC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gallery_project:gallery:1.4.4_pl3:*:*:*:*:*:*:*",
"matchCriteriaId": "A9125286-5A7D-4A1B-B5C4-888581B9798C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gallery_project:gallery:1.4.4_pl4:*:*:*:*:*:*:*",
"matchCriteriaId": "54143C9E-0EB0-4137-A01A-3E8C8A7412F0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gallery_project:gallery:1.4.4_pl5:*:*:*:*:*:*:*",
"matchCriteriaId": "89382A13-8E5D-44DC-8D6B-8FD8DCAFE525",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gallery_project:gallery:1.4_pl1:*:*:*:*:*:*:*",
"matchCriteriaId": "3C999044-00FE-4DE1-A235-F036FC9AE09A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gallery_project:gallery:1.4_pl2:*:*:*:*:*:*:*",
"matchCriteriaId": "36A59F6E-A44B-4949-8487-CB089BF1CE5B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gallery_project:gallery:1.5:*:*:*:*:*:*:*",
"matchCriteriaId": "8B6B3525-BD38-47CF-B60A-F392FABDA357",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gallery_project:gallery:1.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "BD453B4B-75B9-476D-B1A6-65AB8E09107E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gallery_project:gallery:1.5.1_rc2:*:*:*:*:*:*:*",
"matchCriteriaId": "1AFCAB08-BADA-4231-96E2-B73462A803D2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gallery_project:gallery:1.5.2_rc2:*:*:*:*:*:*:*",
"matchCriteriaId": "809BC19B-C814-4855-9E0B-387A4137369F",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in Gallery before 1.5.2 allows remote attackers to inject arbitrary web script or HTML via unknown attack vectors, possibly involving the user name (fullname)."
}
],
"id": "CVE-2006-0330",
"lastModified": "2025-04-03T01:03:51.193",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2006-01-21T00:03:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=325285"
},
{
"source": "cve@mitre.org",
"url": "http://gallery.menalto.com/page/gallery_1_5_2_release"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/18557"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/18627"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/21502"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.gentoo.org/security/en/glsa/glsa-200601-13.xml"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://www.osvdb.org/22660"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://www.securityfocus.com/bid/16334"
},
{
"source": "cve@mitre.org",
"url": "http://www.us.debian.org/security/2006/dsa-1148"
},
{
"source": "cve@mitre.org",
"url": "http://www.vupen.com/english/advisories/2006/0282"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24247"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=325285"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://gallery.menalto.com/page/gallery_1_5_2_release"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/18557"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/18627"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/21502"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.gentoo.org/security/en/glsa/glsa-200601-13.xml"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://www.osvdb.org/22660"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://www.securityfocus.com/bid/16334"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.us.debian.org/security/2006/dsa-1148"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2006/0282"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24247"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2005-4023
Vulnerability from fkie_nvd - Published: 2005-12-05 11:03 - Updated: 2025-04-03 01:03
Severity ?
Summary
Unspecified vulnerability in the zipcart module in Gallery 2.0 before 2.0.2 allows remote attackers to read arbitrary files via unknown vectors.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| gallery_project | gallery | 2.0 | |
| gallery_project | gallery | 2.0.1 | |
| gallery_project | gallery | 2.0_alpha3 | |
| gallery_project | gallery | 2.0_alpha4 | |
| gallery_project | gallery | 2.0_beta1 | |
| gallery_project | gallery | 2.0_beta2 | |
| gallery_project | gallery | 2.0_beta3 | |
| gallery_project | gallery | 2.0_rc1 | |
| gallery_project | gallery | 2.0_rc2 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:gallery_project:gallery:2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "630262DD-0577-4655-B558-3819019A6F2D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gallery_project:gallery:2.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "7DBC419B-13A6-4343-8123-85D47107D5A5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gallery_project:gallery:2.0_alpha3:*:*:*:*:*:*:*",
"matchCriteriaId": "D1DF8B06-63F6-49FE-B98C-4EDCD95A997E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gallery_project:gallery:2.0_alpha4:*:*:*:*:*:*:*",
"matchCriteriaId": "7BB5079E-8FEA-427F-8004-150AD4827C39",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gallery_project:gallery:2.0_beta1:*:*:*:*:*:*:*",
"matchCriteriaId": "3D75B75A-5016-4503-A1A9-0B5BFA439C47",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gallery_project:gallery:2.0_beta2:*:*:*:*:*:*:*",
"matchCriteriaId": "1B8620FD-82E4-4877-8C5A-A95D753FE9E2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gallery_project:gallery:2.0_beta3:*:*:*:*:*:*:*",
"matchCriteriaId": "CAC0225C-6E32-452B-A7E2-0CA91D9028C2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gallery_project:gallery:2.0_rc1:*:*:*:*:*:*:*",
"matchCriteriaId": "4491A005-0DAA-41FA-B29D-F6C7466E4C78",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gallery_project:gallery:2.0_rc2:*:*:*:*:*:*:*",
"matchCriteriaId": "3152FFB5-5EE1-4809-8A06-F98ACFE3EA65",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Unspecified vulnerability in the zipcart module in Gallery 2.0 before 2.0.2 allows remote attackers to read arbitrary files via unknown vectors."
}
],
"id": "CVE-2005-4023",
"lastModified": "2025-04-03T01:03:51.193",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2005-12-05T11:03:00.000",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/17747"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/418200/100/0/threaded"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/15614"
},
{
"source": "cve@mitre.org",
"url": "http://www.vupen.com/english/advisories/2005/2681"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/17747"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/418200/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/15614"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2005/2681"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2005-4021
Vulnerability from fkie_nvd - Published: 2005-12-05 11:03 - Updated: 2025-04-03 01:03
Severity ?
Summary
The installer for Gallery 2.0 before 2.0.2 stores the install log under the web document root with insufficient access control, which allows remote attackers to obtain sensitive information.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| gallery_project | gallery | 2.0 | |
| gallery_project | gallery | 2.0.1 | |
| gallery_project | gallery | 2.0_alpha1 | |
| gallery_project | gallery | 2.0_alpha2 | |
| gallery_project | gallery | 2.0_alpha3 | |
| gallery_project | gallery | 2.0_alpha4 | |
| gallery_project | gallery | 2.0_beta1 | |
| gallery_project | gallery | 2.0_beta2 | |
| gallery_project | gallery | 2.0_beta3 | |
| gallery_project | gallery | 2.0_rc1 | |
| gallery_project | gallery | 2.0_rc2 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:gallery_project:gallery:2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "630262DD-0577-4655-B558-3819019A6F2D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gallery_project:gallery:2.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "7DBC419B-13A6-4343-8123-85D47107D5A5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gallery_project:gallery:2.0_alpha1:*:*:*:*:*:*:*",
"matchCriteriaId": "54931180-0CCA-46B2-B139-EDC35FD7D87A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gallery_project:gallery:2.0_alpha2:*:*:*:*:*:*:*",
"matchCriteriaId": "831E6EDF-1466-4EE1-8987-6580DC80712D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gallery_project:gallery:2.0_alpha3:*:*:*:*:*:*:*",
"matchCriteriaId": "D1DF8B06-63F6-49FE-B98C-4EDCD95A997E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gallery_project:gallery:2.0_alpha4:*:*:*:*:*:*:*",
"matchCriteriaId": "7BB5079E-8FEA-427F-8004-150AD4827C39",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gallery_project:gallery:2.0_beta1:*:*:*:*:*:*:*",
"matchCriteriaId": "3D75B75A-5016-4503-A1A9-0B5BFA439C47",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gallery_project:gallery:2.0_beta2:*:*:*:*:*:*:*",
"matchCriteriaId": "1B8620FD-82E4-4877-8C5A-A95D753FE9E2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gallery_project:gallery:2.0_beta3:*:*:*:*:*:*:*",
"matchCriteriaId": "CAC0225C-6E32-452B-A7E2-0CA91D9028C2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gallery_project:gallery:2.0_rc1:*:*:*:*:*:*:*",
"matchCriteriaId": "4491A005-0DAA-41FA-B29D-F6C7466E4C78",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gallery_project:gallery:2.0_rc2:*:*:*:*:*:*:*",
"matchCriteriaId": "3152FFB5-5EE1-4809-8A06-F98ACFE3EA65",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The installer for Gallery 2.0 before 2.0.2 stores the install log under the web document root with insufficient access control, which allows remote attackers to obtain sensitive information."
}
],
"id": "CVE-2005-4021",
"lastModified": "2025-04-03T01:03:51.193",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2005-12-05T11:03:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/418200/100/0/threaded"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/15614"
},
{
"source": "cve@mitre.org",
"url": "http://www.vupen.com/english/advisories/2005/2681"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/418200/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/15614"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2005/2681"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
CVE-2012-4919 (GCVE-0-2012-4919)
Vulnerability from cvelistv5 – Published: 2020-01-22 18:03 – Updated: 2024-08-06 20:50
VLAI?
Summary
Gallery Plugin1.4 for WordPress has a Remote File Include Vulnerability
Severity ?
No CVSS data available.
CWE
- Remote File Include
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Gallery Plugin authors | Gallery |
Affected:
1.4
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T20:50:18.008Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/57650"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/81713"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Gallery",
"vendor": "Gallery Plugin authors",
"versions": [
{
"status": "affected",
"version": "1.4"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Gallery Plugin1.4 for WordPress has a Remote File Include Vulnerability"
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Remote File Include",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-01-22T18:03:01",
"orgId": "44d08088-2bea-4760-83a6-1e9be26b15ab",
"shortName": "flexera"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.securityfocus.com/bid/57650"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/81713"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "PSIRT-CNA@flexerasoftware.com",
"ID": "CVE-2012-4919",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Gallery",
"version": {
"version_data": [
{
"version_value": "1.4"
}
]
}
}
]
},
"vendor_name": "Gallery Plugin authors"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Gallery Plugin1.4 for WordPress has a Remote File Include Vulnerability"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Remote File Include"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.securityfocus.com/bid/57650",
"refsource": "MISC",
"url": "http://www.securityfocus.com/bid/57650"
},
{
"name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/81713",
"refsource": "MISC",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/81713"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "44d08088-2bea-4760-83a6-1e9be26b15ab",
"assignerShortName": "flexera",
"cveId": "CVE-2012-4919",
"datePublished": "2020-01-22T18:03:01",
"dateReserved": "2012-09-14T00:00:00",
"dateUpdated": "2024-08-06T20:50:18.008Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2006-4030 (GCVE-0-2006-4030)
Vulnerability from cvelistv5 – Published: 2006-08-16 21:00 – Updated: 2024-08-07 18:57
VLAI?
Summary
Unspecified vulnerability in the stats module in Gallery 1.5.1-RC2 and earlier allows remote attackers to obtain sensitive information via unspecified attack vectors, related to "two file exposure bugs."
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T18:57:46.174Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "19453",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/19453"
},
{
"name": "21502",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/21502"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=325285"
},
{
"name": "ADV-2006-3250",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2006/3250"
},
{
"name": "DSA-1148",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2006/dsa-1148"
},
{
"name": "16594",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/16594"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2006-08-09T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Unspecified vulnerability in the stats module in Gallery 1.5.1-RC2 and earlier allows remote attackers to obtain sensitive information via unspecified attack vectors, related to \"two file exposure bugs.\""
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2006-09-07T09:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "19453",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/19453"
},
{
"name": "21502",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/21502"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=325285"
},
{
"name": "ADV-2006-3250",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2006/3250"
},
{
"name": "DSA-1148",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2006/dsa-1148"
},
{
"name": "16594",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/16594"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-4030",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unspecified vulnerability in the stats module in Gallery 1.5.1-RC2 and earlier allows remote attackers to obtain sensitive information via unspecified attack vectors, related to \"two file exposure bugs.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "19453",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/19453"
},
{
"name": "21502",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/21502"
},
{
"name": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=325285",
"refsource": "MISC",
"url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=325285"
},
{
"name": "ADV-2006-3250",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/3250"
},
{
"name": "DSA-1148",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2006/dsa-1148"
},
{
"name": "16594",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/16594"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2006-4030",
"datePublished": "2006-08-16T21:00:00",
"dateReserved": "2006-08-09T00:00:00",
"dateUpdated": "2024-08-07T18:57:46.174Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2006-1696 (GCVE-0-2006-1696)
Vulnerability from cvelistv5 – Published: 2006-04-11 10:00 – Updated: 2024-08-07 17:19
VLAI?
Summary
Cross-site scripting (XSS) vulnerability in Gallery before 1.5.3 allows remote attackers to inject arbitrary web script or HTML via unknown attack vectors.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T17:19:49.449Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "17437",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/17437"
},
{
"name": "24466",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/24466"
},
{
"name": "gallery-unspecified-xss(25707)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25707"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://sourceforge.net/project/shownotes.php?release_id=408602\u0026group_id=7130"
},
{
"name": "ADV-2006-1285",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2006/1285"
},
{
"name": "19580",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/19580"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2006-04-06T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in Gallery before 1.5.3 allows remote attackers to inject arbitrary web script or HTML via unknown attack vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-19T15:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "17437",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/17437"
},
{
"name": "24466",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/24466"
},
{
"name": "gallery-unspecified-xss(25707)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25707"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://sourceforge.net/project/shownotes.php?release_id=408602\u0026group_id=7130"
},
{
"name": "ADV-2006-1285",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2006/1285"
},
{
"name": "19580",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/19580"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-1696",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in Gallery before 1.5.3 allows remote attackers to inject arbitrary web script or HTML via unknown attack vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "17437",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/17437"
},
{
"name": "24466",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/24466"
},
{
"name": "gallery-unspecified-xss(25707)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25707"
},
{
"name": "http://sourceforge.net/project/shownotes.php?release_id=408602\u0026group_id=7130",
"refsource": "CONFIRM",
"url": "http://sourceforge.net/project/shownotes.php?release_id=408602\u0026group_id=7130"
},
{
"name": "ADV-2006-1285",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/1285"
},
{
"name": "19580",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/19580"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2006-1696",
"datePublished": "2006-04-11T10:00:00",
"dateReserved": "2006-04-10T00:00:00",
"dateUpdated": "2024-08-07T17:19:49.449Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2006-1219 (GCVE-0-2006-1219)
Vulnerability from cvelistv5 – Published: 2006-03-14 02:00 – Updated: 2024-08-07 17:03
VLAI?
Summary
Directory traversal vulnerability in Gallery 2.0.3 and earlier, and 2.1 before RC-2a, allows remote attackers to include arbitrary PHP files via ".." (dot dot) sequences in the stepOrder parameter to (1) upgrade/index.php or (2) install/index.php.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T17:03:28.584Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "ADV-2006-0895",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2006/0895"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://gallery.menalto.com/2.0.4_and_2.1_rc_2a_update"
},
{
"name": "gallery-multiple-index-file-include(25129)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25129"
},
{
"name": "1566",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "https://www.exploit-db.com/exploits/1566"
},
{
"name": "17051",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/17051"
},
{
"name": "19175",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/19175"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2006-03-09T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Directory traversal vulnerability in Gallery 2.0.3 and earlier, and 2.1 before RC-2a, allows remote attackers to include arbitrary PHP files via \"..\" (dot dot) sequences in the stepOrder parameter to (1) upgrade/index.php or (2) install/index.php."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-10-18T16:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "ADV-2006-0895",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2006/0895"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://gallery.menalto.com/2.0.4_and_2.1_rc_2a_update"
},
{
"name": "gallery-multiple-index-file-include(25129)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25129"
},
{
"name": "1566",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "https://www.exploit-db.com/exploits/1566"
},
{
"name": "17051",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/17051"
},
{
"name": "19175",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/19175"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-1219",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Directory traversal vulnerability in Gallery 2.0.3 and earlier, and 2.1 before RC-2a, allows remote attackers to include arbitrary PHP files via \"..\" (dot dot) sequences in the stepOrder parameter to (1) upgrade/index.php or (2) install/index.php."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "ADV-2006-0895",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/0895"
},
{
"name": "http://gallery.menalto.com/2.0.4_and_2.1_rc_2a_update",
"refsource": "CONFIRM",
"url": "http://gallery.menalto.com/2.0.4_and_2.1_rc_2a_update"
},
{
"name": "gallery-multiple-index-file-include(25129)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25129"
},
{
"name": "1566",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/1566"
},
{
"name": "17051",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/17051"
},
{
"name": "19175",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/19175"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2006-1219",
"datePublished": "2006-03-14T02:00:00",
"dateReserved": "2006-03-14T00:00:00",
"dateUpdated": "2024-08-07T17:03:28.584Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2006-1126 (GCVE-0-2006-1126)
Vulnerability from cvelistv5 – Published: 2006-03-09 22:00 – Updated: 2024-08-07 17:03
VLAI?
Summary
Gallery 2 up to 2.0.2 allows remote attackers to spoof their IP address via a modified X-Forwarded-For (X_FORWARDED_FOR) HTTP header, which is checked by Gallery before other more reliable sources of IP address information, such as REMOTE_ADDR.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T17:03:26.962Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.gulftech.org/?node=research\u0026article_id=00106-03022006"
},
{
"name": "gallery-header-spoofing(25120)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25120"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://gallery.menalto.com/gallery_2.0.3_released"
},
{
"name": "ADV-2006-0813",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2006/0813"
},
{
"name": "20060303 Gallery 2 Multiple Vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2006-02/0621.html"
},
{
"name": "19104",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/19104"
},
{
"name": "1015717",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1015717"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2006-03-02T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Gallery 2 up to 2.0.2 allows remote attackers to spoof their IP address via a modified X-Forwarded-For (X_FORWARDED_FOR) HTTP header, which is checked by Gallery before other more reliable sources of IP address information, such as REMOTE_ADDR."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-19T15:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.gulftech.org/?node=research\u0026article_id=00106-03022006"
},
{
"name": "gallery-header-spoofing(25120)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25120"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://gallery.menalto.com/gallery_2.0.3_released"
},
{
"name": "ADV-2006-0813",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2006/0813"
},
{
"name": "20060303 Gallery 2 Multiple Vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2006-02/0621.html"
},
{
"name": "19104",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/19104"
},
{
"name": "1015717",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1015717"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-1126",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Gallery 2 up to 2.0.2 allows remote attackers to spoof their IP address via a modified X-Forwarded-For (X_FORWARDED_FOR) HTTP header, which is checked by Gallery before other more reliable sources of IP address information, such as REMOTE_ADDR."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.gulftech.org/?node=research\u0026article_id=00106-03022006",
"refsource": "MISC",
"url": "http://www.gulftech.org/?node=research\u0026article_id=00106-03022006"
},
{
"name": "gallery-header-spoofing(25120)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25120"
},
{
"name": "http://gallery.menalto.com/gallery_2.0.3_released",
"refsource": "CONFIRM",
"url": "http://gallery.menalto.com/gallery_2.0.3_released"
},
{
"name": "ADV-2006-0813",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/0813"
},
{
"name": "20060303 Gallery 2 Multiple Vulnerabilities",
"refsource": "BUGTRAQ",
"url": "http://archives.neohapsis.com/archives/bugtraq/2006-02/0621.html"
},
{
"name": "19104",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/19104"
},
{
"name": "1015717",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1015717"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2006-1126",
"datePublished": "2006-03-09T22:00:00",
"dateReserved": "2006-03-09T00:00:00",
"dateUpdated": "2024-08-07T17:03:26.962Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2006-1127 (GCVE-0-2006-1127)
Vulnerability from cvelistv5 – Published: 2006-03-09 22:00 – Updated: 2024-08-07 17:03
VLAI?
Summary
Cross-site scripting (XSS) vulnerability in Gallery 2 up to 2.0.2 allows remote attackers to inject arbitrary web script or HTML via the X-Forwarded-For (X_FORWARDED_FOR) HTTP header, which is not properly handled when adding a comment to an album.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T17:03:26.961Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "16940",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/16940"
},
{
"name": "23596",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/23596"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.gulftech.org/?node=research\u0026article_id=00106-03022006"
},
{
"name": "gallery-getremotehostaddress-xss(25117)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25117"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://gallery.menalto.com/gallery_2.0.3_released"
},
{
"name": "ADV-2006-0813",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2006/0813"
},
{
"name": "20060303 Gallery 2 Multiple Vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2006-02/0621.html"
},
{
"name": "19104",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/19104"
},
{
"name": "1015717",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1015717"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2006-03-02T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in Gallery 2 up to 2.0.2 allows remote attackers to inject arbitrary web script or HTML via the X-Forwarded-For (X_FORWARDED_FOR) HTTP header, which is not properly handled when adding a comment to an album."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-19T15:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "16940",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/16940"
},
{
"name": "23596",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/23596"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.gulftech.org/?node=research\u0026article_id=00106-03022006"
},
{
"name": "gallery-getremotehostaddress-xss(25117)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25117"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://gallery.menalto.com/gallery_2.0.3_released"
},
{
"name": "ADV-2006-0813",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2006/0813"
},
{
"name": "20060303 Gallery 2 Multiple Vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2006-02/0621.html"
},
{
"name": "19104",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/19104"
},
{
"name": "1015717",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1015717"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-1127",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in Gallery 2 up to 2.0.2 allows remote attackers to inject arbitrary web script or HTML via the X-Forwarded-For (X_FORWARDED_FOR) HTTP header, which is not properly handled when adding a comment to an album."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "16940",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/16940"
},
{
"name": "23596",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/23596"
},
{
"name": "http://www.gulftech.org/?node=research\u0026article_id=00106-03022006",
"refsource": "MISC",
"url": "http://www.gulftech.org/?node=research\u0026article_id=00106-03022006"
},
{
"name": "gallery-getremotehostaddress-xss(25117)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25117"
},
{
"name": "http://gallery.menalto.com/gallery_2.0.3_released",
"refsource": "CONFIRM",
"url": "http://gallery.menalto.com/gallery_2.0.3_released"
},
{
"name": "ADV-2006-0813",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/0813"
},
{
"name": "20060303 Gallery 2 Multiple Vulnerabilities",
"refsource": "BUGTRAQ",
"url": "http://archives.neohapsis.com/archives/bugtraq/2006-02/0621.html"
},
{
"name": "19104",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/19104"
},
{
"name": "1015717",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1015717"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2006-1127",
"datePublished": "2006-03-09T22:00:00",
"dateReserved": "2006-03-09T00:00:00",
"dateUpdated": "2024-08-07T17:03:26.961Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2006-1128 (GCVE-0-2006-1128)
Vulnerability from cvelistv5 – Published: 2006-03-09 22:00 – Updated: 2024-08-07 17:03
VLAI?
Summary
Directory traversal vulnerability in the session handling class (GallerySession.class) in Gallery 2 up to 2.0.2 allows remote attackers to access and delete files by specifying the session in a cookie, which is used in constructing file paths before the session value is sanitized.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T17:03:26.943Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "gallery-sessionid-bypass-security(25118)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25118"
},
{
"name": "23597",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/23597"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.gulftech.org/?node=research\u0026article_id=00106-03022006"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://gallery.menalto.com/gallery_2.0.3_released"
},
{
"name": "16948",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/16948"
},
{
"name": "ADV-2006-0813",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2006/0813"
},
{
"name": "20060303 Gallery 2 Multiple Vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2006-02/0621.html"
},
{
"name": "19104",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/19104"
},
{
"name": "1015717",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1015717"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2006-03-02T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Directory traversal vulnerability in the session handling class (GallerySession.class) in Gallery 2 up to 2.0.2 allows remote attackers to access and delete files by specifying the session in a cookie, which is used in constructing file paths before the session value is sanitized."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-19T15:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "gallery-sessionid-bypass-security(25118)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25118"
},
{
"name": "23597",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/23597"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.gulftech.org/?node=research\u0026article_id=00106-03022006"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://gallery.menalto.com/gallery_2.0.3_released"
},
{
"name": "16948",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/16948"
},
{
"name": "ADV-2006-0813",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2006/0813"
},
{
"name": "20060303 Gallery 2 Multiple Vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2006-02/0621.html"
},
{
"name": "19104",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/19104"
},
{
"name": "1015717",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1015717"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-1128",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Directory traversal vulnerability in the session handling class (GallerySession.class) in Gallery 2 up to 2.0.2 allows remote attackers to access and delete files by specifying the session in a cookie, which is used in constructing file paths before the session value is sanitized."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "gallery-sessionid-bypass-security(25118)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25118"
},
{
"name": "23597",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/23597"
},
{
"name": "http://www.gulftech.org/?node=research\u0026article_id=00106-03022006",
"refsource": "MISC",
"url": "http://www.gulftech.org/?node=research\u0026article_id=00106-03022006"
},
{
"name": "http://gallery.menalto.com/gallery_2.0.3_released",
"refsource": "CONFIRM",
"url": "http://gallery.menalto.com/gallery_2.0.3_released"
},
{
"name": "16948",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/16948"
},
{
"name": "ADV-2006-0813",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/0813"
},
{
"name": "20060303 Gallery 2 Multiple Vulnerabilities",
"refsource": "BUGTRAQ",
"url": "http://archives.neohapsis.com/archives/bugtraq/2006-02/0621.html"
},
{
"name": "19104",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/19104"
},
{
"name": "1015717",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1015717"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2006-1128",
"datePublished": "2006-03-09T22:00:00",
"dateReserved": "2006-03-09T00:00:00",
"dateUpdated": "2024-08-07T17:03:26.943Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2006-0587 (GCVE-0-2006-0587)
Vulnerability from cvelistv5 – Published: 2006-02-08 01:00 – Updated: 2024-08-07 16:41
VLAI?
Summary
Unspecified vulnerability in util.php in Gallery before 1.5.2-pl2 allows remote authenticated users with trick an owner into modifying stored album data and possibly executing arbitrary code via unspecified vectors involving a crafted link to a crafted file.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T16:41:28.888Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "16533",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/16533"
},
{
"name": "1015641",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1015641"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.digitalarmaments.com/2006140293402395.html"
},
{
"name": "20060216 Re: Digital Armaments Security Advisory 02.14.2006: Gallery web-based photo gallery remote file execution",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2006-02/0286.html"
},
{
"name": "20060214 Digital Armaments Security Advisory 02.14.2006: Gallery web-based photo gallery remote file execution",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2006-02/0224.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://gallery.menalto.com/gallery_1_5_2_pl2_security_release"
},
{
"name": "22944",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/22944"
},
{
"name": "18735",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/18735"
},
{
"name": "23256",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/23256"
},
{
"name": "gallery-util-file-include(24768)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24768"
},
{
"name": "gallery-album-data-modification(24538)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24538"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2006-02-07T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Unspecified vulnerability in util.php in Gallery before 1.5.2-pl2 allows remote authenticated users with trick an owner into modifying stored album data and possibly executing arbitrary code via unspecified vectors involving a crafted link to a crafted file."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-19T15:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "16533",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/16533"
},
{
"name": "1015641",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1015641"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.digitalarmaments.com/2006140293402395.html"
},
{
"name": "20060216 Re: Digital Armaments Security Advisory 02.14.2006: Gallery web-based photo gallery remote file execution",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2006-02/0286.html"
},
{
"name": "20060214 Digital Armaments Security Advisory 02.14.2006: Gallery web-based photo gallery remote file execution",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2006-02/0224.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://gallery.menalto.com/gallery_1_5_2_pl2_security_release"
},
{
"name": "22944",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/22944"
},
{
"name": "18735",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/18735"
},
{
"name": "23256",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/23256"
},
{
"name": "gallery-util-file-include(24768)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24768"
},
{
"name": "gallery-album-data-modification(24538)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24538"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-0587",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unspecified vulnerability in util.php in Gallery before 1.5.2-pl2 allows remote authenticated users with trick an owner into modifying stored album data and possibly executing arbitrary code via unspecified vectors involving a crafted link to a crafted file."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "16533",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/16533"
},
{
"name": "1015641",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1015641"
},
{
"name": "http://www.digitalarmaments.com/2006140293402395.html",
"refsource": "MISC",
"url": "http://www.digitalarmaments.com/2006140293402395.html"
},
{
"name": "20060216 Re: Digital Armaments Security Advisory 02.14.2006: Gallery web-based photo gallery remote file execution",
"refsource": "BUGTRAQ",
"url": "http://archives.neohapsis.com/archives/bugtraq/2006-02/0286.html"
},
{
"name": "20060214 Digital Armaments Security Advisory 02.14.2006: Gallery web-based photo gallery remote file execution",
"refsource": "BUGTRAQ",
"url": "http://archives.neohapsis.com/archives/bugtraq/2006-02/0224.html"
},
{
"name": "http://gallery.menalto.com/gallery_1_5_2_pl2_security_release",
"refsource": "CONFIRM",
"url": "http://gallery.menalto.com/gallery_1_5_2_pl2_security_release"
},
{
"name": "22944",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/22944"
},
{
"name": "18735",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/18735"
},
{
"name": "23256",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/23256"
},
{
"name": "gallery-util-file-include(24768)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24768"
},
{
"name": "gallery-album-data-modification(24538)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24538"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2006-0587",
"datePublished": "2006-02-08T01:00:00",
"dateReserved": "2006-02-08T00:00:00",
"dateUpdated": "2024-08-07T16:41:28.888Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2006-0330 (GCVE-0-2006-0330)
Vulnerability from cvelistv5 – Published: 2006-01-21 00:00 – Updated: 2024-08-07 16:34
VLAI?
Summary
Cross-site scripting (XSS) vulnerability in Gallery before 1.5.2 allows remote attackers to inject arbitrary web script or HTML via unknown attack vectors, possibly involving the user name (fullname).
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T16:34:13.675Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "gallery-unknown-xss(24247)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24247"
},
{
"name": "21502",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/21502"
},
{
"name": "22660",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/22660"
},
{
"name": "DSA-1148",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.us.debian.org/security/2006/dsa-1148"
},
{
"name": "GLSA-200601-13",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "http://www.gentoo.org/security/en/glsa/glsa-200601-13.xml"
},
{
"name": "18557",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/18557"
},
{
"name": "16334",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/16334"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=325285"
},
{
"name": "18627",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/18627"
},
{
"name": "ADV-2006-0282",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2006/0282"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://gallery.menalto.com/page/gallery_1_5_2_release"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2006-01-20T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in Gallery before 1.5.2 allows remote attackers to inject arbitrary web script or HTML via unknown attack vectors, possibly involving the user name (fullname)."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-19T15:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "gallery-unknown-xss(24247)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24247"
},
{
"name": "21502",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/21502"
},
{
"name": "22660",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/22660"
},
{
"name": "DSA-1148",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.us.debian.org/security/2006/dsa-1148"
},
{
"name": "GLSA-200601-13",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "http://www.gentoo.org/security/en/glsa/glsa-200601-13.xml"
},
{
"name": "18557",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/18557"
},
{
"name": "16334",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/16334"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=325285"
},
{
"name": "18627",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/18627"
},
{
"name": "ADV-2006-0282",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2006/0282"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://gallery.menalto.com/page/gallery_1_5_2_release"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-0330",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in Gallery before 1.5.2 allows remote attackers to inject arbitrary web script or HTML via unknown attack vectors, possibly involving the user name (fullname)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "gallery-unknown-xss(24247)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24247"
},
{
"name": "21502",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/21502"
},
{
"name": "22660",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/22660"
},
{
"name": "DSA-1148",
"refsource": "DEBIAN",
"url": "http://www.us.debian.org/security/2006/dsa-1148"
},
{
"name": "GLSA-200601-13",
"refsource": "GENTOO",
"url": "http://www.gentoo.org/security/en/glsa/glsa-200601-13.xml"
},
{
"name": "18557",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/18557"
},
{
"name": "16334",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/16334"
},
{
"name": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=325285",
"refsource": "MISC",
"url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=325285"
},
{
"name": "18627",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/18627"
},
{
"name": "ADV-2006-0282",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/0282"
},
{
"name": "http://gallery.menalto.com/page/gallery_1_5_2_release",
"refsource": "CONFIRM",
"url": "http://gallery.menalto.com/page/gallery_1_5_2_release"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2006-0330",
"datePublished": "2006-01-21T00:00:00",
"dateReserved": "2006-01-20T00:00:00",
"dateUpdated": "2024-08-07T16:34:13.675Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2005-4021 (GCVE-0-2005-4021)
Vulnerability from cvelistv5 – Published: 2005-12-05 11:00 – Updated: 2024-08-07 23:31
VLAI?
Summary
The installer for Gallery 2.0 before 2.0.2 stores the install log under the web document root with insufficient access control, which allows remote attackers to obtain sensitive information.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T23:31:48.797Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "15614",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/15614"
},
{
"name": "20051130 Gallery 2.x Security Advisory",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/418200/100/0/threaded"
},
{
"name": "ADV-2005-2681",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2005/2681"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2005-11-30T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The installer for Gallery 2.0 before 2.0.2 stores the install log under the web document root with insufficient access control, which allows remote attackers to obtain sensitive information."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-19T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "15614",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/15614"
},
{
"name": "20051130 Gallery 2.x Security Advisory",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/418200/100/0/threaded"
},
{
"name": "ADV-2005-2681",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2005/2681"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-4021",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The installer for Gallery 2.0 before 2.0.2 stores the install log under the web document root with insufficient access control, which allows remote attackers to obtain sensitive information."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "15614",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/15614"
},
{
"name": "20051130 Gallery 2.x Security Advisory",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/418200/100/0/threaded"
},
{
"name": "ADV-2005-2681",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2005/2681"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2005-4021",
"datePublished": "2005-12-05T11:00:00",
"dateReserved": "2005-12-05T00:00:00",
"dateUpdated": "2024-08-07T23:31:48.797Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2012-4919 (GCVE-0-2012-4919)
Vulnerability from nvd – Published: 2020-01-22 18:03 – Updated: 2024-08-06 20:50
VLAI?
Summary
Gallery Plugin1.4 for WordPress has a Remote File Include Vulnerability
Severity ?
No CVSS data available.
CWE
- Remote File Include
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Gallery Plugin authors | Gallery |
Affected:
1.4
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T20:50:18.008Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/57650"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/81713"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Gallery",
"vendor": "Gallery Plugin authors",
"versions": [
{
"status": "affected",
"version": "1.4"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Gallery Plugin1.4 for WordPress has a Remote File Include Vulnerability"
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Remote File Include",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-01-22T18:03:01",
"orgId": "44d08088-2bea-4760-83a6-1e9be26b15ab",
"shortName": "flexera"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.securityfocus.com/bid/57650"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/81713"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "PSIRT-CNA@flexerasoftware.com",
"ID": "CVE-2012-4919",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Gallery",
"version": {
"version_data": [
{
"version_value": "1.4"
}
]
}
}
]
},
"vendor_name": "Gallery Plugin authors"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Gallery Plugin1.4 for WordPress has a Remote File Include Vulnerability"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Remote File Include"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.securityfocus.com/bid/57650",
"refsource": "MISC",
"url": "http://www.securityfocus.com/bid/57650"
},
{
"name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/81713",
"refsource": "MISC",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/81713"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "44d08088-2bea-4760-83a6-1e9be26b15ab",
"assignerShortName": "flexera",
"cveId": "CVE-2012-4919",
"datePublished": "2020-01-22T18:03:01",
"dateReserved": "2012-09-14T00:00:00",
"dateUpdated": "2024-08-06T20:50:18.008Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2006-4030 (GCVE-0-2006-4030)
Vulnerability from nvd – Published: 2006-08-16 21:00 – Updated: 2024-08-07 18:57
VLAI?
Summary
Unspecified vulnerability in the stats module in Gallery 1.5.1-RC2 and earlier allows remote attackers to obtain sensitive information via unspecified attack vectors, related to "two file exposure bugs."
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T18:57:46.174Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "19453",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/19453"
},
{
"name": "21502",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/21502"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=325285"
},
{
"name": "ADV-2006-3250",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2006/3250"
},
{
"name": "DSA-1148",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2006/dsa-1148"
},
{
"name": "16594",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/16594"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2006-08-09T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Unspecified vulnerability in the stats module in Gallery 1.5.1-RC2 and earlier allows remote attackers to obtain sensitive information via unspecified attack vectors, related to \"two file exposure bugs.\""
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2006-09-07T09:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "19453",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/19453"
},
{
"name": "21502",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/21502"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=325285"
},
{
"name": "ADV-2006-3250",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2006/3250"
},
{
"name": "DSA-1148",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2006/dsa-1148"
},
{
"name": "16594",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/16594"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-4030",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unspecified vulnerability in the stats module in Gallery 1.5.1-RC2 and earlier allows remote attackers to obtain sensitive information via unspecified attack vectors, related to \"two file exposure bugs.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "19453",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/19453"
},
{
"name": "21502",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/21502"
},
{
"name": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=325285",
"refsource": "MISC",
"url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=325285"
},
{
"name": "ADV-2006-3250",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/3250"
},
{
"name": "DSA-1148",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2006/dsa-1148"
},
{
"name": "16594",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/16594"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2006-4030",
"datePublished": "2006-08-16T21:00:00",
"dateReserved": "2006-08-09T00:00:00",
"dateUpdated": "2024-08-07T18:57:46.174Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2006-1696 (GCVE-0-2006-1696)
Vulnerability from nvd – Published: 2006-04-11 10:00 – Updated: 2024-08-07 17:19
VLAI?
Summary
Cross-site scripting (XSS) vulnerability in Gallery before 1.5.3 allows remote attackers to inject arbitrary web script or HTML via unknown attack vectors.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T17:19:49.449Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "17437",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/17437"
},
{
"name": "24466",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/24466"
},
{
"name": "gallery-unspecified-xss(25707)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25707"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://sourceforge.net/project/shownotes.php?release_id=408602\u0026group_id=7130"
},
{
"name": "ADV-2006-1285",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2006/1285"
},
{
"name": "19580",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/19580"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2006-04-06T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in Gallery before 1.5.3 allows remote attackers to inject arbitrary web script or HTML via unknown attack vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-19T15:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "17437",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/17437"
},
{
"name": "24466",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/24466"
},
{
"name": "gallery-unspecified-xss(25707)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25707"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://sourceforge.net/project/shownotes.php?release_id=408602\u0026group_id=7130"
},
{
"name": "ADV-2006-1285",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2006/1285"
},
{
"name": "19580",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/19580"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-1696",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in Gallery before 1.5.3 allows remote attackers to inject arbitrary web script or HTML via unknown attack vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "17437",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/17437"
},
{
"name": "24466",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/24466"
},
{
"name": "gallery-unspecified-xss(25707)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25707"
},
{
"name": "http://sourceforge.net/project/shownotes.php?release_id=408602\u0026group_id=7130",
"refsource": "CONFIRM",
"url": "http://sourceforge.net/project/shownotes.php?release_id=408602\u0026group_id=7130"
},
{
"name": "ADV-2006-1285",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/1285"
},
{
"name": "19580",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/19580"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2006-1696",
"datePublished": "2006-04-11T10:00:00",
"dateReserved": "2006-04-10T00:00:00",
"dateUpdated": "2024-08-07T17:19:49.449Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2006-1219 (GCVE-0-2006-1219)
Vulnerability from nvd – Published: 2006-03-14 02:00 – Updated: 2024-08-07 17:03
VLAI?
Summary
Directory traversal vulnerability in Gallery 2.0.3 and earlier, and 2.1 before RC-2a, allows remote attackers to include arbitrary PHP files via ".." (dot dot) sequences in the stepOrder parameter to (1) upgrade/index.php or (2) install/index.php.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T17:03:28.584Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "ADV-2006-0895",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2006/0895"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://gallery.menalto.com/2.0.4_and_2.1_rc_2a_update"
},
{
"name": "gallery-multiple-index-file-include(25129)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25129"
},
{
"name": "1566",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "https://www.exploit-db.com/exploits/1566"
},
{
"name": "17051",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/17051"
},
{
"name": "19175",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/19175"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2006-03-09T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Directory traversal vulnerability in Gallery 2.0.3 and earlier, and 2.1 before RC-2a, allows remote attackers to include arbitrary PHP files via \"..\" (dot dot) sequences in the stepOrder parameter to (1) upgrade/index.php or (2) install/index.php."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-10-18T16:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "ADV-2006-0895",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2006/0895"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://gallery.menalto.com/2.0.4_and_2.1_rc_2a_update"
},
{
"name": "gallery-multiple-index-file-include(25129)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25129"
},
{
"name": "1566",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "https://www.exploit-db.com/exploits/1566"
},
{
"name": "17051",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/17051"
},
{
"name": "19175",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/19175"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-1219",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Directory traversal vulnerability in Gallery 2.0.3 and earlier, and 2.1 before RC-2a, allows remote attackers to include arbitrary PHP files via \"..\" (dot dot) sequences in the stepOrder parameter to (1) upgrade/index.php or (2) install/index.php."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "ADV-2006-0895",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/0895"
},
{
"name": "http://gallery.menalto.com/2.0.4_and_2.1_rc_2a_update",
"refsource": "CONFIRM",
"url": "http://gallery.menalto.com/2.0.4_and_2.1_rc_2a_update"
},
{
"name": "gallery-multiple-index-file-include(25129)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25129"
},
{
"name": "1566",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/1566"
},
{
"name": "17051",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/17051"
},
{
"name": "19175",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/19175"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2006-1219",
"datePublished": "2006-03-14T02:00:00",
"dateReserved": "2006-03-14T00:00:00",
"dateUpdated": "2024-08-07T17:03:28.584Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2006-1126 (GCVE-0-2006-1126)
Vulnerability from nvd – Published: 2006-03-09 22:00 – Updated: 2024-08-07 17:03
VLAI?
Summary
Gallery 2 up to 2.0.2 allows remote attackers to spoof their IP address via a modified X-Forwarded-For (X_FORWARDED_FOR) HTTP header, which is checked by Gallery before other more reliable sources of IP address information, such as REMOTE_ADDR.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T17:03:26.962Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.gulftech.org/?node=research\u0026article_id=00106-03022006"
},
{
"name": "gallery-header-spoofing(25120)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25120"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://gallery.menalto.com/gallery_2.0.3_released"
},
{
"name": "ADV-2006-0813",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2006/0813"
},
{
"name": "20060303 Gallery 2 Multiple Vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2006-02/0621.html"
},
{
"name": "19104",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/19104"
},
{
"name": "1015717",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1015717"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2006-03-02T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Gallery 2 up to 2.0.2 allows remote attackers to spoof their IP address via a modified X-Forwarded-For (X_FORWARDED_FOR) HTTP header, which is checked by Gallery before other more reliable sources of IP address information, such as REMOTE_ADDR."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-19T15:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.gulftech.org/?node=research\u0026article_id=00106-03022006"
},
{
"name": "gallery-header-spoofing(25120)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25120"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://gallery.menalto.com/gallery_2.0.3_released"
},
{
"name": "ADV-2006-0813",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2006/0813"
},
{
"name": "20060303 Gallery 2 Multiple Vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2006-02/0621.html"
},
{
"name": "19104",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/19104"
},
{
"name": "1015717",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1015717"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-1126",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Gallery 2 up to 2.0.2 allows remote attackers to spoof their IP address via a modified X-Forwarded-For (X_FORWARDED_FOR) HTTP header, which is checked by Gallery before other more reliable sources of IP address information, such as REMOTE_ADDR."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.gulftech.org/?node=research\u0026article_id=00106-03022006",
"refsource": "MISC",
"url": "http://www.gulftech.org/?node=research\u0026article_id=00106-03022006"
},
{
"name": "gallery-header-spoofing(25120)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25120"
},
{
"name": "http://gallery.menalto.com/gallery_2.0.3_released",
"refsource": "CONFIRM",
"url": "http://gallery.menalto.com/gallery_2.0.3_released"
},
{
"name": "ADV-2006-0813",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/0813"
},
{
"name": "20060303 Gallery 2 Multiple Vulnerabilities",
"refsource": "BUGTRAQ",
"url": "http://archives.neohapsis.com/archives/bugtraq/2006-02/0621.html"
},
{
"name": "19104",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/19104"
},
{
"name": "1015717",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1015717"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2006-1126",
"datePublished": "2006-03-09T22:00:00",
"dateReserved": "2006-03-09T00:00:00",
"dateUpdated": "2024-08-07T17:03:26.962Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2006-1127 (GCVE-0-2006-1127)
Vulnerability from nvd – Published: 2006-03-09 22:00 – Updated: 2024-08-07 17:03
VLAI?
Summary
Cross-site scripting (XSS) vulnerability in Gallery 2 up to 2.0.2 allows remote attackers to inject arbitrary web script or HTML via the X-Forwarded-For (X_FORWARDED_FOR) HTTP header, which is not properly handled when adding a comment to an album.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T17:03:26.961Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "16940",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/16940"
},
{
"name": "23596",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/23596"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.gulftech.org/?node=research\u0026article_id=00106-03022006"
},
{
"name": "gallery-getremotehostaddress-xss(25117)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25117"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://gallery.menalto.com/gallery_2.0.3_released"
},
{
"name": "ADV-2006-0813",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2006/0813"
},
{
"name": "20060303 Gallery 2 Multiple Vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2006-02/0621.html"
},
{
"name": "19104",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/19104"
},
{
"name": "1015717",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1015717"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2006-03-02T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in Gallery 2 up to 2.0.2 allows remote attackers to inject arbitrary web script or HTML via the X-Forwarded-For (X_FORWARDED_FOR) HTTP header, which is not properly handled when adding a comment to an album."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-19T15:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "16940",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/16940"
},
{
"name": "23596",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/23596"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.gulftech.org/?node=research\u0026article_id=00106-03022006"
},
{
"name": "gallery-getremotehostaddress-xss(25117)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25117"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://gallery.menalto.com/gallery_2.0.3_released"
},
{
"name": "ADV-2006-0813",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2006/0813"
},
{
"name": "20060303 Gallery 2 Multiple Vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2006-02/0621.html"
},
{
"name": "19104",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/19104"
},
{
"name": "1015717",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1015717"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-1127",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in Gallery 2 up to 2.0.2 allows remote attackers to inject arbitrary web script or HTML via the X-Forwarded-For (X_FORWARDED_FOR) HTTP header, which is not properly handled when adding a comment to an album."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "16940",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/16940"
},
{
"name": "23596",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/23596"
},
{
"name": "http://www.gulftech.org/?node=research\u0026article_id=00106-03022006",
"refsource": "MISC",
"url": "http://www.gulftech.org/?node=research\u0026article_id=00106-03022006"
},
{
"name": "gallery-getremotehostaddress-xss(25117)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25117"
},
{
"name": "http://gallery.menalto.com/gallery_2.0.3_released",
"refsource": "CONFIRM",
"url": "http://gallery.menalto.com/gallery_2.0.3_released"
},
{
"name": "ADV-2006-0813",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/0813"
},
{
"name": "20060303 Gallery 2 Multiple Vulnerabilities",
"refsource": "BUGTRAQ",
"url": "http://archives.neohapsis.com/archives/bugtraq/2006-02/0621.html"
},
{
"name": "19104",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/19104"
},
{
"name": "1015717",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1015717"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2006-1127",
"datePublished": "2006-03-09T22:00:00",
"dateReserved": "2006-03-09T00:00:00",
"dateUpdated": "2024-08-07T17:03:26.961Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2006-1128 (GCVE-0-2006-1128)
Vulnerability from nvd – Published: 2006-03-09 22:00 – Updated: 2024-08-07 17:03
VLAI?
Summary
Directory traversal vulnerability in the session handling class (GallerySession.class) in Gallery 2 up to 2.0.2 allows remote attackers to access and delete files by specifying the session in a cookie, which is used in constructing file paths before the session value is sanitized.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T17:03:26.943Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "gallery-sessionid-bypass-security(25118)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25118"
},
{
"name": "23597",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/23597"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.gulftech.org/?node=research\u0026article_id=00106-03022006"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://gallery.menalto.com/gallery_2.0.3_released"
},
{
"name": "16948",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/16948"
},
{
"name": "ADV-2006-0813",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2006/0813"
},
{
"name": "20060303 Gallery 2 Multiple Vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2006-02/0621.html"
},
{
"name": "19104",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/19104"
},
{
"name": "1015717",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1015717"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2006-03-02T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Directory traversal vulnerability in the session handling class (GallerySession.class) in Gallery 2 up to 2.0.2 allows remote attackers to access and delete files by specifying the session in a cookie, which is used in constructing file paths before the session value is sanitized."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-19T15:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "gallery-sessionid-bypass-security(25118)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25118"
},
{
"name": "23597",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/23597"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.gulftech.org/?node=research\u0026article_id=00106-03022006"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://gallery.menalto.com/gallery_2.0.3_released"
},
{
"name": "16948",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/16948"
},
{
"name": "ADV-2006-0813",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2006/0813"
},
{
"name": "20060303 Gallery 2 Multiple Vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2006-02/0621.html"
},
{
"name": "19104",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/19104"
},
{
"name": "1015717",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1015717"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-1128",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Directory traversal vulnerability in the session handling class (GallerySession.class) in Gallery 2 up to 2.0.2 allows remote attackers to access and delete files by specifying the session in a cookie, which is used in constructing file paths before the session value is sanitized."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "gallery-sessionid-bypass-security(25118)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25118"
},
{
"name": "23597",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/23597"
},
{
"name": "http://www.gulftech.org/?node=research\u0026article_id=00106-03022006",
"refsource": "MISC",
"url": "http://www.gulftech.org/?node=research\u0026article_id=00106-03022006"
},
{
"name": "http://gallery.menalto.com/gallery_2.0.3_released",
"refsource": "CONFIRM",
"url": "http://gallery.menalto.com/gallery_2.0.3_released"
},
{
"name": "16948",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/16948"
},
{
"name": "ADV-2006-0813",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/0813"
},
{
"name": "20060303 Gallery 2 Multiple Vulnerabilities",
"refsource": "BUGTRAQ",
"url": "http://archives.neohapsis.com/archives/bugtraq/2006-02/0621.html"
},
{
"name": "19104",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/19104"
},
{
"name": "1015717",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1015717"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2006-1128",
"datePublished": "2006-03-09T22:00:00",
"dateReserved": "2006-03-09T00:00:00",
"dateUpdated": "2024-08-07T17:03:26.943Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2006-0587 (GCVE-0-2006-0587)
Vulnerability from nvd – Published: 2006-02-08 01:00 – Updated: 2024-08-07 16:41
VLAI?
Summary
Unspecified vulnerability in util.php in Gallery before 1.5.2-pl2 allows remote authenticated users with trick an owner into modifying stored album data and possibly executing arbitrary code via unspecified vectors involving a crafted link to a crafted file.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T16:41:28.888Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "16533",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/16533"
},
{
"name": "1015641",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1015641"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.digitalarmaments.com/2006140293402395.html"
},
{
"name": "20060216 Re: Digital Armaments Security Advisory 02.14.2006: Gallery web-based photo gallery remote file execution",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2006-02/0286.html"
},
{
"name": "20060214 Digital Armaments Security Advisory 02.14.2006: Gallery web-based photo gallery remote file execution",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2006-02/0224.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://gallery.menalto.com/gallery_1_5_2_pl2_security_release"
},
{
"name": "22944",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/22944"
},
{
"name": "18735",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/18735"
},
{
"name": "23256",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/23256"
},
{
"name": "gallery-util-file-include(24768)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24768"
},
{
"name": "gallery-album-data-modification(24538)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24538"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2006-02-07T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Unspecified vulnerability in util.php in Gallery before 1.5.2-pl2 allows remote authenticated users with trick an owner into modifying stored album data and possibly executing arbitrary code via unspecified vectors involving a crafted link to a crafted file."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-19T15:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "16533",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/16533"
},
{
"name": "1015641",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1015641"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.digitalarmaments.com/2006140293402395.html"
},
{
"name": "20060216 Re: Digital Armaments Security Advisory 02.14.2006: Gallery web-based photo gallery remote file execution",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2006-02/0286.html"
},
{
"name": "20060214 Digital Armaments Security Advisory 02.14.2006: Gallery web-based photo gallery remote file execution",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2006-02/0224.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://gallery.menalto.com/gallery_1_5_2_pl2_security_release"
},
{
"name": "22944",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/22944"
},
{
"name": "18735",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/18735"
},
{
"name": "23256",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/23256"
},
{
"name": "gallery-util-file-include(24768)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24768"
},
{
"name": "gallery-album-data-modification(24538)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24538"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-0587",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unspecified vulnerability in util.php in Gallery before 1.5.2-pl2 allows remote authenticated users with trick an owner into modifying stored album data and possibly executing arbitrary code via unspecified vectors involving a crafted link to a crafted file."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "16533",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/16533"
},
{
"name": "1015641",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1015641"
},
{
"name": "http://www.digitalarmaments.com/2006140293402395.html",
"refsource": "MISC",
"url": "http://www.digitalarmaments.com/2006140293402395.html"
},
{
"name": "20060216 Re: Digital Armaments Security Advisory 02.14.2006: Gallery web-based photo gallery remote file execution",
"refsource": "BUGTRAQ",
"url": "http://archives.neohapsis.com/archives/bugtraq/2006-02/0286.html"
},
{
"name": "20060214 Digital Armaments Security Advisory 02.14.2006: Gallery web-based photo gallery remote file execution",
"refsource": "BUGTRAQ",
"url": "http://archives.neohapsis.com/archives/bugtraq/2006-02/0224.html"
},
{
"name": "http://gallery.menalto.com/gallery_1_5_2_pl2_security_release",
"refsource": "CONFIRM",
"url": "http://gallery.menalto.com/gallery_1_5_2_pl2_security_release"
},
{
"name": "22944",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/22944"
},
{
"name": "18735",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/18735"
},
{
"name": "23256",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/23256"
},
{
"name": "gallery-util-file-include(24768)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24768"
},
{
"name": "gallery-album-data-modification(24538)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24538"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2006-0587",
"datePublished": "2006-02-08T01:00:00",
"dateReserved": "2006-02-08T00:00:00",
"dateUpdated": "2024-08-07T16:41:28.888Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2006-0330 (GCVE-0-2006-0330)
Vulnerability from nvd – Published: 2006-01-21 00:00 – Updated: 2024-08-07 16:34
VLAI?
Summary
Cross-site scripting (XSS) vulnerability in Gallery before 1.5.2 allows remote attackers to inject arbitrary web script or HTML via unknown attack vectors, possibly involving the user name (fullname).
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T16:34:13.675Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "gallery-unknown-xss(24247)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24247"
},
{
"name": "21502",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/21502"
},
{
"name": "22660",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/22660"
},
{
"name": "DSA-1148",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.us.debian.org/security/2006/dsa-1148"
},
{
"name": "GLSA-200601-13",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "http://www.gentoo.org/security/en/glsa/glsa-200601-13.xml"
},
{
"name": "18557",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/18557"
},
{
"name": "16334",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/16334"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=325285"
},
{
"name": "18627",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/18627"
},
{
"name": "ADV-2006-0282",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2006/0282"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://gallery.menalto.com/page/gallery_1_5_2_release"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2006-01-20T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in Gallery before 1.5.2 allows remote attackers to inject arbitrary web script or HTML via unknown attack vectors, possibly involving the user name (fullname)."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-19T15:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "gallery-unknown-xss(24247)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24247"
},
{
"name": "21502",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/21502"
},
{
"name": "22660",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/22660"
},
{
"name": "DSA-1148",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.us.debian.org/security/2006/dsa-1148"
},
{
"name": "GLSA-200601-13",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "http://www.gentoo.org/security/en/glsa/glsa-200601-13.xml"
},
{
"name": "18557",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/18557"
},
{
"name": "16334",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/16334"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=325285"
},
{
"name": "18627",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/18627"
},
{
"name": "ADV-2006-0282",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2006/0282"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://gallery.menalto.com/page/gallery_1_5_2_release"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-0330",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in Gallery before 1.5.2 allows remote attackers to inject arbitrary web script or HTML via unknown attack vectors, possibly involving the user name (fullname)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "gallery-unknown-xss(24247)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24247"
},
{
"name": "21502",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/21502"
},
{
"name": "22660",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/22660"
},
{
"name": "DSA-1148",
"refsource": "DEBIAN",
"url": "http://www.us.debian.org/security/2006/dsa-1148"
},
{
"name": "GLSA-200601-13",
"refsource": "GENTOO",
"url": "http://www.gentoo.org/security/en/glsa/glsa-200601-13.xml"
},
{
"name": "18557",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/18557"
},
{
"name": "16334",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/16334"
},
{
"name": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=325285",
"refsource": "MISC",
"url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=325285"
},
{
"name": "18627",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/18627"
},
{
"name": "ADV-2006-0282",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/0282"
},
{
"name": "http://gallery.menalto.com/page/gallery_1_5_2_release",
"refsource": "CONFIRM",
"url": "http://gallery.menalto.com/page/gallery_1_5_2_release"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2006-0330",
"datePublished": "2006-01-21T00:00:00",
"dateReserved": "2006-01-20T00:00:00",
"dateUpdated": "2024-08-07T16:34:13.675Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}