Security Gallery Multiple Vulnerabilities

PHP Web Host - Quality Web Hosting For All PHP Applications

• Home • Downloads • Your Account • Forums •

Site Navigation

Home:

Donate o Meter

Help Keep Our Servers Online AND Our Services Free!

Donat-o-Meter Stats
December´s Goal:	$300.00
Due Date:	Dec 31
Net Balance:	$0.00
Left to go:	$300.00

Donations

Please Link To Me!

Services Available

Quality PHP Web Host!

Great Reviews!

Need help setting up your website, installing Apache, PHP, MySQL, or PhpNuke?

Need help customizing or designing scripts?

Please contact me via the Contact Us option for further details and pricing.

Link to Me

There are more Link To Me icons here.

Site Info v2.2.2 ©

Verse of the Day

Gallery Multiple Vulnerabilities

SECUNIA ADVISORY ID: SA28163

VERIFY ADVISORY: http://secunia.com/advisories/28163/

CRITICAL: Highly critical

IMPACT: Security Bypass, Cross Site Scripting, Exposure of sensitive information, System access

SOFTWARE: Gallery 2.x - http://secunia.com/product/5879/

DESCRIPTION: Some vulnerabilities and a weakness have been reported in Gallery, where some have unspecified impacts and others can be exploited by malicious users or malicious people to disclose sensitive information, conduct cross-site scripting attacks, bypass certain security restrictions, and potentially compromise a vulnerable system. The vulnerabilities were reported in versions prior to 2.2.4. Note: In version 2.2.4, the Core module contains enhanced information disclosure protection and includes a fix for an unspecified redirection weakness.

1) An unspecified error within the Publish XP module can be exploited to create and upload files without proper authorisation.

2) An unspecified error within the admin controller of the URL rewrite module can be exploited to include local files.

3) Input passed via file names within the core and add-item modules is not properly sanitised before being returned to a user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site.

4) An unspecified vulnerability exists within the file extension check of uploaded files in the Core (Gallery application) / MIME module.

5) The Gallery Remote module does not properly verify the permissions for certain GR commands.

6) Certain input passed via HTTP PROPPATCH to the WebDAV module is not properly sanitised before being returned to a user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site.

7) Unspecified errors within the WebDAV view of the WebDAV module, the comment view of the Comment module, the Print modules, the hotlink protection of the URL rewrite module, and the slideshows of the Slideshow module can be exploited to disclose potentially sensitive information.

8) An unspecified weakness related to proxied request exists within the WebCam module.

SOLUTION: Update to version 2.2.4.

PROVIDED AND/OR DISCOVERED BY: Reported by the vendor.

ORIGINAL ADVISORY: http://gallery.menalto.com/gallery_2.2.4_released

Posted on Wednesday, December 26, 2007 @ 19:29:02 EST by Raven

Related Links

· More about Security
· News by Raven

Most read story about Security:
PHP-Nuke *eid* SQL Injection Vulnerability

Article Rating

Average Score: 0
Votes: 0

Options

Printer Friendly Page

Send to a Friend

All logos and trademarks in this site are property of their respective owner.
The comments are property of their posters, all the rest © 2002-2008 by Raven
Proud to be listed at Lobo Links Web Directory

You can syndicate our news using the file

Website engines core code is © copyright by PHP-Nuke but has been heavily patched and modified by myself and others.
PHP-Nuke is a free software released under the GNU/GPL.

:: fisubice phpbb2 style by Daz :: PHP-Nuke theme by www.nukemods.com ::
:: fisubice Theme Recoded To 100% W3C CSS & HTML 4.01 Transitional Compliance by Raven and 64bitguy ::
::