|
Gallery Multiple Vulnerabilities
|
|
Secunia Advisory:
|
SA28163
|
|
|
Release Date:
|
2007-12-26
|
|
Last Update:
|
2008-01-24
|
|
Popularity:
|
4,174 views
|
|
|
Critical:
|
Highly critical
|
|
Impact:
|
Security Bypass
Cross Site Scripting
Exposure of sensitive information
System access
|
|
Where:
|
From remote
|
|
Solution Status:
|
Vendor Patch
|
|
| Software: | Gallery 2.x
|
|
|
Subscribe:
|
Instant alerts on relevant vulnerabilities 
|
|
| CVE reference: | CVE-2007-6685
CVE-2007-6686
CVE-2007-6687
CVE-2007-6688
CVE-2007-6689
CVE-2007-6690
CVE-2007-6691
CVE-2007-6692
CVE-2007-6693
|
|
Description:
Some vulnerabilities and a weakness have been reported in Gallery, where some have unspecified impacts and others can be exploited by malicious users or malicious people to disclose sensitive information, conduct cross-site scripting attacks, bypass certain security restrictions, and potentially compromise a vulnerable system.
1) An unspecified error within the Publish XP module can be exploited to create and upload files without proper authorisation.
2) An unspecified error within the admin controller of the URL rewrite module can be exploited to include local files.
3) Input passed via file names within the core and add-item modules is not properly sanitised before being returned to a user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site.
4) An unspecified vulnerability exists within the file extension check of uploaded files in the Core (Gallery application) / MIME module.
5) The Gallery Remote module does not properly verify the permissions for certain GR commands.
6) Certain input passed via HTTP PROPPATCH to the WebDAV module is not properly sanitised before being returned to a user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site.
7) Unspecified errors within the WebDAV view of the WebDAV module, the comment view of the Comment module, the Print modules, the hotlink protection of the URL rewrite module, and the slideshows of the Slideshow module can be exploited to disclose potentially sensitive information.
Note: In version 2.2.4, the Core module contains enhanced information disclosure protection and includes a fix for an unspecified redirection weakness.
8) An unspecified weakness related to proxied request exists within the WebCam module.
The vulnerabilities were reported in versions prior to 2.2.4.
Solution:
Update to version 2.2.4.
Provided and/or discovered by:
Reported by the vendor.
Changelog:
2008-01-24: Added CVE reference.
Original Advisory:
http://gallery.menalto.com/gallery_2.2.4_released
|
|
|
Track this Secunia Advisory
|
Customers of the Secunia Vulnerability Intelligence solutions will automatically receive updates when new information regarding this advisory is released.
Read more about our Vulnerability Intelligence solutions and what they can do for you and your company.
|
|
|
About this Secunia Advisory
|
Please note: The information that this Secunia Advisory is based on comes from a third party unless stated otherwise.
Secunia collects, validates, and verifies all vulnerability reports issued by security research groups, vendors, and others.
|
