CVE-2008-4129 - Secunia Advisories - Vulnerability Information

CVE Reference: CVE-2008-4129
NOTE: The text on this page is written by CVE MITRE and reflects neither the opinions of Secunia or the results of our research. All data on this page is written and maintained by CVE MITRE.

Original Page at CVE MITRE: CVE-2008-4129

Description: Gallery before 1.5.9, and 2.x before 2.2.6, does not properly handle ZIP archives containing symbolic links, which allows remote authenticated users to conduct directory traversal attacks and read arbitrary files via vectors related to the archive upload (aka zip upload) functionality.

CVE Status: Candidate

References: XF http://xforce.iss.net/xforce/xfdb/45228 SAID Secunia Advisory: SA32662 Secunia Advisory: SA33144 Secunia Advisory: SA31912 GENTOO http://security.gentoo.org/glsa/glsa-200811-02.xml FEDORA CONFIRM http://gallery.menalto.com/gallery_2.2.6_released http://gallery.menalto.com/gallery_1.5.9_released BID 31231

Return to the previous page.