FreshPorts - VuXML

This page displays vulnerability information about FreeBSD Ports.

The VUXML data was last processed by FreshPorts on 2024-03-28 15:43:32 UTC

List all Vulnerabilities, by package

List all Vulnerabilities, by date

k68

These are the vulnerabilities relating to the commit you have selected:

VuXML IDDescription
9b718b82-8ef5-11dc-8e42-001c2514716cgallery2 -- multiple vulnerabilities

Gallery project reports:

Gallery 2.2.3 addresses the following security vulnerabilities:

  • Unauthorized renaming of items possible with WebDAV (reported by Merrick Manalastas)
  • Unauthorized modification and retrieval of item properties possible with WebDAV
  • Unauthorized locking and replacing of items possible with WebDAV
  • Unauthorized editing of data file possible via linked items with Reupload and WebDAV (reported by Nicklous Roberts)

Discovery 2007-08-29
Entry 2007-11-09
gallery2
< 2.2.3

CVE-2007-4650
25580
fc9e73b2-8685-11dd-bb64-0030843d3802gallery -- multiple vulnerabilities

Secunia reports:

An error in the handing of ZIP archives with symbolic links can be exploited to disclose the contents of arbitrary files.

Input from uploaded Flash animations is not properly sanitised before being used. This can be exploited to insert arbitrary HTML and script code, which is executed in a user's browser session in context of an affected site when the malicious data is viewed.


Discovery 2008-09-18
Entry 2008-09-19
Modified 2008-10-03
gallery
< 1.5.9

gallery2
< 2.2.6

http://secunia.com/advisories/31912/
http://secunia.com/advisories/31858/
4aab7bcd-b294-11dc-a6f0-00a0cce0781egallery2 -- multiple vulnerabilities

The Gallery team reports:

Gallery 2.2.4 addresses the following security vulnerabilities:

  • Publish XP module - Fixed unauthorized album creation and file uploads.
  • URL rewrite module - Fixed local file inclusion vulnerability in unsecured admin controller and information disclosure in hotlink protection.
  • Core / add-item modules - Fixed Cross Site Scripting (XSS) vulnerabilities through malicious file names.
  • Installation (Gallery application) - Update web-accessibility protection of the storage folder for Apache 2.2.
  • Core (Gallery application) / MIME module - Fixed vulnerability in checks for disallowed file extensions in file uploads.
  • Gallery Remote module - Added missing permissions checks for some GR commands.
  • WebDAV module - Fixed Cross Site Scripting (XSS) vulnerability through HTTP PROPPATCH.
  • WebDAV module - Fixed information (item data) disclosure in a WebDAV view.
  • Comment module - Fixed information (item data) disclosure in comment views.
  • Core module (Gallery application) - Improved resilience against item information disclosure attacks.
  • Slideshow module - Fixed information (item data) disclosure in the slideshow.
  • Print modules - Fixed information (item data) disclosure in several print modules.
  • Core / print modules - Fixed arbitrary URL redirection (phishing attacks) in the core module and several print modules.
  • WebCam module - Fixed proxied request weakness.

Discovery 2007-12-24
Entry 2007-12-25
Modified 2010-05-12
gallery2
< 2.2.4

CVE-2007-6685
CVE-2007-6686
CVE-2007-6687
CVE-2007-6689
CVE-2007-6690
CVE-2007-6692
http://gallery.menalto.com/gallery_2.2.4_released
47bdabcf-3cf9-11da-baa2-0004614cc33dgallery2 -- file disclosure vulnerability

Michael Dipper wrote:

A vulnerability has been discovered in gallery, which allows remote users unauthorized access to files on the webserver.

A remote user accessing gallery over the web may use specially crafted HTTP parameters to access arbitrary files located on the webserver. All files readable by the webserver process are subject to disclosure. The vulnerability is *not* restricted to the webserver's document root but extends to the whole server file space.

The vulnerability may be used by any anonymous user, there is no login to the application required.


Discovery 2005-10-12
Entry 2005-10-15
Modified 2005-11-08
gallery2
< 2.0.1

15108
CVE-2005-3251
http://dipper.info/security/20051012/