FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

gallery -- multiple vulnerabilities

Affected packages
gallery < 1.5.9
gallery2 < 2.2.6

Details

VuXML ID fc9e73b2-8685-11dd-bb64-0030843d3802
Discovery 2008-09-18
Entry 2008-09-19
Modified 2008-10-03

Secunia reports:

An error in the handing of ZIP archives with symbolic links can be exploited to disclose the contents of arbitrary files.

[source]

Input from uploaded Flash animations is not properly sanitised before being used. This can be exploited to insert arbitrary HTML and script code, which is executed in a user's browser session in context of an affected site when the malicious data is viewed.

[source]

References

URL http://secunia.com/advisories/31858/
URL http://secunia.com/advisories/31912/

Copyright © 2003-2005 Jacques Vidrine and contributors.
Please see the source of this document for full copyright information.