FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

gallery -- multiple vulnerabilities

Affected packages
gallery < 1.5.9
gallery2 < 2.2.6


VuXML ID fc9e73b2-8685-11dd-bb64-0030843d3802
Discovery 2008-09-18
Entry 2008-09-19
Modified 2008-10-03

Secunia reports:

An error in the handing of ZIP archives with symbolic links can be exploited to disclose the contents of arbitrary files.

Input from uploaded Flash animations is not properly sanitised before being used. This can be exploited to insert arbitrary HTML and script code, which is executed in a user's browser session in context of an affected site when the malicious data is viewed.