oss-sec mailing list archives
Re: CVE Request (gallery2)
From: "Steven M. Christey" <coley () linus mitre org>
Date: Tue, 23 Sep 2008 21:22:57 -0400 (EDT)
====================================================== Name: CVE-2008-3662 Status: Candidate URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3662 Reference: FULLDISC:20080918 menalto gallery: Session hijacking vulnerability, CVE-2008-3662 Reference: URL:http://seclists.org/fulldisclosure/2008/Sep/0379.html Reference: MISC:http://int21.de/cve/CVE-2008-3662-gallery.html Reference: CONFIRM:http://gallery.menalto.com/gallery_1.5.9_released Reference: CONFIRM:http://gallery.menalto.com/gallery_2.2.6_released Reference: BID:31231 Reference: URL:http://www.securityfocus.com/bid/31231 Gallery before 1.5.9, and 2.x before 2.2.6, does not set the secure flag for the session cookie in an https session, which can cause the cookie to be sent in http requests and make it easier for remote attackers to capture this cookie. ====================================================== Name: CVE-2008-4129 Status: Candidate URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4129 Reference: CONFIRM:http://gallery.menalto.com/gallery_1.5.9_released Reference: CONFIRM:http://gallery.menalto.com/gallery_2.2.6_released Reference: BID:31231 Reference: URL:http://www.securityfocus.com/bid/31231 Gallery before 1.5.9, and 2.x before 2.2.6, does not properly handle ZIP archives containing symbolic links, which allows remote authenticated users to conduct directory traversal attacks and read arbitrary files via vectors related to the archive upload (aka zip upload) functionality. ====================================================== Name: CVE-2008-4130 Status: Candidate URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4130 Reference: CONFIRM:http://gallery.menalto.com/gallery_2.2.6_released Reference: BID:31231 Reference: URL:http://www.securityfocus.com/bid/31231 Reference: SECUNIA:31858 Reference: URL:http://secunia.com/advisories/31858 Cross-site scripting (XSS) vulnerability in Gallery 2.x before 2.2.6 allows remote attackers to inject arbitrary web script or HTML via a crafted Flash animation, related to the ability of the animation to "interact with the embedding page."
Current thread:
- CVE Request (gallery2) Josh Bressers (Sep 18)
- Re: CVE Request (gallery2) Hanno Böck (Sep 18)
- Re: CVE Request (gallery2) Steven M. Christey (Sep 23)