FreshPorts - VuXML

This page displays vulnerability information about FreeBSD Ports.

The VUXML data was last processed by FreshPorts on 2024-12-18 19:03:49 UTC

List all Vulnerabilities, by package

List all Vulnerabilities, by date

k68

These are the vulnerabilities relating to the commit you have selected:

VuXML ID	Description
4aab7bcd-b294-11dc-a6f0-00a0cce0781e	gallery2 -- multiple vulnerabilities The Gallery team reports: Gallery 2.2.4 addresses the following security vulnerabilities: Publish XP module - Fixed unauthorized album creation and file uploads. URL rewrite module - Fixed local file inclusion vulnerability in unsecured admin controller and information disclosure in hotlink protection. Core / add-item modules - Fixed Cross Site Scripting (XSS) vulnerabilities through malicious file names. Installation (Gallery application) - Update web-accessibility protection of the storage folder for Apache 2.2. Core (Gallery application) / MIME module - Fixed vulnerability in checks for disallowed file extensions in file uploads. Gallery Remote module - Added missing permissions checks for some GR commands. WebDAV module - Fixed Cross Site Scripting (XSS) vulnerability through HTTP PROPPATCH. WebDAV module - Fixed information (item data) disclosure in a WebDAV view. Comment module - Fixed information (item data) disclosure in comment views. Core module (Gallery application) - Improved resilience against item information disclosure attacks. Slideshow module - Fixed information (item data) disclosure in the slideshow. Print modules - Fixed information (item data) disclosure in several print modules. Core / print modules - Fixed arbitrary URL redirection (phishing attacks) in the core module and several print modules. WebCam module - Fixed proxied request weakness. Discovery 2007-12-24 Entry 2007-12-25 Modified 2010-05-12 gallery2 < 2.2.4 CVE-2007-6685 CVE-2007-6686 CVE-2007-6687 CVE-2007-6689 CVE-2007-6690 CVE-2007-6692 http://gallery.menalto.com/gallery_2.2.4_released
fc9e73b2-8685-11dd-bb64-0030843d3802	gallery -- multiple vulnerabilities Secunia reports: An error in the handing of ZIP archives with symbolic links can be exploited to disclose the contents of arbitrary files. Input from uploaded Flash animations is not properly sanitised before being used. This can be exploited to insert arbitrary HTML and script code, which is executed in a user's browser session in context of an affected site when the malicious data is viewed. Discovery 2008-09-18 Entry 2008-09-19 Modified 2008-10-03 gallery < 1.5.9 gallery2 < 2.2.6 http://secunia.com/advisories/31912/ http://secunia.com/advisories/31858/

VuXML ID

Description

4aab7bcd-b294-11dc-a6f0-00a0cce0781e

gallery2 -- multiple vulnerabilities

The Gallery team reports:

Gallery 2.2.4 addresses the following security vulnerabilities:

Publish XP module - Fixed unauthorized album creation and file uploads.

URL rewrite module - Fixed local file inclusion vulnerability in unsecured admin controller and information disclosure in hotlink protection.

Core / add-item modules - Fixed Cross Site Scripting (XSS) vulnerabilities through malicious file names.

Installation (Gallery application) - Update web-accessibility protection of the storage folder for Apache 2.2.

Core (Gallery application) / MIME module - Fixed vulnerability in checks for disallowed file extensions in file uploads.

Gallery Remote module - Added missing permissions checks for some GR commands.

WebDAV module - Fixed Cross Site Scripting (XSS) vulnerability through HTTP PROPPATCH.

WebDAV module - Fixed information (item data) disclosure in a WebDAV view.

Comment module - Fixed information (item data) disclosure in comment views.

Core module (Gallery application) - Improved resilience against item information disclosure attacks.

Slideshow module - Fixed information (item data) disclosure in the slideshow.

Print modules - Fixed information (item data) disclosure in several print modules.

Core / print modules - Fixed arbitrary URL redirection (phishing attacks) in the core module and several print modules.

WebCam module - Fixed proxied request weakness.

Discovery 2007-12-24
Entry 2007-12-25
Modified 2010-05-12
gallery2

< 2.2.4

CVE-2007-6685
CVE-2007-6686
CVE-2007-6687
CVE-2007-6689
CVE-2007-6690
CVE-2007-6692
http://gallery.menalto.com/gallery_2.2.4_released

fc9e73b2-8685-11dd-bb64-0030843d3802

gallery -- multiple vulnerabilities

Secunia reports:

An error in the handing of ZIP archives with symbolic links can be exploited to disclose the contents of arbitrary files.

Input from uploaded Flash animations is not properly sanitised before being used. This can be exploited to insert arbitrary HTML and script code, which is executed in a user's browser session in context of an affected site when the malicious data is viewed.

Discovery 2008-09-18
Entry 2008-09-19
Modified 2008-10-03
gallery

< 1.5.9

gallery2

< 2.2.6

http://secunia.com/advisories/31912/
http://secunia.com/advisories/31858/