Описание
Gallery before 1.5.9, and 2.x before 2.2.6, does not properly handle ZIP archives containing symbolic links, which allows remote authenticated users to conduct directory traversal attacks and read arbitrary files via vectors related to the archive upload (aka zip upload) functionality.
Gallery before 1.5.9, and 2.x before 2.2.6, does not properly handle ZIP archives containing symbolic links, which allows remote authenticated users to conduct directory traversal attacks and read arbitrary files via vectors related to the archive upload (aka zip upload) functionality.
Ссылки
- https://nvd.nist.gov/vuln/detail/CVE-2008-4129
- https://exchange.xforce.ibmcloud.com/vulnerabilities/45228
- https://www.redhat.com/archives/fedora-package-announce/2008-December/msg00794.html
- https://www.redhat.com/archives/fedora-package-announce/2008-December/msg00832.html
- http://gallery.menalto.com/gallery_1.5.9_released
- http://gallery.menalto.com/gallery_2.2.6_released
- http://secunia.com/advisories/31912
- http://secunia.com/advisories/32662
- http://secunia.com/advisories/33144
- http://security.gentoo.org/glsa/glsa-200811-02.xml
- http://www.securityfocus.com/bid/31231
Связанные уязвимости
Gallery before 1.5.9, and 2.x before 2.2.6, does not properly handle ZIP archives containing symbolic links, which allows remote authenticated users to conduct directory traversal attacks and read arbitrary files via vectors related to the archive upload (aka zip upload) functionality.
Gallery before 1.5.9, and 2.x before 2.2.6, does not properly handle ZIP archives containing symbolic links, which allows remote authenticated users to conduct directory traversal attacks and read arbitrary files via vectors related to the archive upload (aka zip upload) functionality.
Gallery before 1.5.9, and 2.x before 2.2.6, does not properly handle ZIP archives containing symbolic links, which allows remote authenticated users to conduct directory traversal attacks and read arbitrary files via vectors related to the archive upload (aka zip upload) functionality.
Gallery before 1.5.9, and 2.x before 2.2.6, does not properly handle Z ...