Search
Find a vulnerability
Search criteria
8 vulnerabilities found for gallery by gallery
CVE-2008-5296 (GCVE-0-2008-5296)
Vulnerability from nvd – Published: 2008-12-01 15:00 – Updated: 2024-08-07 10:49
VLAI
EPSS
VEX
Summary
Gallery 1.5.x before 1.5.10 and 1.6 before 1.6-RC3, when register_globals is enabled, allows remote attackers to bypass authentication and gain administrative via unspecified cookies. NOTE: some of these details are obtained from third party information.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
5 references
| URL | Tags |
|---|---|
| http://secunia.com/advisories/32817 | third-party-advisoryx_refsource_SECUNIA |
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | vdb-entryx_refsource_XF |
| http://www.securityfocus.com/bid/32440 | vdb-entryx_refsource_BID |
| http://gallery.menalto.com/last_official_G1_releases | x_refsource_CONFIRM |
| http://osvdb.org/50089 | vdb-entryx_refsource_OSVDB |
Date Public
2008-11-21 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T10:49:12.055Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "32817",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/32817"
},
{
"name": "gallery-cookie-security-bypass(46804)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/46804"
},
{
"name": "32440",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/32440"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://gallery.menalto.com/last_official_G1_releases"
},
{
"name": "50089",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/50089"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-11-21T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Gallery 1.5.x before 1.5.10 and 1.6 before 1.6-RC3, when register_globals is enabled, allows remote attackers to bypass authentication and gain administrative via unspecified cookies. NOTE: some of these details are obtained from third party information."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-07T12:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "32817",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/32817"
},
{
"name": "gallery-cookie-security-bypass(46804)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/46804"
},
{
"name": "32440",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/32440"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://gallery.menalto.com/last_official_G1_releases"
},
{
"name": "50089",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/50089"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-5296",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Gallery 1.5.x before 1.5.10 and 1.6 before 1.6-RC3, when register_globals is enabled, allows remote attackers to bypass authentication and gain administrative via unspecified cookies. NOTE: some of these details are obtained from third party information."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "32817",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/32817"
},
{
"name": "gallery-cookie-security-bypass(46804)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/46804"
},
{
"name": "32440",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/32440"
},
{
"name": "http://gallery.menalto.com/last_official_G1_releases",
"refsource": "CONFIRM",
"url": "http://gallery.menalto.com/last_official_G1_releases"
},
{
"name": "50089",
"refsource": "OSVDB",
"url": "http://osvdb.org/50089"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-5296",
"datePublished": "2008-12-01T15:00:00.000Z",
"dateReserved": "2008-12-01T00:00:00.000Z",
"dateUpdated": "2024-08-07T10:49:12.055Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2008-4130 (GCVE-0-2008-4130)
Vulnerability from nvd – Published: 2008-09-18 20:00 – Updated: 2024-08-07 10:08
VLAI
EPSS
VEX
Summary
Cross-site scripting (XSS) vulnerability in Gallery 2.x before 2.2.6 allows remote attackers to inject arbitrary web script or HTML via a crafted Flash animation, related to the ability of the animation to "interact with the embedding page."
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
9 references
| URL | Tags |
|---|---|
| http://security.gentoo.org/glsa/glsa-200811-02.xml | vendor-advisoryx_refsource_GENTOO |
| http://secunia.com/advisories/33144 | third-party-advisoryx_refsource_SECUNIA |
| http://secunia.com/advisories/31858 | third-party-advisoryx_refsource_SECUNIA |
| http://secunia.com/advisories/32662 | third-party-advisoryx_refsource_SECUNIA |
| https://www.redhat.com/archives/fedora-package-an… | vendor-advisoryx_refsource_FEDORA |
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | vdb-entryx_refsource_XF |
| http://www.securityfocus.com/bid/31231 | vdb-entryx_refsource_BID |
| http://gallery.menalto.com/gallery_2.2.6_released | x_refsource_CONFIRM |
| https://www.redhat.com/archives/fedora-package-an… | vendor-advisoryx_refsource_FEDORA |
Date Public
2008-09-18 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T10:08:35.323Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "GLSA-200811-02",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "http://security.gentoo.org/glsa/glsa-200811-02.xml"
},
{
"name": "33144",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/33144"
},
{
"name": "31858",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/31858"
},
{
"name": "32662",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/32662"
},
{
"name": "FEDORA-2008-11258",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-December/msg00832.html"
},
{
"name": "gallery-flashanimations-xss(45227)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45227"
},
{
"name": "31231",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/31231"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://gallery.menalto.com/gallery_2.2.6_released"
},
{
"name": "FEDORA-2008-11230",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-December/msg00794.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-09-18T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in Gallery 2.x before 2.2.6 allows remote attackers to inject arbitrary web script or HTML via a crafted Flash animation, related to the ability of the animation to \"interact with the embedding page.\""
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-07T12:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "GLSA-200811-02",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "http://security.gentoo.org/glsa/glsa-200811-02.xml"
},
{
"name": "33144",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/33144"
},
{
"name": "31858",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/31858"
},
{
"name": "32662",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/32662"
},
{
"name": "FEDORA-2008-11258",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-December/msg00832.html"
},
{
"name": "gallery-flashanimations-xss(45227)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45227"
},
{
"name": "31231",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/31231"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://gallery.menalto.com/gallery_2.2.6_released"
},
{
"name": "FEDORA-2008-11230",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-December/msg00794.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-4130",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in Gallery 2.x before 2.2.6 allows remote attackers to inject arbitrary web script or HTML via a crafted Flash animation, related to the ability of the animation to \"interact with the embedding page.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "GLSA-200811-02",
"refsource": "GENTOO",
"url": "http://security.gentoo.org/glsa/glsa-200811-02.xml"
},
{
"name": "33144",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/33144"
},
{
"name": "31858",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/31858"
},
{
"name": "32662",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/32662"
},
{
"name": "FEDORA-2008-11258",
"refsource": "FEDORA",
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-December/msg00832.html"
},
{
"name": "gallery-flashanimations-xss(45227)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45227"
},
{
"name": "31231",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/31231"
},
{
"name": "http://gallery.menalto.com/gallery_2.2.6_released",
"refsource": "CONFIRM",
"url": "http://gallery.menalto.com/gallery_2.2.6_released"
},
{
"name": "FEDORA-2008-11230",
"refsource": "FEDORA",
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-December/msg00794.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-4130",
"datePublished": "2008-09-18T20:00:00.000Z",
"dateReserved": "2008-09-18T00:00:00.000Z",
"dateUpdated": "2024-08-07T10:08:35.323Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2008-4129 (GCVE-0-2008-4129)
Vulnerability from nvd – Published: 2008-09-18 20:00 – Updated: 2024-08-07 10:08
VLAI
EPSS
VEX
Summary
Gallery before 1.5.9, and 2.x before 2.2.6, does not properly handle ZIP archives containing symbolic links, which allows remote authenticated users to conduct directory traversal attacks and read arbitrary files via vectors related to the archive upload (aka zip upload) functionality.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
10 references
| URL | Tags |
|---|---|
| http://security.gentoo.org/glsa/glsa-200811-02.xml | vendor-advisoryx_refsource_GENTOO |
| http://secunia.com/advisories/33144 | third-party-advisoryx_refsource_SECUNIA |
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | vdb-entryx_refsource_XF |
| http://secunia.com/advisories/31912 | third-party-advisoryx_refsource_SECUNIA |
| http://secunia.com/advisories/32662 | third-party-advisoryx_refsource_SECUNIA |
| https://www.redhat.com/archives/fedora-package-an… | vendor-advisoryx_refsource_FEDORA |
| http://www.securityfocus.com/bid/31231 | vdb-entryx_refsource_BID |
| http://gallery.menalto.com/gallery_2.2.6_released | x_refsource_CONFIRM |
| http://gallery.menalto.com/gallery_1.5.9_released | x_refsource_CONFIRM |
| https://www.redhat.com/archives/fedora-package-an… | vendor-advisoryx_refsource_FEDORA |
Date Public
2008-09-18 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T10:08:34.912Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "GLSA-200811-02",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "http://security.gentoo.org/glsa/glsa-200811-02.xml"
},
{
"name": "33144",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/33144"
},
{
"name": "gallery-ziparchives-information-disclosure(45228)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45228"
},
{
"name": "31912",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/31912"
},
{
"name": "32662",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/32662"
},
{
"name": "FEDORA-2008-11258",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-December/msg00832.html"
},
{
"name": "31231",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/31231"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://gallery.menalto.com/gallery_2.2.6_released"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://gallery.menalto.com/gallery_1.5.9_released"
},
{
"name": "FEDORA-2008-11230",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-December/msg00794.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-09-18T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Gallery before 1.5.9, and 2.x before 2.2.6, does not properly handle ZIP archives containing symbolic links, which allows remote authenticated users to conduct directory traversal attacks and read arbitrary files via vectors related to the archive upload (aka zip upload) functionality."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-07T12:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "GLSA-200811-02",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "http://security.gentoo.org/glsa/glsa-200811-02.xml"
},
{
"name": "33144",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/33144"
},
{
"name": "gallery-ziparchives-information-disclosure(45228)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45228"
},
{
"name": "31912",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/31912"
},
{
"name": "32662",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/32662"
},
{
"name": "FEDORA-2008-11258",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-December/msg00832.html"
},
{
"name": "31231",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/31231"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://gallery.menalto.com/gallery_2.2.6_released"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://gallery.menalto.com/gallery_1.5.9_released"
},
{
"name": "FEDORA-2008-11230",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-December/msg00794.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-4129",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Gallery before 1.5.9, and 2.x before 2.2.6, does not properly handle ZIP archives containing symbolic links, which allows remote authenticated users to conduct directory traversal attacks and read arbitrary files via vectors related to the archive upload (aka zip upload) functionality."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "GLSA-200811-02",
"refsource": "GENTOO",
"url": "http://security.gentoo.org/glsa/glsa-200811-02.xml"
},
{
"name": "33144",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/33144"
},
{
"name": "gallery-ziparchives-information-disclosure(45228)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45228"
},
{
"name": "31912",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/31912"
},
{
"name": "32662",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/32662"
},
{
"name": "FEDORA-2008-11258",
"refsource": "FEDORA",
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-December/msg00832.html"
},
{
"name": "31231",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/31231"
},
{
"name": "http://gallery.menalto.com/gallery_2.2.6_released",
"refsource": "CONFIRM",
"url": "http://gallery.menalto.com/gallery_2.2.6_released"
},
{
"name": "http://gallery.menalto.com/gallery_1.5.9_released",
"refsource": "CONFIRM",
"url": "http://gallery.menalto.com/gallery_1.5.9_released"
},
{
"name": "FEDORA-2008-11230",
"refsource": "FEDORA",
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-December/msg00794.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-4129",
"datePublished": "2008-09-18T20:00:00.000Z",
"dateReserved": "2008-09-18T00:00:00.000Z",
"dateUpdated": "2024-08-07T10:08:34.912Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2008-3662 (GCVE-0-2008-3662)
Vulnerability from nvd – Published: 2008-09-18 18:00 – Updated: 2024-08-07 09:45
VLAI
EPSS
VEX
Summary
Gallery before 1.5.9, and 2.x before 2.2.6, does not set the secure flag for the session cookie in an https session, which can cause the cookie to be sent in http requests and make it easier for remote attackers to capture this cookie.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
11 references
| URL | Tags |
|---|---|
| http://security.gentoo.org/glsa/glsa-200811-02.xml | vendor-advisoryx_refsource_GENTOO |
| http://secunia.com/advisories/33144 | third-party-advisoryx_refsource_SECUNIA |
| http://secunia.com/advisories/32662 | third-party-advisoryx_refsource_SECUNIA |
| https://www.redhat.com/archives/fedora-package-an… | vendor-advisoryx_refsource_FEDORA |
| http://www.securityfocus.com/archive/1/496509/100… | mailing-listx_refsource_BUGTRAQ |
| http://www.securityfocus.com/bid/31231 | vdb-entryx_refsource_BID |
| http://int21.de/cve/CVE-2008-3662-gallery.html | x_refsource_MISC |
| http://gallery.menalto.com/gallery_2.2.6_released | x_refsource_CONFIRM |
| http://gallery.menalto.com/gallery_1.5.9_released | x_refsource_CONFIRM |
| http://seclists.org/fulldisclosure/2008/Sep/0379.html | mailing-listx_refsource_FULLDISC |
| https://www.redhat.com/archives/fedora-package-an… | vendor-advisoryx_refsource_FEDORA |
Date Public
2008-09-18 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T09:45:18.968Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "GLSA-200811-02",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "http://security.gentoo.org/glsa/glsa-200811-02.xml"
},
{
"name": "33144",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/33144"
},
{
"name": "32662",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/32662"
},
{
"name": "FEDORA-2008-11258",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-December/msg00832.html"
},
{
"name": "20080918 menalto gallery: Session hijacking vulnerability, CVE-2008-3662",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/496509/100/0/threaded"
},
{
"name": "31231",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/31231"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://int21.de/cve/CVE-2008-3662-gallery.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://gallery.menalto.com/gallery_2.2.6_released"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://gallery.menalto.com/gallery_1.5.9_released"
},
{
"name": "20080918 menalto gallery: Session hijacking vulnerability, CVE-2008-3662",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2008/Sep/0379.html"
},
{
"name": "FEDORA-2008-11230",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-December/msg00794.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-09-18T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Gallery before 1.5.9, and 2.x before 2.2.6, does not set the secure flag for the session cookie in an https session, which can cause the cookie to be sent in http requests and make it easier for remote attackers to capture this cookie."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-11T19:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "GLSA-200811-02",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "http://security.gentoo.org/glsa/glsa-200811-02.xml"
},
{
"name": "33144",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/33144"
},
{
"name": "32662",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/32662"
},
{
"name": "FEDORA-2008-11258",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-December/msg00832.html"
},
{
"name": "20080918 menalto gallery: Session hijacking vulnerability, CVE-2008-3662",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/496509/100/0/threaded"
},
{
"name": "31231",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/31231"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://int21.de/cve/CVE-2008-3662-gallery.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://gallery.menalto.com/gallery_2.2.6_released"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://gallery.menalto.com/gallery_1.5.9_released"
},
{
"name": "20080918 menalto gallery: Session hijacking vulnerability, CVE-2008-3662",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://seclists.org/fulldisclosure/2008/Sep/0379.html"
},
{
"name": "FEDORA-2008-11230",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-December/msg00794.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-3662",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Gallery before 1.5.9, and 2.x before 2.2.6, does not set the secure flag for the session cookie in an https session, which can cause the cookie to be sent in http requests and make it easier for remote attackers to capture this cookie."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "GLSA-200811-02",
"refsource": "GENTOO",
"url": "http://security.gentoo.org/glsa/glsa-200811-02.xml"
},
{
"name": "33144",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/33144"
},
{
"name": "32662",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/32662"
},
{
"name": "FEDORA-2008-11258",
"refsource": "FEDORA",
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-December/msg00832.html"
},
{
"name": "20080918 menalto gallery: Session hijacking vulnerability, CVE-2008-3662",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/496509/100/0/threaded"
},
{
"name": "31231",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/31231"
},
{
"name": "http://int21.de/cve/CVE-2008-3662-gallery.html",
"refsource": "MISC",
"url": "http://int21.de/cve/CVE-2008-3662-gallery.html"
},
{
"name": "http://gallery.menalto.com/gallery_2.2.6_released",
"refsource": "CONFIRM",
"url": "http://gallery.menalto.com/gallery_2.2.6_released"
},
{
"name": "http://gallery.menalto.com/gallery_1.5.9_released",
"refsource": "CONFIRM",
"url": "http://gallery.menalto.com/gallery_1.5.9_released"
},
{
"name": "20080918 menalto gallery: Session hijacking vulnerability, CVE-2008-3662",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2008/Sep/0379.html"
},
{
"name": "FEDORA-2008-11230",
"refsource": "FEDORA",
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-December/msg00794.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-3662",
"datePublished": "2008-09-18T18:00:00.000Z",
"dateReserved": "2008-08-12T00:00:00.000Z",
"dateUpdated": "2024-08-07T09:45:18.968Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2008-5296 (GCVE-0-2008-5296)
Vulnerability from cvelistv5 – Published: 2008-12-01 15:00 – Updated: 2024-08-07 10:49
VLAI
EPSS
VEX
Summary
Gallery 1.5.x before 1.5.10 and 1.6 before 1.6-RC3, when register_globals is enabled, allows remote attackers to bypass authentication and gain administrative via unspecified cookies. NOTE: some of these details are obtained from third party information.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
5 references
| URL | Tags |
|---|---|
| http://secunia.com/advisories/32817 | third-party-advisoryx_refsource_SECUNIA |
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | vdb-entryx_refsource_XF |
| http://www.securityfocus.com/bid/32440 | vdb-entryx_refsource_BID |
| http://gallery.menalto.com/last_official_G1_releases | x_refsource_CONFIRM |
| http://osvdb.org/50089 | vdb-entryx_refsource_OSVDB |
Date Public
2008-11-21 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T10:49:12.055Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "32817",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/32817"
},
{
"name": "gallery-cookie-security-bypass(46804)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/46804"
},
{
"name": "32440",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/32440"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://gallery.menalto.com/last_official_G1_releases"
},
{
"name": "50089",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/50089"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-11-21T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Gallery 1.5.x before 1.5.10 and 1.6 before 1.6-RC3, when register_globals is enabled, allows remote attackers to bypass authentication and gain administrative via unspecified cookies. NOTE: some of these details are obtained from third party information."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-07T12:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "32817",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/32817"
},
{
"name": "gallery-cookie-security-bypass(46804)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/46804"
},
{
"name": "32440",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/32440"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://gallery.menalto.com/last_official_G1_releases"
},
{
"name": "50089",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/50089"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-5296",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Gallery 1.5.x before 1.5.10 and 1.6 before 1.6-RC3, when register_globals is enabled, allows remote attackers to bypass authentication and gain administrative via unspecified cookies. NOTE: some of these details are obtained from third party information."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "32817",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/32817"
},
{
"name": "gallery-cookie-security-bypass(46804)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/46804"
},
{
"name": "32440",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/32440"
},
{
"name": "http://gallery.menalto.com/last_official_G1_releases",
"refsource": "CONFIRM",
"url": "http://gallery.menalto.com/last_official_G1_releases"
},
{
"name": "50089",
"refsource": "OSVDB",
"url": "http://osvdb.org/50089"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-5296",
"datePublished": "2008-12-01T15:00:00.000Z",
"dateReserved": "2008-12-01T00:00:00.000Z",
"dateUpdated": "2024-08-07T10:49:12.055Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2008-4129 (GCVE-0-2008-4129)
Vulnerability from cvelistv5 – Published: 2008-09-18 20:00 – Updated: 2024-08-07 10:08
VLAI
EPSS
VEX
Summary
Gallery before 1.5.9, and 2.x before 2.2.6, does not properly handle ZIP archives containing symbolic links, which allows remote authenticated users to conduct directory traversal attacks and read arbitrary files via vectors related to the archive upload (aka zip upload) functionality.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
10 references
| URL | Tags |
|---|---|
| http://security.gentoo.org/glsa/glsa-200811-02.xml | vendor-advisoryx_refsource_GENTOO |
| http://secunia.com/advisories/33144 | third-party-advisoryx_refsource_SECUNIA |
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | vdb-entryx_refsource_XF |
| http://secunia.com/advisories/31912 | third-party-advisoryx_refsource_SECUNIA |
| http://secunia.com/advisories/32662 | third-party-advisoryx_refsource_SECUNIA |
| https://www.redhat.com/archives/fedora-package-an… | vendor-advisoryx_refsource_FEDORA |
| http://www.securityfocus.com/bid/31231 | vdb-entryx_refsource_BID |
| http://gallery.menalto.com/gallery_2.2.6_released | x_refsource_CONFIRM |
| http://gallery.menalto.com/gallery_1.5.9_released | x_refsource_CONFIRM |
| https://www.redhat.com/archives/fedora-package-an… | vendor-advisoryx_refsource_FEDORA |
Date Public
2008-09-18 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T10:08:34.912Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "GLSA-200811-02",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "http://security.gentoo.org/glsa/glsa-200811-02.xml"
},
{
"name": "33144",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/33144"
},
{
"name": "gallery-ziparchives-information-disclosure(45228)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45228"
},
{
"name": "31912",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/31912"
},
{
"name": "32662",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/32662"
},
{
"name": "FEDORA-2008-11258",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-December/msg00832.html"
},
{
"name": "31231",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/31231"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://gallery.menalto.com/gallery_2.2.6_released"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://gallery.menalto.com/gallery_1.5.9_released"
},
{
"name": "FEDORA-2008-11230",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-December/msg00794.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-09-18T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Gallery before 1.5.9, and 2.x before 2.2.6, does not properly handle ZIP archives containing symbolic links, which allows remote authenticated users to conduct directory traversal attacks and read arbitrary files via vectors related to the archive upload (aka zip upload) functionality."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-07T12:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "GLSA-200811-02",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "http://security.gentoo.org/glsa/glsa-200811-02.xml"
},
{
"name": "33144",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/33144"
},
{
"name": "gallery-ziparchives-information-disclosure(45228)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45228"
},
{
"name": "31912",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/31912"
},
{
"name": "32662",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/32662"
},
{
"name": "FEDORA-2008-11258",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-December/msg00832.html"
},
{
"name": "31231",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/31231"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://gallery.menalto.com/gallery_2.2.6_released"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://gallery.menalto.com/gallery_1.5.9_released"
},
{
"name": "FEDORA-2008-11230",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-December/msg00794.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-4129",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Gallery before 1.5.9, and 2.x before 2.2.6, does not properly handle ZIP archives containing symbolic links, which allows remote authenticated users to conduct directory traversal attacks and read arbitrary files via vectors related to the archive upload (aka zip upload) functionality."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "GLSA-200811-02",
"refsource": "GENTOO",
"url": "http://security.gentoo.org/glsa/glsa-200811-02.xml"
},
{
"name": "33144",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/33144"
},
{
"name": "gallery-ziparchives-information-disclosure(45228)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45228"
},
{
"name": "31912",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/31912"
},
{
"name": "32662",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/32662"
},
{
"name": "FEDORA-2008-11258",
"refsource": "FEDORA",
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-December/msg00832.html"
},
{
"name": "31231",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/31231"
},
{
"name": "http://gallery.menalto.com/gallery_2.2.6_released",
"refsource": "CONFIRM",
"url": "http://gallery.menalto.com/gallery_2.2.6_released"
},
{
"name": "http://gallery.menalto.com/gallery_1.5.9_released",
"refsource": "CONFIRM",
"url": "http://gallery.menalto.com/gallery_1.5.9_released"
},
{
"name": "FEDORA-2008-11230",
"refsource": "FEDORA",
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-December/msg00794.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-4129",
"datePublished": "2008-09-18T20:00:00.000Z",
"dateReserved": "2008-09-18T00:00:00.000Z",
"dateUpdated": "2024-08-07T10:08:34.912Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2008-4130 (GCVE-0-2008-4130)
Vulnerability from cvelistv5 – Published: 2008-09-18 20:00 – Updated: 2024-08-07 10:08
VLAI
EPSS
VEX
Summary
Cross-site scripting (XSS) vulnerability in Gallery 2.x before 2.2.6 allows remote attackers to inject arbitrary web script or HTML via a crafted Flash animation, related to the ability of the animation to "interact with the embedding page."
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
9 references
| URL | Tags |
|---|---|
| http://security.gentoo.org/glsa/glsa-200811-02.xml | vendor-advisoryx_refsource_GENTOO |
| http://secunia.com/advisories/33144 | third-party-advisoryx_refsource_SECUNIA |
| http://secunia.com/advisories/31858 | third-party-advisoryx_refsource_SECUNIA |
| http://secunia.com/advisories/32662 | third-party-advisoryx_refsource_SECUNIA |
| https://www.redhat.com/archives/fedora-package-an… | vendor-advisoryx_refsource_FEDORA |
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | vdb-entryx_refsource_XF |
| http://www.securityfocus.com/bid/31231 | vdb-entryx_refsource_BID |
| http://gallery.menalto.com/gallery_2.2.6_released | x_refsource_CONFIRM |
| https://www.redhat.com/archives/fedora-package-an… | vendor-advisoryx_refsource_FEDORA |
Date Public
2008-09-18 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T10:08:35.323Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "GLSA-200811-02",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "http://security.gentoo.org/glsa/glsa-200811-02.xml"
},
{
"name": "33144",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/33144"
},
{
"name": "31858",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/31858"
},
{
"name": "32662",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/32662"
},
{
"name": "FEDORA-2008-11258",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-December/msg00832.html"
},
{
"name": "gallery-flashanimations-xss(45227)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45227"
},
{
"name": "31231",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/31231"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://gallery.menalto.com/gallery_2.2.6_released"
},
{
"name": "FEDORA-2008-11230",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-December/msg00794.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-09-18T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in Gallery 2.x before 2.2.6 allows remote attackers to inject arbitrary web script or HTML via a crafted Flash animation, related to the ability of the animation to \"interact with the embedding page.\""
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-07T12:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "GLSA-200811-02",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "http://security.gentoo.org/glsa/glsa-200811-02.xml"
},
{
"name": "33144",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/33144"
},
{
"name": "31858",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/31858"
},
{
"name": "32662",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/32662"
},
{
"name": "FEDORA-2008-11258",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-December/msg00832.html"
},
{
"name": "gallery-flashanimations-xss(45227)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45227"
},
{
"name": "31231",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/31231"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://gallery.menalto.com/gallery_2.2.6_released"
},
{
"name": "FEDORA-2008-11230",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-December/msg00794.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-4130",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in Gallery 2.x before 2.2.6 allows remote attackers to inject arbitrary web script or HTML via a crafted Flash animation, related to the ability of the animation to \"interact with the embedding page.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "GLSA-200811-02",
"refsource": "GENTOO",
"url": "http://security.gentoo.org/glsa/glsa-200811-02.xml"
},
{
"name": "33144",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/33144"
},
{
"name": "31858",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/31858"
},
{
"name": "32662",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/32662"
},
{
"name": "FEDORA-2008-11258",
"refsource": "FEDORA",
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-December/msg00832.html"
},
{
"name": "gallery-flashanimations-xss(45227)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45227"
},
{
"name": "31231",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/31231"
},
{
"name": "http://gallery.menalto.com/gallery_2.2.6_released",
"refsource": "CONFIRM",
"url": "http://gallery.menalto.com/gallery_2.2.6_released"
},
{
"name": "FEDORA-2008-11230",
"refsource": "FEDORA",
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-December/msg00794.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-4130",
"datePublished": "2008-09-18T20:00:00.000Z",
"dateReserved": "2008-09-18T00:00:00.000Z",
"dateUpdated": "2024-08-07T10:08:35.323Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2008-3662 (GCVE-0-2008-3662)
Vulnerability from cvelistv5 – Published: 2008-09-18 18:00 – Updated: 2024-08-07 09:45
VLAI
EPSS
VEX
Summary
Gallery before 1.5.9, and 2.x before 2.2.6, does not set the secure flag for the session cookie in an https session, which can cause the cookie to be sent in http requests and make it easier for remote attackers to capture this cookie.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
11 references
| URL | Tags |
|---|---|
| http://security.gentoo.org/glsa/glsa-200811-02.xml | vendor-advisoryx_refsource_GENTOO |
| http://secunia.com/advisories/33144 | third-party-advisoryx_refsource_SECUNIA |
| http://secunia.com/advisories/32662 | third-party-advisoryx_refsource_SECUNIA |
| https://www.redhat.com/archives/fedora-package-an… | vendor-advisoryx_refsource_FEDORA |
| http://www.securityfocus.com/archive/1/496509/100… | mailing-listx_refsource_BUGTRAQ |
| http://www.securityfocus.com/bid/31231 | vdb-entryx_refsource_BID |
| http://int21.de/cve/CVE-2008-3662-gallery.html | x_refsource_MISC |
| http://gallery.menalto.com/gallery_2.2.6_released | x_refsource_CONFIRM |
| http://gallery.menalto.com/gallery_1.5.9_released | x_refsource_CONFIRM |
| http://seclists.org/fulldisclosure/2008/Sep/0379.html | mailing-listx_refsource_FULLDISC |
| https://www.redhat.com/archives/fedora-package-an… | vendor-advisoryx_refsource_FEDORA |
Date Public
2008-09-18 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T09:45:18.968Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "GLSA-200811-02",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "http://security.gentoo.org/glsa/glsa-200811-02.xml"
},
{
"name": "33144",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/33144"
},
{
"name": "32662",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/32662"
},
{
"name": "FEDORA-2008-11258",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-December/msg00832.html"
},
{
"name": "20080918 menalto gallery: Session hijacking vulnerability, CVE-2008-3662",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/496509/100/0/threaded"
},
{
"name": "31231",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/31231"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://int21.de/cve/CVE-2008-3662-gallery.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://gallery.menalto.com/gallery_2.2.6_released"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://gallery.menalto.com/gallery_1.5.9_released"
},
{
"name": "20080918 menalto gallery: Session hijacking vulnerability, CVE-2008-3662",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2008/Sep/0379.html"
},
{
"name": "FEDORA-2008-11230",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-December/msg00794.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-09-18T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Gallery before 1.5.9, and 2.x before 2.2.6, does not set the secure flag for the session cookie in an https session, which can cause the cookie to be sent in http requests and make it easier for remote attackers to capture this cookie."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-11T19:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "GLSA-200811-02",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "http://security.gentoo.org/glsa/glsa-200811-02.xml"
},
{
"name": "33144",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/33144"
},
{
"name": "32662",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/32662"
},
{
"name": "FEDORA-2008-11258",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-December/msg00832.html"
},
{
"name": "20080918 menalto gallery: Session hijacking vulnerability, CVE-2008-3662",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/496509/100/0/threaded"
},
{
"name": "31231",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/31231"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://int21.de/cve/CVE-2008-3662-gallery.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://gallery.menalto.com/gallery_2.2.6_released"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://gallery.menalto.com/gallery_1.5.9_released"
},
{
"name": "20080918 menalto gallery: Session hijacking vulnerability, CVE-2008-3662",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://seclists.org/fulldisclosure/2008/Sep/0379.html"
},
{
"name": "FEDORA-2008-11230",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-December/msg00794.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-3662",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Gallery before 1.5.9, and 2.x before 2.2.6, does not set the secure flag for the session cookie in an https session, which can cause the cookie to be sent in http requests and make it easier for remote attackers to capture this cookie."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "GLSA-200811-02",
"refsource": "GENTOO",
"url": "http://security.gentoo.org/glsa/glsa-200811-02.xml"
},
{
"name": "33144",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/33144"
},
{
"name": "32662",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/32662"
},
{
"name": "FEDORA-2008-11258",
"refsource": "FEDORA",
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-December/msg00832.html"
},
{
"name": "20080918 menalto gallery: Session hijacking vulnerability, CVE-2008-3662",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/496509/100/0/threaded"
},
{
"name": "31231",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/31231"
},
{
"name": "http://int21.de/cve/CVE-2008-3662-gallery.html",
"refsource": "MISC",
"url": "http://int21.de/cve/CVE-2008-3662-gallery.html"
},
{
"name": "http://gallery.menalto.com/gallery_2.2.6_released",
"refsource": "CONFIRM",
"url": "http://gallery.menalto.com/gallery_2.2.6_released"
},
{
"name": "http://gallery.menalto.com/gallery_1.5.9_released",
"refsource": "CONFIRM",
"url": "http://gallery.menalto.com/gallery_1.5.9_released"
},
{
"name": "20080918 menalto gallery: Session hijacking vulnerability, CVE-2008-3662",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2008/Sep/0379.html"
},
{
"name": "FEDORA-2008-11230",
"refsource": "FEDORA",
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-December/msg00794.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-3662",
"datePublished": "2008-09-18T18:00:00.000Z",
"dateReserved": "2008-08-12T00:00:00.000Z",
"dateUpdated": "2024-08-07T09:45:18.968Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}