Search

Find a vulnerability

Search criteria

    8 vulnerabilities by gallery

    CVE-2008-5296 (GCVE-0-2008-5296)

    Vulnerability from nvd – Published: 2008-12-01 15:00 – Updated: 2024-08-07 10:49
    VLAI
    Summary
    Gallery 1.5.x before 1.5.10 and 1.6 before 1.6-RC3, when register_globals is enabled, allows remote attackers to bypass authentication and gain administrative via unspecified cookies. NOTE: some of these details are obtained from third party information.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://secunia.com/advisories/32817 third-party-advisoryx_refsource_SECUNIA
    https://exchange.xforce.ibmcloud.com/vulnerabilit… vdb-entryx_refsource_XF
    http://www.securityfocus.com/bid/32440 vdb-entryx_refsource_BID
    http://gallery.menalto.com/last_official_G1_releases x_refsource_CONFIRM
    http://osvdb.org/50089 vdb-entryx_refsource_OSVDB
    Date Public
    2008-11-21 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-07T10:49:12.055Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "32817",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/32817"
              },
              {
                "name": "gallery-cookie-security-bypass(46804)",
                "tags": [
                  "vdb-entry",
                  "x_refsource_XF",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/46804"
              },
              {
                "name": "32440",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/32440"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://gallery.menalto.com/last_official_G1_releases"
              },
              {
                "name": "50089",
                "tags": [
                  "vdb-entry",
                  "x_refsource_OSVDB",
                  "x_transferred"
                ],
                "url": "http://osvdb.org/50089"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2008-11-21T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Gallery 1.5.x before 1.5.10 and 1.6 before 1.6-RC3, when register_globals is enabled, allows remote attackers to bypass authentication and gain administrative via unspecified cookies.  NOTE: some of these details are obtained from third party information."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2017-08-07T12:57:01.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "32817",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/32817"
            },
            {
              "name": "gallery-cookie-security-bypass(46804)",
              "tags": [
                "vdb-entry",
                "x_refsource_XF"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/46804"
            },
            {
              "name": "32440",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/32440"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://gallery.menalto.com/last_official_G1_releases"
            },
            {
              "name": "50089",
              "tags": [
                "vdb-entry",
                "x_refsource_OSVDB"
              ],
              "url": "http://osvdb.org/50089"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2008-5296",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Gallery 1.5.x before 1.5.10 and 1.6 before 1.6-RC3, when register_globals is enabled, allows remote attackers to bypass authentication and gain administrative via unspecified cookies.  NOTE: some of these details are obtained from third party information."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "32817",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/32817"
                },
                {
                  "name": "gallery-cookie-security-bypass(46804)",
                  "refsource": "XF",
                  "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/46804"
                },
                {
                  "name": "32440",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/32440"
                },
                {
                  "name": "http://gallery.menalto.com/last_official_G1_releases",
                  "refsource": "CONFIRM",
                  "url": "http://gallery.menalto.com/last_official_G1_releases"
                },
                {
                  "name": "50089",
                  "refsource": "OSVDB",
                  "url": "http://osvdb.org/50089"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2008-5296",
        "datePublished": "2008-12-01T15:00:00.000Z",
        "dateReserved": "2008-12-01T00:00:00.000Z",
        "dateUpdated": "2024-08-07T10:49:12.055Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2008-4130 (GCVE-0-2008-4130)

    Vulnerability from nvd – Published: 2008-09-18 20:00 – Updated: 2024-08-07 10:08
    VLAI
    Summary
    Cross-site scripting (XSS) vulnerability in Gallery 2.x before 2.2.6 allows remote attackers to inject arbitrary web script or HTML via a crafted Flash animation, related to the ability of the animation to "interact with the embedding page."
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://security.gentoo.org/glsa/glsa-200811-02.xml vendor-advisoryx_refsource_GENTOO
    http://secunia.com/advisories/33144 third-party-advisoryx_refsource_SECUNIA
    http://secunia.com/advisories/31858 third-party-advisoryx_refsource_SECUNIA
    http://secunia.com/advisories/32662 third-party-advisoryx_refsource_SECUNIA
    https://www.redhat.com/archives/fedora-package-an… vendor-advisoryx_refsource_FEDORA
    https://exchange.xforce.ibmcloud.com/vulnerabilit… vdb-entryx_refsource_XF
    http://www.securityfocus.com/bid/31231 vdb-entryx_refsource_BID
    http://gallery.menalto.com/gallery_2.2.6_released x_refsource_CONFIRM
    https://www.redhat.com/archives/fedora-package-an… vendor-advisoryx_refsource_FEDORA
    Date Public
    2008-09-18 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-07T10:08:35.323Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "GLSA-200811-02",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_GENTOO",
                  "x_transferred"
                ],
                "url": "http://security.gentoo.org/glsa/glsa-200811-02.xml"
              },
              {
                "name": "33144",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/33144"
              },
              {
                "name": "31858",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/31858"
              },
              {
                "name": "32662",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/32662"
              },
              {
                "name": "FEDORA-2008-11258",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_FEDORA",
                  "x_transferred"
                ],
                "url": "https://www.redhat.com/archives/fedora-package-announce/2008-December/msg00832.html"
              },
              {
                "name": "gallery-flashanimations-xss(45227)",
                "tags": [
                  "vdb-entry",
                  "x_refsource_XF",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45227"
              },
              {
                "name": "31231",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/31231"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://gallery.menalto.com/gallery_2.2.6_released"
              },
              {
                "name": "FEDORA-2008-11230",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_FEDORA",
                  "x_transferred"
                ],
                "url": "https://www.redhat.com/archives/fedora-package-announce/2008-December/msg00794.html"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2008-09-18T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Cross-site scripting (XSS) vulnerability in Gallery 2.x before 2.2.6 allows remote attackers to inject arbitrary web script or HTML via a crafted Flash animation, related to the ability of the animation to \"interact with the embedding page.\""
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2017-08-07T12:57:01.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "GLSA-200811-02",
              "tags": [
                "vendor-advisory",
                "x_refsource_GENTOO"
              ],
              "url": "http://security.gentoo.org/glsa/glsa-200811-02.xml"
            },
            {
              "name": "33144",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/33144"
            },
            {
              "name": "31858",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/31858"
            },
            {
              "name": "32662",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/32662"
            },
            {
              "name": "FEDORA-2008-11258",
              "tags": [
                "vendor-advisory",
                "x_refsource_FEDORA"
              ],
              "url": "https://www.redhat.com/archives/fedora-package-announce/2008-December/msg00832.html"
            },
            {
              "name": "gallery-flashanimations-xss(45227)",
              "tags": [
                "vdb-entry",
                "x_refsource_XF"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45227"
            },
            {
              "name": "31231",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/31231"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://gallery.menalto.com/gallery_2.2.6_released"
            },
            {
              "name": "FEDORA-2008-11230",
              "tags": [
                "vendor-advisory",
                "x_refsource_FEDORA"
              ],
              "url": "https://www.redhat.com/archives/fedora-package-announce/2008-December/msg00794.html"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2008-4130",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Cross-site scripting (XSS) vulnerability in Gallery 2.x before 2.2.6 allows remote attackers to inject arbitrary web script or HTML via a crafted Flash animation, related to the ability of the animation to \"interact with the embedding page.\""
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "GLSA-200811-02",
                  "refsource": "GENTOO",
                  "url": "http://security.gentoo.org/glsa/glsa-200811-02.xml"
                },
                {
                  "name": "33144",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/33144"
                },
                {
                  "name": "31858",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/31858"
                },
                {
                  "name": "32662",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/32662"
                },
                {
                  "name": "FEDORA-2008-11258",
                  "refsource": "FEDORA",
                  "url": "https://www.redhat.com/archives/fedora-package-announce/2008-December/msg00832.html"
                },
                {
                  "name": "gallery-flashanimations-xss(45227)",
                  "refsource": "XF",
                  "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45227"
                },
                {
                  "name": "31231",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/31231"
                },
                {
                  "name": "http://gallery.menalto.com/gallery_2.2.6_released",
                  "refsource": "CONFIRM",
                  "url": "http://gallery.menalto.com/gallery_2.2.6_released"
                },
                {
                  "name": "FEDORA-2008-11230",
                  "refsource": "FEDORA",
                  "url": "https://www.redhat.com/archives/fedora-package-announce/2008-December/msg00794.html"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2008-4130",
        "datePublished": "2008-09-18T20:00:00.000Z",
        "dateReserved": "2008-09-18T00:00:00.000Z",
        "dateUpdated": "2024-08-07T10:08:35.323Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2008-4129 (GCVE-0-2008-4129)

    Vulnerability from nvd – Published: 2008-09-18 20:00 – Updated: 2024-08-07 10:08
    VLAI
    Summary
    Gallery before 1.5.9, and 2.x before 2.2.6, does not properly handle ZIP archives containing symbolic links, which allows remote authenticated users to conduct directory traversal attacks and read arbitrary files via vectors related to the archive upload (aka zip upload) functionality.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://security.gentoo.org/glsa/glsa-200811-02.xml vendor-advisoryx_refsource_GENTOO
    http://secunia.com/advisories/33144 third-party-advisoryx_refsource_SECUNIA
    https://exchange.xforce.ibmcloud.com/vulnerabilit… vdb-entryx_refsource_XF
    http://secunia.com/advisories/31912 third-party-advisoryx_refsource_SECUNIA
    http://secunia.com/advisories/32662 third-party-advisoryx_refsource_SECUNIA
    https://www.redhat.com/archives/fedora-package-an… vendor-advisoryx_refsource_FEDORA
    http://www.securityfocus.com/bid/31231 vdb-entryx_refsource_BID
    http://gallery.menalto.com/gallery_2.2.6_released x_refsource_CONFIRM
    http://gallery.menalto.com/gallery_1.5.9_released x_refsource_CONFIRM
    https://www.redhat.com/archives/fedora-package-an… vendor-advisoryx_refsource_FEDORA
    Date Public
    2008-09-18 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-07T10:08:34.912Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "GLSA-200811-02",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_GENTOO",
                  "x_transferred"
                ],
                "url": "http://security.gentoo.org/glsa/glsa-200811-02.xml"
              },
              {
                "name": "33144",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/33144"
              },
              {
                "name": "gallery-ziparchives-information-disclosure(45228)",
                "tags": [
                  "vdb-entry",
                  "x_refsource_XF",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45228"
              },
              {
                "name": "31912",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/31912"
              },
              {
                "name": "32662",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/32662"
              },
              {
                "name": "FEDORA-2008-11258",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_FEDORA",
                  "x_transferred"
                ],
                "url": "https://www.redhat.com/archives/fedora-package-announce/2008-December/msg00832.html"
              },
              {
                "name": "31231",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/31231"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://gallery.menalto.com/gallery_2.2.6_released"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://gallery.menalto.com/gallery_1.5.9_released"
              },
              {
                "name": "FEDORA-2008-11230",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_FEDORA",
                  "x_transferred"
                ],
                "url": "https://www.redhat.com/archives/fedora-package-announce/2008-December/msg00794.html"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2008-09-18T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Gallery before 1.5.9, and 2.x before 2.2.6, does not properly handle ZIP archives containing symbolic links, which allows remote authenticated users to conduct directory traversal attacks and read arbitrary files via vectors related to the archive upload (aka zip upload) functionality."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2017-08-07T12:57:01.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "GLSA-200811-02",
              "tags": [
                "vendor-advisory",
                "x_refsource_GENTOO"
              ],
              "url": "http://security.gentoo.org/glsa/glsa-200811-02.xml"
            },
            {
              "name": "33144",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/33144"
            },
            {
              "name": "gallery-ziparchives-information-disclosure(45228)",
              "tags": [
                "vdb-entry",
                "x_refsource_XF"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45228"
            },
            {
              "name": "31912",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/31912"
            },
            {
              "name": "32662",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/32662"
            },
            {
              "name": "FEDORA-2008-11258",
              "tags": [
                "vendor-advisory",
                "x_refsource_FEDORA"
              ],
              "url": "https://www.redhat.com/archives/fedora-package-announce/2008-December/msg00832.html"
            },
            {
              "name": "31231",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/31231"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://gallery.menalto.com/gallery_2.2.6_released"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://gallery.menalto.com/gallery_1.5.9_released"
            },
            {
              "name": "FEDORA-2008-11230",
              "tags": [
                "vendor-advisory",
                "x_refsource_FEDORA"
              ],
              "url": "https://www.redhat.com/archives/fedora-package-announce/2008-December/msg00794.html"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2008-4129",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Gallery before 1.5.9, and 2.x before 2.2.6, does not properly handle ZIP archives containing symbolic links, which allows remote authenticated users to conduct directory traversal attacks and read arbitrary files via vectors related to the archive upload (aka zip upload) functionality."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "GLSA-200811-02",
                  "refsource": "GENTOO",
                  "url": "http://security.gentoo.org/glsa/glsa-200811-02.xml"
                },
                {
                  "name": "33144",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/33144"
                },
                {
                  "name": "gallery-ziparchives-information-disclosure(45228)",
                  "refsource": "XF",
                  "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45228"
                },
                {
                  "name": "31912",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/31912"
                },
                {
                  "name": "32662",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/32662"
                },
                {
                  "name": "FEDORA-2008-11258",
                  "refsource": "FEDORA",
                  "url": "https://www.redhat.com/archives/fedora-package-announce/2008-December/msg00832.html"
                },
                {
                  "name": "31231",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/31231"
                },
                {
                  "name": "http://gallery.menalto.com/gallery_2.2.6_released",
                  "refsource": "CONFIRM",
                  "url": "http://gallery.menalto.com/gallery_2.2.6_released"
                },
                {
                  "name": "http://gallery.menalto.com/gallery_1.5.9_released",
                  "refsource": "CONFIRM",
                  "url": "http://gallery.menalto.com/gallery_1.5.9_released"
                },
                {
                  "name": "FEDORA-2008-11230",
                  "refsource": "FEDORA",
                  "url": "https://www.redhat.com/archives/fedora-package-announce/2008-December/msg00794.html"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2008-4129",
        "datePublished": "2008-09-18T20:00:00.000Z",
        "dateReserved": "2008-09-18T00:00:00.000Z",
        "dateUpdated": "2024-08-07T10:08:34.912Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2008-3662 (GCVE-0-2008-3662)

    Vulnerability from nvd – Published: 2008-09-18 18:00 – Updated: 2024-08-07 09:45
    VLAI
    Summary
    Gallery before 1.5.9, and 2.x before 2.2.6, does not set the secure flag for the session cookie in an https session, which can cause the cookie to be sent in http requests and make it easier for remote attackers to capture this cookie.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://security.gentoo.org/glsa/glsa-200811-02.xml vendor-advisoryx_refsource_GENTOO
    http://secunia.com/advisories/33144 third-party-advisoryx_refsource_SECUNIA
    http://secunia.com/advisories/32662 third-party-advisoryx_refsource_SECUNIA
    https://www.redhat.com/archives/fedora-package-an… vendor-advisoryx_refsource_FEDORA
    http://www.securityfocus.com/archive/1/496509/100… mailing-listx_refsource_BUGTRAQ
    http://www.securityfocus.com/bid/31231 vdb-entryx_refsource_BID
    http://int21.de/cve/CVE-2008-3662-gallery.html x_refsource_MISC
    http://gallery.menalto.com/gallery_2.2.6_released x_refsource_CONFIRM
    http://gallery.menalto.com/gallery_1.5.9_released x_refsource_CONFIRM
    http://seclists.org/fulldisclosure/2008/Sep/0379.html mailing-listx_refsource_FULLDISC
    https://www.redhat.com/archives/fedora-package-an… vendor-advisoryx_refsource_FEDORA
    Date Public
    2008-09-18 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-07T09:45:18.968Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "GLSA-200811-02",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_GENTOO",
                  "x_transferred"
                ],
                "url": "http://security.gentoo.org/glsa/glsa-200811-02.xml"
              },
              {
                "name": "33144",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/33144"
              },
              {
                "name": "32662",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/32662"
              },
              {
                "name": "FEDORA-2008-11258",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_FEDORA",
                  "x_transferred"
                ],
                "url": "https://www.redhat.com/archives/fedora-package-announce/2008-December/msg00832.html"
              },
              {
                "name": "20080918 menalto gallery: Session hijacking vulnerability, CVE-2008-3662",
                "tags": [
                  "mailing-list",
                  "x_refsource_BUGTRAQ",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/archive/1/496509/100/0/threaded"
              },
              {
                "name": "31231",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/31231"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://int21.de/cve/CVE-2008-3662-gallery.html"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://gallery.menalto.com/gallery_2.2.6_released"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://gallery.menalto.com/gallery_1.5.9_released"
              },
              {
                "name": "20080918 menalto gallery: Session hijacking vulnerability, CVE-2008-3662",
                "tags": [
                  "mailing-list",
                  "x_refsource_FULLDISC",
                  "x_transferred"
                ],
                "url": "http://seclists.org/fulldisclosure/2008/Sep/0379.html"
              },
              {
                "name": "FEDORA-2008-11230",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_FEDORA",
                  "x_transferred"
                ],
                "url": "https://www.redhat.com/archives/fedora-package-announce/2008-December/msg00794.html"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2008-09-18T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Gallery before 1.5.9, and 2.x before 2.2.6, does not set the secure flag for the session cookie in an https session, which can cause the cookie to be sent in http requests and make it easier for remote attackers to capture this cookie."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-10-11T19:57:01.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "GLSA-200811-02",
              "tags": [
                "vendor-advisory",
                "x_refsource_GENTOO"
              ],
              "url": "http://security.gentoo.org/glsa/glsa-200811-02.xml"
            },
            {
              "name": "33144",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/33144"
            },
            {
              "name": "32662",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/32662"
            },
            {
              "name": "FEDORA-2008-11258",
              "tags": [
                "vendor-advisory",
                "x_refsource_FEDORA"
              ],
              "url": "https://www.redhat.com/archives/fedora-package-announce/2008-December/msg00832.html"
            },
            {
              "name": "20080918 menalto gallery: Session hijacking vulnerability, CVE-2008-3662",
              "tags": [
                "mailing-list",
                "x_refsource_BUGTRAQ"
              ],
              "url": "http://www.securityfocus.com/archive/1/496509/100/0/threaded"
            },
            {
              "name": "31231",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/31231"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://int21.de/cve/CVE-2008-3662-gallery.html"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://gallery.menalto.com/gallery_2.2.6_released"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://gallery.menalto.com/gallery_1.5.9_released"
            },
            {
              "name": "20080918 menalto gallery: Session hijacking vulnerability, CVE-2008-3662",
              "tags": [
                "mailing-list",
                "x_refsource_FULLDISC"
              ],
              "url": "http://seclists.org/fulldisclosure/2008/Sep/0379.html"
            },
            {
              "name": "FEDORA-2008-11230",
              "tags": [
                "vendor-advisory",
                "x_refsource_FEDORA"
              ],
              "url": "https://www.redhat.com/archives/fedora-package-announce/2008-December/msg00794.html"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2008-3662",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Gallery before 1.5.9, and 2.x before 2.2.6, does not set the secure flag for the session cookie in an https session, which can cause the cookie to be sent in http requests and make it easier for remote attackers to capture this cookie."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "GLSA-200811-02",
                  "refsource": "GENTOO",
                  "url": "http://security.gentoo.org/glsa/glsa-200811-02.xml"
                },
                {
                  "name": "33144",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/33144"
                },
                {
                  "name": "32662",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/32662"
                },
                {
                  "name": "FEDORA-2008-11258",
                  "refsource": "FEDORA",
                  "url": "https://www.redhat.com/archives/fedora-package-announce/2008-December/msg00832.html"
                },
                {
                  "name": "20080918 menalto gallery: Session hijacking vulnerability, CVE-2008-3662",
                  "refsource": "BUGTRAQ",
                  "url": "http://www.securityfocus.com/archive/1/496509/100/0/threaded"
                },
                {
                  "name": "31231",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/31231"
                },
                {
                  "name": "http://int21.de/cve/CVE-2008-3662-gallery.html",
                  "refsource": "MISC",
                  "url": "http://int21.de/cve/CVE-2008-3662-gallery.html"
                },
                {
                  "name": "http://gallery.menalto.com/gallery_2.2.6_released",
                  "refsource": "CONFIRM",
                  "url": "http://gallery.menalto.com/gallery_2.2.6_released"
                },
                {
                  "name": "http://gallery.menalto.com/gallery_1.5.9_released",
                  "refsource": "CONFIRM",
                  "url": "http://gallery.menalto.com/gallery_1.5.9_released"
                },
                {
                  "name": "20080918 menalto gallery: Session hijacking vulnerability, CVE-2008-3662",
                  "refsource": "FULLDISC",
                  "url": "http://seclists.org/fulldisclosure/2008/Sep/0379.html"
                },
                {
                  "name": "FEDORA-2008-11230",
                  "refsource": "FEDORA",
                  "url": "https://www.redhat.com/archives/fedora-package-announce/2008-December/msg00794.html"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2008-3662",
        "datePublished": "2008-09-18T18:00:00.000Z",
        "dateReserved": "2008-08-12T00:00:00.000Z",
        "dateUpdated": "2024-08-07T09:45:18.968Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2008-5296 (GCVE-0-2008-5296)

    Vulnerability from cvelistv5 – Published: 2008-12-01 15:00 – Updated: 2024-08-07 10:49
    VLAI
    Summary
    Gallery 1.5.x before 1.5.10 and 1.6 before 1.6-RC3, when register_globals is enabled, allows remote attackers to bypass authentication and gain administrative via unspecified cookies. NOTE: some of these details are obtained from third party information.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://secunia.com/advisories/32817 third-party-advisoryx_refsource_SECUNIA
    https://exchange.xforce.ibmcloud.com/vulnerabilit… vdb-entryx_refsource_XF
    http://www.securityfocus.com/bid/32440 vdb-entryx_refsource_BID
    http://gallery.menalto.com/last_official_G1_releases x_refsource_CONFIRM
    http://osvdb.org/50089 vdb-entryx_refsource_OSVDB
    Date Public
    2008-11-21 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-07T10:49:12.055Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "32817",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/32817"
              },
              {
                "name": "gallery-cookie-security-bypass(46804)",
                "tags": [
                  "vdb-entry",
                  "x_refsource_XF",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/46804"
              },
              {
                "name": "32440",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/32440"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://gallery.menalto.com/last_official_G1_releases"
              },
              {
                "name": "50089",
                "tags": [
                  "vdb-entry",
                  "x_refsource_OSVDB",
                  "x_transferred"
                ],
                "url": "http://osvdb.org/50089"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2008-11-21T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Gallery 1.5.x before 1.5.10 and 1.6 before 1.6-RC3, when register_globals is enabled, allows remote attackers to bypass authentication and gain administrative via unspecified cookies.  NOTE: some of these details are obtained from third party information."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2017-08-07T12:57:01.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "32817",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/32817"
            },
            {
              "name": "gallery-cookie-security-bypass(46804)",
              "tags": [
                "vdb-entry",
                "x_refsource_XF"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/46804"
            },
            {
              "name": "32440",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/32440"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://gallery.menalto.com/last_official_G1_releases"
            },
            {
              "name": "50089",
              "tags": [
                "vdb-entry",
                "x_refsource_OSVDB"
              ],
              "url": "http://osvdb.org/50089"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2008-5296",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Gallery 1.5.x before 1.5.10 and 1.6 before 1.6-RC3, when register_globals is enabled, allows remote attackers to bypass authentication and gain administrative via unspecified cookies.  NOTE: some of these details are obtained from third party information."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "32817",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/32817"
                },
                {
                  "name": "gallery-cookie-security-bypass(46804)",
                  "refsource": "XF",
                  "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/46804"
                },
                {
                  "name": "32440",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/32440"
                },
                {
                  "name": "http://gallery.menalto.com/last_official_G1_releases",
                  "refsource": "CONFIRM",
                  "url": "http://gallery.menalto.com/last_official_G1_releases"
                },
                {
                  "name": "50089",
                  "refsource": "OSVDB",
                  "url": "http://osvdb.org/50089"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2008-5296",
        "datePublished": "2008-12-01T15:00:00.000Z",
        "dateReserved": "2008-12-01T00:00:00.000Z",
        "dateUpdated": "2024-08-07T10:49:12.055Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2008-4129 (GCVE-0-2008-4129)

    Vulnerability from cvelistv5 – Published: 2008-09-18 20:00 – Updated: 2024-08-07 10:08
    VLAI
    Summary
    Gallery before 1.5.9, and 2.x before 2.2.6, does not properly handle ZIP archives containing symbolic links, which allows remote authenticated users to conduct directory traversal attacks and read arbitrary files via vectors related to the archive upload (aka zip upload) functionality.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://security.gentoo.org/glsa/glsa-200811-02.xml vendor-advisoryx_refsource_GENTOO
    http://secunia.com/advisories/33144 third-party-advisoryx_refsource_SECUNIA
    https://exchange.xforce.ibmcloud.com/vulnerabilit… vdb-entryx_refsource_XF
    http://secunia.com/advisories/31912 third-party-advisoryx_refsource_SECUNIA
    http://secunia.com/advisories/32662 third-party-advisoryx_refsource_SECUNIA
    https://www.redhat.com/archives/fedora-package-an… vendor-advisoryx_refsource_FEDORA
    http://www.securityfocus.com/bid/31231 vdb-entryx_refsource_BID
    http://gallery.menalto.com/gallery_2.2.6_released x_refsource_CONFIRM
    http://gallery.menalto.com/gallery_1.5.9_released x_refsource_CONFIRM
    https://www.redhat.com/archives/fedora-package-an… vendor-advisoryx_refsource_FEDORA
    Date Public
    2008-09-18 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-07T10:08:34.912Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "GLSA-200811-02",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_GENTOO",
                  "x_transferred"
                ],
                "url": "http://security.gentoo.org/glsa/glsa-200811-02.xml"
              },
              {
                "name": "33144",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/33144"
              },
              {
                "name": "gallery-ziparchives-information-disclosure(45228)",
                "tags": [
                  "vdb-entry",
                  "x_refsource_XF",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45228"
              },
              {
                "name": "31912",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/31912"
              },
              {
                "name": "32662",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/32662"
              },
              {
                "name": "FEDORA-2008-11258",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_FEDORA",
                  "x_transferred"
                ],
                "url": "https://www.redhat.com/archives/fedora-package-announce/2008-December/msg00832.html"
              },
              {
                "name": "31231",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/31231"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://gallery.menalto.com/gallery_2.2.6_released"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://gallery.menalto.com/gallery_1.5.9_released"
              },
              {
                "name": "FEDORA-2008-11230",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_FEDORA",
                  "x_transferred"
                ],
                "url": "https://www.redhat.com/archives/fedora-package-announce/2008-December/msg00794.html"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2008-09-18T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Gallery before 1.5.9, and 2.x before 2.2.6, does not properly handle ZIP archives containing symbolic links, which allows remote authenticated users to conduct directory traversal attacks and read arbitrary files via vectors related to the archive upload (aka zip upload) functionality."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2017-08-07T12:57:01.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "GLSA-200811-02",
              "tags": [
                "vendor-advisory",
                "x_refsource_GENTOO"
              ],
              "url": "http://security.gentoo.org/glsa/glsa-200811-02.xml"
            },
            {
              "name": "33144",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/33144"
            },
            {
              "name": "gallery-ziparchives-information-disclosure(45228)",
              "tags": [
                "vdb-entry",
                "x_refsource_XF"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45228"
            },
            {
              "name": "31912",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/31912"
            },
            {
              "name": "32662",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/32662"
            },
            {
              "name": "FEDORA-2008-11258",
              "tags": [
                "vendor-advisory",
                "x_refsource_FEDORA"
              ],
              "url": "https://www.redhat.com/archives/fedora-package-announce/2008-December/msg00832.html"
            },
            {
              "name": "31231",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/31231"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://gallery.menalto.com/gallery_2.2.6_released"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://gallery.menalto.com/gallery_1.5.9_released"
            },
            {
              "name": "FEDORA-2008-11230",
              "tags": [
                "vendor-advisory",
                "x_refsource_FEDORA"
              ],
              "url": "https://www.redhat.com/archives/fedora-package-announce/2008-December/msg00794.html"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2008-4129",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Gallery before 1.5.9, and 2.x before 2.2.6, does not properly handle ZIP archives containing symbolic links, which allows remote authenticated users to conduct directory traversal attacks and read arbitrary files via vectors related to the archive upload (aka zip upload) functionality."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "GLSA-200811-02",
                  "refsource": "GENTOO",
                  "url": "http://security.gentoo.org/glsa/glsa-200811-02.xml"
                },
                {
                  "name": "33144",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/33144"
                },
                {
                  "name": "gallery-ziparchives-information-disclosure(45228)",
                  "refsource": "XF",
                  "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45228"
                },
                {
                  "name": "31912",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/31912"
                },
                {
                  "name": "32662",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/32662"
                },
                {
                  "name": "FEDORA-2008-11258",
                  "refsource": "FEDORA",
                  "url": "https://www.redhat.com/archives/fedora-package-announce/2008-December/msg00832.html"
                },
                {
                  "name": "31231",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/31231"
                },
                {
                  "name": "http://gallery.menalto.com/gallery_2.2.6_released",
                  "refsource": "CONFIRM",
                  "url": "http://gallery.menalto.com/gallery_2.2.6_released"
                },
                {
                  "name": "http://gallery.menalto.com/gallery_1.5.9_released",
                  "refsource": "CONFIRM",
                  "url": "http://gallery.menalto.com/gallery_1.5.9_released"
                },
                {
                  "name": "FEDORA-2008-11230",
                  "refsource": "FEDORA",
                  "url": "https://www.redhat.com/archives/fedora-package-announce/2008-December/msg00794.html"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2008-4129",
        "datePublished": "2008-09-18T20:00:00.000Z",
        "dateReserved": "2008-09-18T00:00:00.000Z",
        "dateUpdated": "2024-08-07T10:08:34.912Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2008-4130 (GCVE-0-2008-4130)

    Vulnerability from cvelistv5 – Published: 2008-09-18 20:00 – Updated: 2024-08-07 10:08
    VLAI
    Summary
    Cross-site scripting (XSS) vulnerability in Gallery 2.x before 2.2.6 allows remote attackers to inject arbitrary web script or HTML via a crafted Flash animation, related to the ability of the animation to "interact with the embedding page."
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://security.gentoo.org/glsa/glsa-200811-02.xml vendor-advisoryx_refsource_GENTOO
    http://secunia.com/advisories/33144 third-party-advisoryx_refsource_SECUNIA
    http://secunia.com/advisories/31858 third-party-advisoryx_refsource_SECUNIA
    http://secunia.com/advisories/32662 third-party-advisoryx_refsource_SECUNIA
    https://www.redhat.com/archives/fedora-package-an… vendor-advisoryx_refsource_FEDORA
    https://exchange.xforce.ibmcloud.com/vulnerabilit… vdb-entryx_refsource_XF
    http://www.securityfocus.com/bid/31231 vdb-entryx_refsource_BID
    http://gallery.menalto.com/gallery_2.2.6_released x_refsource_CONFIRM
    https://www.redhat.com/archives/fedora-package-an… vendor-advisoryx_refsource_FEDORA
    Date Public
    2008-09-18 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-07T10:08:35.323Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "GLSA-200811-02",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_GENTOO",
                  "x_transferred"
                ],
                "url": "http://security.gentoo.org/glsa/glsa-200811-02.xml"
              },
              {
                "name": "33144",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/33144"
              },
              {
                "name": "31858",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/31858"
              },
              {
                "name": "32662",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/32662"
              },
              {
                "name": "FEDORA-2008-11258",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_FEDORA",
                  "x_transferred"
                ],
                "url": "https://www.redhat.com/archives/fedora-package-announce/2008-December/msg00832.html"
              },
              {
                "name": "gallery-flashanimations-xss(45227)",
                "tags": [
                  "vdb-entry",
                  "x_refsource_XF",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45227"
              },
              {
                "name": "31231",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/31231"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://gallery.menalto.com/gallery_2.2.6_released"
              },
              {
                "name": "FEDORA-2008-11230",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_FEDORA",
                  "x_transferred"
                ],
                "url": "https://www.redhat.com/archives/fedora-package-announce/2008-December/msg00794.html"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2008-09-18T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Cross-site scripting (XSS) vulnerability in Gallery 2.x before 2.2.6 allows remote attackers to inject arbitrary web script or HTML via a crafted Flash animation, related to the ability of the animation to \"interact with the embedding page.\""
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2017-08-07T12:57:01.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "GLSA-200811-02",
              "tags": [
                "vendor-advisory",
                "x_refsource_GENTOO"
              ],
              "url": "http://security.gentoo.org/glsa/glsa-200811-02.xml"
            },
            {
              "name": "33144",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/33144"
            },
            {
              "name": "31858",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/31858"
            },
            {
              "name": "32662",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/32662"
            },
            {
              "name": "FEDORA-2008-11258",
              "tags": [
                "vendor-advisory",
                "x_refsource_FEDORA"
              ],
              "url": "https://www.redhat.com/archives/fedora-package-announce/2008-December/msg00832.html"
            },
            {
              "name": "gallery-flashanimations-xss(45227)",
              "tags": [
                "vdb-entry",
                "x_refsource_XF"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45227"
            },
            {
              "name": "31231",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/31231"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://gallery.menalto.com/gallery_2.2.6_released"
            },
            {
              "name": "FEDORA-2008-11230",
              "tags": [
                "vendor-advisory",
                "x_refsource_FEDORA"
              ],
              "url": "https://www.redhat.com/archives/fedora-package-announce/2008-December/msg00794.html"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2008-4130",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Cross-site scripting (XSS) vulnerability in Gallery 2.x before 2.2.6 allows remote attackers to inject arbitrary web script or HTML via a crafted Flash animation, related to the ability of the animation to \"interact with the embedding page.\""
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "GLSA-200811-02",
                  "refsource": "GENTOO",
                  "url": "http://security.gentoo.org/glsa/glsa-200811-02.xml"
                },
                {
                  "name": "33144",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/33144"
                },
                {
                  "name": "31858",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/31858"
                },
                {
                  "name": "32662",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/32662"
                },
                {
                  "name": "FEDORA-2008-11258",
                  "refsource": "FEDORA",
                  "url": "https://www.redhat.com/archives/fedora-package-announce/2008-December/msg00832.html"
                },
                {
                  "name": "gallery-flashanimations-xss(45227)",
                  "refsource": "XF",
                  "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45227"
                },
                {
                  "name": "31231",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/31231"
                },
                {
                  "name": "http://gallery.menalto.com/gallery_2.2.6_released",
                  "refsource": "CONFIRM",
                  "url": "http://gallery.menalto.com/gallery_2.2.6_released"
                },
                {
                  "name": "FEDORA-2008-11230",
                  "refsource": "FEDORA",
                  "url": "https://www.redhat.com/archives/fedora-package-announce/2008-December/msg00794.html"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2008-4130",
        "datePublished": "2008-09-18T20:00:00.000Z",
        "dateReserved": "2008-09-18T00:00:00.000Z",
        "dateUpdated": "2024-08-07T10:08:35.323Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2008-3662 (GCVE-0-2008-3662)

    Vulnerability from cvelistv5 – Published: 2008-09-18 18:00 – Updated: 2024-08-07 09:45
    VLAI
    Summary
    Gallery before 1.5.9, and 2.x before 2.2.6, does not set the secure flag for the session cookie in an https session, which can cause the cookie to be sent in http requests and make it easier for remote attackers to capture this cookie.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://security.gentoo.org/glsa/glsa-200811-02.xml vendor-advisoryx_refsource_GENTOO
    http://secunia.com/advisories/33144 third-party-advisoryx_refsource_SECUNIA
    http://secunia.com/advisories/32662 third-party-advisoryx_refsource_SECUNIA
    https://www.redhat.com/archives/fedora-package-an… vendor-advisoryx_refsource_FEDORA
    http://www.securityfocus.com/archive/1/496509/100… mailing-listx_refsource_BUGTRAQ
    http://www.securityfocus.com/bid/31231 vdb-entryx_refsource_BID
    http://int21.de/cve/CVE-2008-3662-gallery.html x_refsource_MISC
    http://gallery.menalto.com/gallery_2.2.6_released x_refsource_CONFIRM
    http://gallery.menalto.com/gallery_1.5.9_released x_refsource_CONFIRM
    http://seclists.org/fulldisclosure/2008/Sep/0379.html mailing-listx_refsource_FULLDISC
    https://www.redhat.com/archives/fedora-package-an… vendor-advisoryx_refsource_FEDORA
    Date Public
    2008-09-18 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-07T09:45:18.968Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "GLSA-200811-02",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_GENTOO",
                  "x_transferred"
                ],
                "url": "http://security.gentoo.org/glsa/glsa-200811-02.xml"
              },
              {
                "name": "33144",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/33144"
              },
              {
                "name": "32662",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/32662"
              },
              {
                "name": "FEDORA-2008-11258",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_FEDORA",
                  "x_transferred"
                ],
                "url": "https://www.redhat.com/archives/fedora-package-announce/2008-December/msg00832.html"
              },
              {
                "name": "20080918 menalto gallery: Session hijacking vulnerability, CVE-2008-3662",
                "tags": [
                  "mailing-list",
                  "x_refsource_BUGTRAQ",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/archive/1/496509/100/0/threaded"
              },
              {
                "name": "31231",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/31231"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://int21.de/cve/CVE-2008-3662-gallery.html"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://gallery.menalto.com/gallery_2.2.6_released"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://gallery.menalto.com/gallery_1.5.9_released"
              },
              {
                "name": "20080918 menalto gallery: Session hijacking vulnerability, CVE-2008-3662",
                "tags": [
                  "mailing-list",
                  "x_refsource_FULLDISC",
                  "x_transferred"
                ],
                "url": "http://seclists.org/fulldisclosure/2008/Sep/0379.html"
              },
              {
                "name": "FEDORA-2008-11230",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_FEDORA",
                  "x_transferred"
                ],
                "url": "https://www.redhat.com/archives/fedora-package-announce/2008-December/msg00794.html"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2008-09-18T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Gallery before 1.5.9, and 2.x before 2.2.6, does not set the secure flag for the session cookie in an https session, which can cause the cookie to be sent in http requests and make it easier for remote attackers to capture this cookie."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-10-11T19:57:01.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "GLSA-200811-02",
              "tags": [
                "vendor-advisory",
                "x_refsource_GENTOO"
              ],
              "url": "http://security.gentoo.org/glsa/glsa-200811-02.xml"
            },
            {
              "name": "33144",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/33144"
            },
            {
              "name": "32662",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/32662"
            },
            {
              "name": "FEDORA-2008-11258",
              "tags": [
                "vendor-advisory",
                "x_refsource_FEDORA"
              ],
              "url": "https://www.redhat.com/archives/fedora-package-announce/2008-December/msg00832.html"
            },
            {
              "name": "20080918 menalto gallery: Session hijacking vulnerability, CVE-2008-3662",
              "tags": [
                "mailing-list",
                "x_refsource_BUGTRAQ"
              ],
              "url": "http://www.securityfocus.com/archive/1/496509/100/0/threaded"
            },
            {
              "name": "31231",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/31231"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://int21.de/cve/CVE-2008-3662-gallery.html"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://gallery.menalto.com/gallery_2.2.6_released"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://gallery.menalto.com/gallery_1.5.9_released"
            },
            {
              "name": "20080918 menalto gallery: Session hijacking vulnerability, CVE-2008-3662",
              "tags": [
                "mailing-list",
                "x_refsource_FULLDISC"
              ],
              "url": "http://seclists.org/fulldisclosure/2008/Sep/0379.html"
            },
            {
              "name": "FEDORA-2008-11230",
              "tags": [
                "vendor-advisory",
                "x_refsource_FEDORA"
              ],
              "url": "https://www.redhat.com/archives/fedora-package-announce/2008-December/msg00794.html"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2008-3662",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Gallery before 1.5.9, and 2.x before 2.2.6, does not set the secure flag for the session cookie in an https session, which can cause the cookie to be sent in http requests and make it easier for remote attackers to capture this cookie."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "GLSA-200811-02",
                  "refsource": "GENTOO",
                  "url": "http://security.gentoo.org/glsa/glsa-200811-02.xml"
                },
                {
                  "name": "33144",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/33144"
                },
                {
                  "name": "32662",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/32662"
                },
                {
                  "name": "FEDORA-2008-11258",
                  "refsource": "FEDORA",
                  "url": "https://www.redhat.com/archives/fedora-package-announce/2008-December/msg00832.html"
                },
                {
                  "name": "20080918 menalto gallery: Session hijacking vulnerability, CVE-2008-3662",
                  "refsource": "BUGTRAQ",
                  "url": "http://www.securityfocus.com/archive/1/496509/100/0/threaded"
                },
                {
                  "name": "31231",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/31231"
                },
                {
                  "name": "http://int21.de/cve/CVE-2008-3662-gallery.html",
                  "refsource": "MISC",
                  "url": "http://int21.de/cve/CVE-2008-3662-gallery.html"
                },
                {
                  "name": "http://gallery.menalto.com/gallery_2.2.6_released",
                  "refsource": "CONFIRM",
                  "url": "http://gallery.menalto.com/gallery_2.2.6_released"
                },
                {
                  "name": "http://gallery.menalto.com/gallery_1.5.9_released",
                  "refsource": "CONFIRM",
                  "url": "http://gallery.menalto.com/gallery_1.5.9_released"
                },
                {
                  "name": "20080918 menalto gallery: Session hijacking vulnerability, CVE-2008-3662",
                  "refsource": "FULLDISC",
                  "url": "http://seclists.org/fulldisclosure/2008/Sep/0379.html"
                },
                {
                  "name": "FEDORA-2008-11230",
                  "refsource": "FEDORA",
                  "url": "https://www.redhat.com/archives/fedora-package-announce/2008-December/msg00794.html"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2008-3662",
        "datePublished": "2008-09-18T18:00:00.000Z",
        "dateReserved": "2008-08-12T00:00:00.000Z",
        "dateUpdated": "2024-08-07T09:45:18.968Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }