 |
Home ▼ Bookkeeping
Online ▼ Security
Audits ▼
Managed
DNS ▼
About
Order
FAQ
Acceptable Use Policy
Dynamic DNS Clients
Configure Domains Dyanmic DNS Update Password Network
Monitor ▼
Enterprise Package
Advanced Package
Standard Package
Free Trial
FAQ
Price/Feature Summary
Order/Renew
Examples
Configure/Status Alert Profiles | ||
| CVE ID: | CVE-2008-4129 |
| Description: | Gallery before 1.5.9, and 2.x before 2.2.6, does not properly handle ZIP archives containing symbolic links, which allows remote authenticated users to conduct directory traversal attacks and read arbitrary files via vectors related to the archive upload (aka zip upload) functionality. |
| Test IDs: | 1.3.6.1.4.1.25623.1.0.62953 1.3.6.1.4.1.25623.1.0.62945 |
| Cross References: |
Common Vulnerability Exposure (CVE) ID: CVE-2008-4129 BugTraq ID: 31231 http://www.securityfocus.com/bid/31231 https://www.redhat.com/archives/fedora-package-announce/2008-December/msg00794.html https://www.redhat.com/archives/fedora-package-announce/2008-December/msg00832.html http://security.gentoo.org/glsa/glsa-200811-02.xml http://secunia.com/advisories/31912 http://secunia.com/advisories/32662 http://secunia.com/advisories/33144 XForce ISS Database: gallery-ziparchives-information-disclosure(45228) https://exchange.xforce.ibmcloud.com/vulnerabilities/45228 |