Test ID:	1.3.6.1.4.1.25623.1.0.53079
Category:	FreeBSD Local Security Checks
Title:	FreeBSD Ports: gallery
Summary:	FreeBSD Ports: gallery
Description:	The remote host is missing an update to the system as announced in the referenced advisory. The following package is affected: gallery CVE-2004-1106 Cross-site scripting (XSS) vulnerability in Gallery 1.4.4-pl3 and earlier allows remote attackers to execute arbitrary web script or HTML via 'specially formed URLs,' possibly via the include parameter in index.php. CVE-2005-0219 Multiple cross-site scripting (XSS) vulnerabilities in Gallery 1.3.4-pl1 allow remote attackers to inject arbitrary web script or HTML via (1) the index field in add_comment.php, (2) set_albumName, (3) slide_index, (4) slide_full, (5) slide_loop, (6) slide_pause, (7) slide_dir fields in slideshow_low.php, or (8) username field in search.php. CVE-2005-0220 Cross-site scripting vulnerability in login.php in Gallery 1.4.4-pl2 allows remote attackers to inject arbitrary web script or HTML via the username field. CVE-2005-0221 Cross-site scripting (XSS) vulnerability in login.php in Gallery 2.0 Alpha allows remote attackers to inject arbitrary web script or HTML via the g2_form[subject] field. CVE-2005-0222 main.php in Gallery 2.0 Alpha allows remote attackers to gain sensitive information by changing the value of g2_subView parameter, which reveals the path in an error message. Solution: Update your system with the appropriate patches or software upgrades. http://gallery.menalto.com/modules.php?op=modload&name=News&file=article&sid=147 http://marc.theaimsgroup.com/?l=bugtraq&m=110608459222364 http://www.vuxml.org/freebsd/5752a0df-60c5-4876-a872-f12f9a02fa05.html
Cross-Ref:	BugTraq ID: 11602 Common Vulnerability Exposure (CVE) ID: CVE-2004-1106 Debian Security Information: DSA-642 (Google Search) http://www.debian.org/security/2005/dsa-642 http://www.gentoo.org/security/en/glsa/glsa-200411-10.xml http://g3cko.info/gallery2-4.patch XForce ISS Database: gallery-script-xss(17948) http://xforce.iss.net/xforce/xfdb/17948 http://www.securityfocus.com/bid/11602 Common Vulnerability Exposure (CVE) ID: CVE-2005-0219 Bugtraq: 20050117 Gallery v1.3.4-pl1, v1.4.4-pl2, 2.0 Alpha Cross Site Scripting Vulnerability (Google Search) http://marc.theaimsgroup.com/?l=bugtraq&m=110608459222364&w=2 http://archives.neohapsis.com/archives/vulnwatch/2005-q1/0031.html http://theinsider.deep-ice.com/texts/advisory69.txt XForce ISS Database: gallery-multiple-xss(18938) http://xforce.iss.net/xforce/xfdb/18938 XForce ISS Database: gallery-multiple-scripts-xss(43473) http://xforce.iss.net/xforce/xfdb/43473 Common Vulnerability Exposure (CVE) ID: CVE-2005-0220 http://www.gentoo.org/security/en/glsa/glsa-200501-45.xml http://secunia.com/advisories/13887/ Common Vulnerability Exposure (CVE) ID: CVE-2005-0221 XForce ISS Database: gallery-g2formsubject-xss(43472) http://xforce.iss.net/xforce/xfdb/43472 Common Vulnerability Exposure (CVE) ID: CVE-2005-0222 XForce ISS Database: gallery-mainphp-obtain-information(18940) http://xforce.iss.net/xforce/xfdb/18940
Copyright	Copyright (c) 2005 E-Soft Inc. http://www.securityspace.com

This is only one of 32582 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.

New User Registration Email: UserID: Passwd: Please email me your monthly newsletters, informing the latest services, improvements & surveys. Please email me a vulnerability test announcement whenever a new test is added.     Privacy

Registered User Login   UserID:     Passwd:     Forgot userid or passwd? Email/Userid: