---------------------------------------------------------------------- A new version (0.9.0.0 - Release Candidate 1) of the free Secunia PSI has been released. The new version includes many new and advanced features, which makes it even easier to stay patched. Download and test it today: https://psi.secunia.com/ Read more about this new version: https://psi.secunia.com/?page=changelog ---------------------------------------------------------------------- TITLE: Gallery Multiple Vulnerabilities SECUNIA ADVISORY ID: SA28163 VERIFY ADVISORY: http://secunia.com/advisories/28163/ CRITICAL: Highly critical IMPACT: Security Bypass, Cross Site Scripting, Exposure of sensitive information, System access WHERE: >From remote SOFTWARE: Gallery 2.x http://secunia.com/product/5879/ DESCRIPTION: Some vulnerabilities and a weakness have been reported in Gallery, where some have unspecified impacts and others can be exploited by malicious users or malicious people to disclose sensitive information, conduct cross-site scripting attacks, bypass certain security restrictions, and potentially compromise a vulnerable system. 1) An unspecified error within the Publish XP module can be exploited to create and upload files without proper authorisation. 2) An unspecified error within the admin controller of the URL rewrite module can be exploited to include local files. 3) Input passed via file names within the core and add-item modules is not properly sanitised before being returned to a user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site. 4) An unspecified vulnerability exists within the file extension check of uploaded files in the Core (Gallery application) / MIME module. 5) The Gallery Remote module does not properly verify the permissions for certain GR commands. 6) Certain input passed via HTTP PROPPATCH to the WebDAV module is not properly sanitised before being returned to a user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site. 7) Unspecified errors within the WebDAV view of the WebDAV module, the comment view of the Comment module, the Print modules, the hotlink protection of the URL rewrite module, and the slideshows of the Slideshow module can be exploited to disclose potentially sensitive information. Note: In version 2.2.4, the Core module contains enhanced information disclosure protection and includes a fix for an unspecified redirection weakness. 8) An unspecified weakness related to proxied request exists within the WebCam module. The vulnerabilities were reported in versions prior to 2.2.4. SOLUTION: Update to version 2.2.4. PROVIDED AND/OR DISCOVERED BY: Reported by the vendor. ORIGINAL ADVISORY: http://gallery.menalto.com/gallery_2.2.4_released ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------