Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2006-0587

Overview

Vulnerability Score 6.5 6.5
CVE Id CVE-2006-0587
Last Modified 05 Sep 2008 04:59:41
Published 07 Feb 2006 08:02:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication SINGLE_INSTANCE

CVE-2006-0587

Summary

Unspecified vulnerability in util.php in Gallery before 1.5.2-pl2 allows remote authenticated users with trick an owner into modifying stored album data and possibly executing arbitrary code via unspecified vectors involving a crafted link to a crafted file.

Vulnerable Systems

Application

  • Gallery Project Gallery 1.3.4

  • Gallery Project Gallery 1.4

  • Gallery Project Gallery 1.4 Pl1

  • Gallery Project Gallery 1.4 Pl2

  • Gallery Project Gallery 1.4.1

  • Gallery Project Gallery 1.4.2

  • Gallery Project Gallery 1.4.3 Pl1

  • Gallery Project Gallery 1.4.3 Pl2

  • Gallery Project Gallery 1.4.4 Pl2

  • Gallery Project Gallery 1.4.4 Pl3

  • Gallery Project Gallery 1.4.4 Pl4

  • Gallery Project Gallery 1.4.4 Pl5

  • Gallery Project Gallery 1.5

  • Gallery Project Gallery 1.5.1

  • Gallery Project Gallery 1.5.1 Rc2

  • Gallery Project Gallery 1.5.2 Rc2


References

XF - gallery-util-file-include(24768)

BID - 16533

OSVDB - 22944

SECTRACK - 1015641

SECUNIA - 18735

CONFIRM - http://gallery.menalto.com/gallery_1_5_2_pl2_security_release

XF - gallery-album-data-modification(24538)

OSVDB - 23256

MISC - http://www.digitalarmaments.com/2006140293402395.html

BUGTRAQ - 20060216 Re: Digital Armaments Security Advisory 02.14.2006: Gallery web-based photo gallery remote file execution

BUGTRAQ - 20060214 Digital Armaments Security Advisory 02.14.2006: Gallery web-based photo gallery remote file execution


Last Updated: 27 May 2016 10:41:42