aboutsummaryrefslogtreecommitdiffstats
path: root/security/vuxml
diff options
context:
space:
mode:
authornectar <nectar@FreeBSD.org>2005-06-18 02:37:41 +0800
committernectar <nectar@FreeBSD.org>2005-06-18 02:37:41 +0800
commita15ae2069230616230dc1f1c81f049b1b24f26d3 (patch)
tree53b59a2f8dea8cec1322729c5272aec11f8a5c4d /security/vuxml
parentb4f78778a24157999252955a235d06e720ce41d2 (diff)
downloadfreebsd-ports-gnome-a15ae2069230616230dc1f1c81f049b1b24f26d3.tar.gz
freebsd-ports-gnome-a15ae2069230616230dc1f1c81f049b1b24f26d3.tar.zst
freebsd-ports-gnome-a15ae2069230616230dc1f1c81f049b1b24f26d3.zip
Document an older, more serious gallery vulnerability.
Diffstat (limited to 'security/vuxml')
-rw-r--r--security/vuxml/vuln.xml25
1 files changed, 25 insertions, 0 deletions
diff --git a/security/vuxml/vuln.xml b/security/vuxml/vuln.xml
index 9ce2b949107b..9a3e18923026 100644
--- a/security/vuxml/vuln.xml
+++ b/security/vuxml/vuln.xml
@@ -32,6 +32,31 @@ EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
-->
<vuxml xmlns="http://www.vuxml.org/apps/vuxml-1">
+ <vuln vid="12b1a62d-6056-4d90-9e21-45fcde6abae4">
+ <topic>gallery -- remote code injection via HTTP_POST_VARS</topic>
+ <affects>
+ <package>
+ <name>gallery</name>
+ <range><lt>1.4.1.1</lt></range>
+ </package>
+ </affects>
+ <description>
+ <body xmlns="http://www.w3.org/1999/xhtml">
+ <p>A web server running Gallery can be exploited for arbitrary
+ PHP code execution through the use of a maliciously crafted
+ URL.</p>
+ </body>
+ </description>
+ <references>
+ <cvename>CAN-2004-2124</cvename>
+ <mlist msgid="0c0a01c3e525$1c0ed2b0$c90c030a@bmedirattatg">http://marc.theaimsgroup.com/?l=bugtraq&amp;m=107524414317693</mlist>
+ </references>
+ <dates>
+ <discovery>2004-01-27</discovery>
+ <entry>2005-06-17</entry>
+ </dates>
+ </vuln>
+
<vuln vid="5752a0df-60c5-4876-a872-f12f9a02fa05">
<topic>gallery -- cross-site scripting</topic>
<affects>
generated by cgit (git 2.34.1) at 2024-12-14 07:29:06 +0800